Overview Google Cloud Platform Virtual Private Cloud (VPC) provides isolated network environments for your GCP resources. Multi-Cloud Manager enables you to create and manage VPCs across all your GCP projects with custom subnet configurations.
Listing VPC Networks API Endpoint Implementation Details The list operation aggregates VPCs and subnets across all accessible GCP projects:
Source : /workspace/source/project/backend/gcp/vpcs.py:6def list_gcp_vpcs (): credentials = SessionCredentials(gcp_account) projects = list_gcp_projects(credentials) networks_client = compute_v1.NetworksClient( credentials = credentials) subnetworks_client = compute_v1.SubnetworksClient( credentials = credentials) for proj_dict in projects: project_id = proj_dict.get( "projectId" ) # List networks network_request = compute_v1.ListNetworksRequest( project = project_id) networks_in_project = list (networks_client.list( request = network_request)) # Aggregate subnets subnet_request = compute_v1.AggregatedListSubnetworksRequest( project = project_id) subnet_iterator = subnetworks_client.aggregated_list( request = subnet_request)
{ "value" : [ { "provider" : "GCP" , "name" : "my-vpc-network" , "id" : "1234567890123456789" , "description" : "Production VPC network" , "subnetMode" : false , "routingMode" : "REGIONAL" , "projectId" : "my-gcp-project" , "subnets" : [ { "name" : "us-central1-subnet" , "region" : "us-central1" , "ipCidrRange" : "10.0.1.0/24" } ] } ] }
Response Fields Array of VPC network objects Show VPC object properties
Always “GCP” for Google Cloud networks
Unique numeric identifier for the network
Optional description of the network
true: Auto mode (GCP creates subnets automatically)false: Custom mode (manual subnet creation) Network routing configuration:
REGIONAL: Routes are regionalGLOBAL: Routes are global across all regions GCP project ID containing the network
Array of subnet objects associated with this VPC GCP region (e.g., “us-central1”, “europe-west1”)
IP CIDR block for the subnet
Creating a VPC Network API Endpoint POST /api/gcp/vpc/create Content-Type : application/json
Request Body { "projectId" : "my-gcp-project" , "vpcName" : "my-new-vpc" , "description" : "Production VPC network" , "routingMode" : "REGIONAL" }
Request Parameters GCP project ID where the VPC will be created
Name for the new VPC network (must be RFC 1035 compliant)
Optional description for the VPC network
Network routing mode:
REGIONAL: Routes are regional (recommended for most use cases)GLOBAL: Routes are global across all regions Implementation Details Source : /workspace/source/project/backend/gcp/vpcs.py:80The VPC creation uses the Google Cloud Compute API:
networks_client = compute_v1.NetworksClient( credentials = credentials) network_resource = compute_v1.Network( name = vpc_name, description = description, auto_create_subnetworks = False , # Custom subnet mode routing_config = compute_v1.NetworkRoutingConfig( routing_mode = routing_mode.upper() ), ) vpc_create_request = compute_v1.InsertNetworkRequest( project = project_id, network_resource = network_resource, ) operation = networks_client.insert( request = vpc_create_request) operation.result() # Wait for completion
Key Configuration VPCs are always created with custom subnet mode (auto_create_subnetworks=False), giving you full control over subnet creation and IP ranges.
Subnet Mode Comparison Mode Subnet Creation IP Ranges Use Case Auto Automatic (one per region) Pre-defined by GCP Quick setup, testing Custom Manual User-defined Production, specific IP requirements
Routing Mode Comparison Mode Route Scope Use Case Considerations REGIONAL Regional only Single-region deployments Lower latency within region GLOBAL All regions Multi-region applications Dynamic routing across regions
Response Success (201) :{ "message" : "Sieć VPC 'my-new-vpc' została pomyślnie utworzona." }
Error (400) :{ "error" : "Pola 'projectId' oraz 'vpcName' są wymagane." }
Error (401) :{ "error" : "Nie znaleziono aktywnego konta GCP w sesji" }
Error (403) :{ "error" : "Brak uprawnień do tworzenia sieci VPC w projekcie 'my-gcp-project'. Szczegóły: ..." }
Error (409) :{ "error" : "Sieć VPC o nazwie 'my-new-vpc' już istnieje w projekcie 'my-gcp-project'." }
Error (500) :{ "error" : "Wystąpił nieoczekiwany błąd serwera: ..." }
Authentication All GCP VPC operations require authenticated session credentials:
Source : /workspace/source/project/backend/gcp/vpcs.py:7-12accounts = session.get( "accounts" , []) gcp_account = next ((acc for acc in accounts if acc.get( "provider" ) == "gcp" ), None ) if not gcp_account: return jsonify({ "error" : "Nie znaleziono aktywnego konta GCP w sesji" }), 401 if not gcp_account.get( "refresh_token" ): return jsonify({ "error" : "Brak kompletnych tokenów w sesji." }), 401
Session Account
GCP account must be present in session with provider = “gcp”
Refresh Token
Valid refresh token required for credential renewal
SessionCredentials
Custom credential provider manages OAuth token lifecycle
Resource Hierarchy Understanding GCP’s VPC organization:
