Guides
Start typing to search…

Networking

Below table contains the network design for all projects. The secondary network CIDR ranges are for use by GKE clusters.

VPC Design (Reserved)

These are the list of IP ranges we will be soft-reserving for our projects. GCP VPC doesn’t have an outer CIDR range. This means you can extend the network anytime. This soft reservation is for us to manage the network blocks in all projects and not reach a situation where CIDRs collide.

Note: Workspaces in terraform cloud will have “infra” as a suffix.

Project NameVPC NameVPC TypeVPC Ranges
aa-cp-npr-01aa-vpc-npr-cpVPCMain VPC CIDR: 10.200.0.0/16
GCP Services VPC: 10.201.0.0/16
aa-dp-npr-01aa-vpc-npr-dpVPCMain VPC CIDR: 10.203.0.0/16
GCP Services VPC: 10.202.0.0/16

Subnets

Out of the soft-reserved ranges, we are using the following ranges in current projects.

VPC NameSubnet Details
aa-vpc-npr-cpaa-subnet-npr-cp-apps-uc1 [10.200.0.0/16]
aa-subnet-npr-cp-psc-uc1 [10.201.0.0/16]
aa-vpc-npr-dpaa-subnet-npr-dp-apps-uc1 [10.203.0.0/16]
aa-subnet-npr-dp-psc-uc1 [10.202.0.0/16]

Firewall Rules

Configured below firewall rules for secure access and traffic control in current projects

VPC NetworkFirewall NamePortsIP Ranges
aa-vpc-npr-cpaa-fw-prod-ssh-iapTCP 22, 543235.235.240.0/20, 10.200.0.0/16
aa-vpc-npr-cpaa-vpc-npr-cp-allow-httpsTCP 4430.0.0.0/0
aa-vpc-npr-cpaa-vpc-npr-cp-allow-httpTCP 800.0.0.0/0
aa-vpc-npr-cpallowTCP10.200.0.0/16
aa-vpc-npr-cpaa-fw-prod-health-checkTCP 0209.85.204.0/22, 209.85.152.0/22, 130.211.0.0/22, 35.191.0.0/16
aa-vpc-npr-dpaa-fw-prod-ssh-iapTCP 2235.235.240.0/20
aa-vpc-npr-dpaa-fw-prod-health-checkTCP 0209.85.204.0/22, 209.85.152.0/22, 130.211.0.0/22, 35.191.0.0/16

Cloud NAT

Cloud NAT to enable outbound access for private resources without external IPs

Gateway NameProjectCloud Router
aa-nat-npr-cp-uc1aa-cp-npr-01aa-cr-npr-cp-uc1
aa-nat-npr-dp-uc1aa-dp-npr-01aa-cr-npr-dp-uc1

Cloud Routers

Cloud Router NameProjectNetwork Name
aa-cr-npr-cp-uc1aa-cp-npr-01cr-vpc-dev
aa-cr-npr-dp-uc1aa-dp-npr-01aa-vpc-npr-dp

IP Addresses

IP Address NameRangeProjectType
aa-cp-npr-timescaledb-vm-static-pvt-ip10.200.0.6aa-cp-npr-01Internal
serverless-ipv4-175248436371523351010.200.0.16/28aa-cp-npr-01Internal
serverless-ipv4-175320405885421841610.200.0.64/28aa-cp-npr-01Internal
serverless-ipv4-175370039732957591210.200.0.48/28aa-cp-npr-01Internal
VM instance aa-vm-cp-npr-bastion-uc110.200.0.4aa-cp-npr-01Internal
Forwarding rule spicedb-ilb-forwarding-rule10.200.0.36aa-cp-npr-01Internal
nat-auto-ip-3060894-7-175226184027245234.55.120.109External
nat-auto-ip-28178154-5-175256679354445235.232.159.245aa-dp-npr-01External
VM instance aa-vm-dp-npr-bastion-uc110.203.0.2aa-dp-npr-01Internal

Private Service Access

Private Service AccessProjectPSC RangeNetwork Name
aa-subnet-npr-cp-psc-uc1aa-cp-npr-0110.201.0.0/16aa-vpc-npr-cp
aa-subnet-npr-dp-psc-uc1aa-dp-npr-0110.202.0.0/16aa-vpc-npr-dp

Load Balancer

Load Balancer NameProjectLoad Balancer TypeIP Address
arthur-url-mapaa-cp-npr-01External34.36.203.190
auth-redirectaa-cp-npr-01External34.36.203.190
spicedb-ilb-url-mapaa-cp-npr-01Internal10.200.0.36
aa-dp-npr-lbaa-dp-npr-01External34.144.222.153
aa-dp-npr-lb-fe-redirectaa-dp-npr-01External34.144.222.153

Updated 13 days ago