Also read  - Shared VPCs Best Practices

Shared VPCs - What gets shared out?

When a host project is enabled, you have two options for sharing networks:

  • You can share all host project subnets. If you select this option, then any new subnets created in the host project, including subnets in new networks, will also be shared.
  • You can specify individual subnets to share. If you share subnets individually, then only those subnets are shared unless you manually change the list.

Multiple Shared VPCs (One Per Environment) - GCP Calls this 'Hybrid Shared VPC'

For this case, an organization has decided to use two separate host projects, a Test Environment and a Production Environment. Combine this with the Hybrid Shared VPC Pattern to accommodate almost any organizational use case.

Multiple host projects (click to enlarge)

  • A Shared VPC Admin has attached two service projects to a PROD HOST project and a TEST HOST project.
  • Both host projects have one Shared VPC network with subnets configured to use the same CIDR ranges. In both the Testing Network and Production Network, the two subnets are:
    • 10.0.1.0/24 Subnet in the us-west1 region
    • 10.15.2.0/24 Subnet in the us-east1 region
  • Consider Instance AT in the Apps Testing service project and Instance AP in the Apps Production service project:
    • Notice that both instances use the IP address 10.0.1.3. This is acceptable because each instance exists in a service project attached to a unique host project containing its own Shared VPC network.
    • Both the testing and production networks have been purposefully configured in the same way.
    • Instances using the 10.0.1.0/24 Subnet must be located in a zone in the same region as the subnet, even though the subnet and instances are defined in separate projects. Because the 10.0.1.0/24 Subnet is located in the us-west1 region, Service Project Admins who create instances using that subnet must choose a zone in the same region, such as us-west1-a.

Need a hands-on, GCP Consultant?

Need help with your GCP journey?  Start the conversation today.  




Need an experienced Data Protection Expert?  Anuj has successfully delivered over a dozen deployments on each of the public clouds (AWS/GCP/Azure) including several DevSecOps engagements. Set up a time with Anuj Varma.