GCP Organization └── Project └── VPC Network ├── Routing Mode: REGIONAL or GLOBAL ├── Subnet Mode: Custom (auto_create_subnetworks=False) ├── Firewall Rules └── Subnets ├── Subnet in us-central1 (10.0.1.0/24) ├── Subnet in europe-west1 (10.0.2.0/24) └── Subnet in asia-east1 (10.0.3.0/24)
Compute API Clients SDK Reference Source : /workspace/source/project/backend/gcp/vpcs.py:2from google.cloud import compute_v1
Key Clients Client Purpose Key Methods NetworksClientVPC management list(), insert(), delete(), get()SubnetworksClientSubnet management aggregated_list(), insert(), delete()
Network Operations Source : /workspace/source/project/backend/gcp/vpcs.py:102networks_client = compute_v1.NetworksClient( credentials = credentials) # List networks network_request = compute_v1.ListNetworksRequest( project = project_id) networks = networks_client.list( request = network_request) # Create network insert_request = compute_v1.InsertNetworkRequest( project = project_id, network_resource = network_resource ) operation = networks_client.insert( request = insert_request)
Network Isolation Project-Level Isolation VPC networks in GCP are project-scoped:
Resources in different projects cannot communicate by default
VPC peering required for cross-project connectivity
Shared VPC can span multiple projects within an organization
Custom Subnet Mode With custom subnet mode enabled:
Full control over subnet IP ranges
Create subnets only in required regions
Optimize IP address utilization
Prevent automatic subnet creation
Firewall Rules Control traffic at VPC level:
Applied to all resources in the network
Support for ingress and egress rules
Priority-based rule evaluation
Tag-based targeting
Connectivity Scenarios VPC Peering Connect VPCs within GCP:
Peer VPCs in same or different projects
Peer VPCs in same or different organizations
Private RFC 1918 connectivity
No gateway or VPN required
Cloud VPN Secure IPsec VPN connections:
HA VPN for 99.99% SLA
Classic VPN for basic connectivity
Connect to on-premises or other clouds
Encrypted tunnels
Cloud Interconnect Dedicated physical connections:
Dedicated Interconnect (10 Gbps or 100 Gbps)
Partner Interconnect (50 Mbps to 50 Gbps)
Does not traverse public internet
Lower latency than VPN
Shared VPC Centralized network management:
Host project contains shared VPC
Service projects use the shared network
Centralized administration
Resource separation with network sharing
Routing Modes Explained Regional Routing VPC: my-vpc (REGIONAL) ├── us-central1: Routes only within region ├── europe-west1: Routes only within region └── asia-east1: Routes only within region
Benefits :
Lower latency for regional traffic
Simpler routing tables
Better cost optimization
Global Routing VPC: my-vpc (GLOBAL) ├── us-central1 ──┐ ├── europe-west1 ─┼── All regions can reach each other └── asia-east1 ───┘
Benefits :
Automatic cross-region routing
Simplified multi-region architectures
Dynamic route propagation
Error Handling The implementation includes comprehensive error handling:
Source : /workspace/source/project/backend/gcp/vpcs.py:125-130except exceptions.Conflict: return jsonify({ "error" : f "Sieć VPC o nazwie ' { vpc_name } ' już istnieje..." }), 409 except exceptions.Forbidden as e: return jsonify({ "error" : f "Brak uprawnień do tworzenia sieci VPC..." }), 403 except Exception as e: return jsonify({ "error" : f "Wystąpił nieoczekiwany błąd serwera: { str (e) } " }), 500
Common Errors Error Code Reason Solution 401 No GCP account in session Authenticate with GCP 401 Missing refresh token Re-authenticate 403 Insufficient permissions Grant compute.networks.create permission 404 Project not found Verify project ID 409 VPC name already exists Choose different name
Best Practices Use Custom Subnet Mode : Always use custom mode for production workloads to have full control over IP address allocation.
Choose Routing Mode Carefully : Use REGIONAL for single-region apps (lower cost), GLOBAL for multi-region applications.
Plan IP Address Space : Ensure subnet IP ranges don’t overlap if you plan to peer VPCs or connect to on-premises networks.
VPC Names Are Permanent : VPC network names cannot be changed after creation. Choose meaningful, descriptive names.
Common Use Cases Multi-Region Application VPC: prod-global-vpc (GLOBAL routing) ├── us-central1-subnet (10.1.0.0/20) - US users ├── europe-west1-subnet (10.2.0.0/20) - EU users └── asia-east1-subnet (10.3.0.0/20) - APAC users
Microservices Architecture VPC: microservices-vpc (REGIONAL) ├── frontend-subnet (10.0.1.0/24) - Web tier ├── backend-subnet (10.0.2.0/24) - API tier ├── data-subnet (10.0.3.0/24) - Database tier └── admin-subnet (10.0.4.0/24) - Management
Hybrid Cloud On-Premises (192.168.0.0/16) | | Cloud VPN / Interconnect | GCP VPC (10.0.0.0/16)
Permissions Required To create and manage VPCs, the authenticated user needs:
compute.networks.createcompute.networks.listcompute.networks.getcompute.networks.deletecompute.subnetworks.listcompute.subnetworks.get
Predefined Roles :
Compute Network Admin (roles/compute.networkAdmin)Compute Admin (roles/compute.admin)
Next Steps
Create Subnets Learn how to create subnets in your GCP VPC
Azure Networking Compare with Azure VNet networking