Guides
Start typing to search…

Networking

Below table contains the network design for all projects. The secondary network CIDR ranges are for use by GKE clusters.

VPC Design (Reserved)

These are the list of IP ranges we will be soft-reserving for our projects. GCP VPC doesn’t have an outer CIDR range. This means you can extend the network anytime. This soft reservation is for us to manage the network blocks in all projects and not reach a situation where CIDRs collide.

Note: Workspaces in terraform cloud will have “infra” as a suffix.

Project NameVPC NameVPC TypeVPC Ranges
aa-cp-npr-01aa-vpc-npr-cpVPCMain VPC CIDR: 10.200.0.0/16
GCP Services VPC: 10.201.0.0/16
aa-dp-npr-01aa-vpc-npr-dpVPCMain VPC CIDR: 10.203.0.0/16
GCP Services VPC: 10.202.0.0/16

Subnets

Out of the soft-reserved ranges, we are using the following ranges in current projects.

VPC NameSubnet Details
aa-vpc-npr-cpaa-subnet-npr-cp-apps-uc1 [10.200.0.0/16]
aa-subnet-npr-cp-psc-uc1 [10.201.0.0/16]
aa-vpc-npr-dpaa-subnet-npr-dp-apps-uc1 [10.203.0.0/16]
aa-subnet-npr-dp-psc-uc1 [10.202.0.0/16]

Firewall Rules

Configured below firewall rules for secure access and traffic control in current projects

VPC NetworkFirewall NamePortsIP Ranges
aa-vpc-npr-cpaa-fw-prod-ssh-iapTCP 22, 543235.235.240.0/20, 10.200.0.0/16
aa-vpc-npr-cpaa-vpc-npr-cp-allow-httpsTCP 4430.0.0.0/0
aa-vpc-npr-cpaa-vpc-npr-cp-allow-httpTCP 800.0.0.0/0
aa-vpc-npr-cpallowTCP10.200.0.0/16
aa-vpc-npr-cpaa-fw-prod-health-checkTCP 0209.85.204.0/22, 209.85.152.0/22, 130.211.0.0/22, 35.191.0.0/16
aa-vpc-npr-dpaa-fw-prod-ssh-iapTCP 2235.235.240.0/20
aa-vpc-npr-dpaa-fw-prod-health-checkTCP 0209.85.204.0/22, 209.85.152.0/22, 130.211.0.0/22, 35.191.0.0/16

Cloud NAT

Cloud NAT to enable outbound access for private resources without external IPs

Gateway NameProjectRegionCloud Router
aa-nat-npr-cp-uc1aa-cp-npr-01us-central1aa-cr-npr-cp-uc1
aa-nat-npr-dp-uc1aa-dp-npr-01us-central1aa-cr-npr-dp-uc1

Cloud Routers

Cloud Router NameProjectRegionNetwork Name
aa-cr-npr-cp-uc1aa-cp-npr-01us-central1cr-vpc-dev
aa-cr-npr-dp-uc1aa-dp-npr-01us-central1aa-vpc-npr-dp

IP Addresses

IP Address NameRangeProjectRegionType
aa-cp-npr-timescaledb-vm-static-pvt-ip10.200.0.6aa-cp-npr-01us-central1Internal
serverless-ipv4-175248436371523351010.200.0.16/28aa-cp-npr-01us-cental1Internal
serverless-ipv4-175320405885421841610.200.0.64/28aa-cp-npr-01us-cental1Internal
serverless-ipv4-175370039732957591210.200.0.48/28aa-cp-npr-01us-cental1Internal
VM instance aa-vm-cp-npr-bastion-uc110.200.0.4aa-cp-npr-01us-central1Internal
Forwarding rule spicedb-ilb-forwarding-rule10.200.0.36aa-cp-npr-01us-central1Internal
nat-auto-ip-3060894-7-175226184027245234.55.120.109us-central1External
nat-auto-ip-28178154-5-175256679354445235.232.159.245aa-dp-npr-01us-central1External
VM instance aa-vm-dp-npr-bastion-uc110.203.0.2aa-dp-npr-01us-central1Internal

Private Service Access

Private Service AccessProjectRegionPSC RangeNetwork Name
aa-subnet-npr-cp-psc-uc1aa-cp-npr-01us-central110.201.0.0/16aa-vpc-npr-cp
aa-subnet-npr-dp-psc-uc1aa-dp-npr-01us-east410.202.0.0/16aa-vpc-npr-dp

Load Balancer

Load Balancer NameProjectRegionLoad Balancer TypeIP Address
arthur-url-mapaa-cp-npr-01us-central1External34.36.203.190
auth-redirectaa-cp-npr-01us-central1External34.36.203.190
spicedb-ilb-url-mapaa-cp-npr-01us-central1Internal10.200.0.36
aa-dp-npr-lbaa-dp-npr-01us-central1External34.144.222.153
aa-dp-npr-lb-fe-redirectaa-dp-npr-01us-central1External34.144.222.153

Updated about 22 hours ago