Default VPC Network In Use

Sign in to Google Cloud Management Console.

Select the GCP project that you want to examine from the console top navigation bar.

Navigate to VPC Network dashboard at https://console.cloud.google.com/networking.

In the navigation panel, select VPC networks to access the list with the VPC networks created for the selected project.

On the VPC networks page, check the Name column for a VPC network with the name default. If there is a network with the name default, the default Virtual Private Cloud (VPC) is being used within the selected Google Cloud Platform (GCP) project.

Repeat steps no. 2 – 5 for each GCP project deployed in your Google Cloud account.

Run projects list command (Windows/macOS/Linux) using custom query filters to list the IDs of all the projects available in your Google Cloud account:

gcloud projects list
  --format="table(projectId)"

The command output should return the requested GCP project IDs:

PROJECT_ID
cc-production-app-123123
cc-project5-stack-123456

Run compute networks list command (Windows/macOS/Linux) using the ID of the GCP project that you want to examine as identifier parameter and custom query filters to describe the name of each VPC network available within the selected project:

gcloud compute networks list
  --project cc-production-app-123123
  --format="table(name)"

The command output should return the name(s) of the VPC network(s) created for the selected project:

NAME
default

If the compute networks list command output lists default as the name of one of the available networks in the project, as shown in the example above, the default Virtual Private Cloud (VPC) is being used within the selected Google Cloud Platform (GCP) project.

Repeat step no. 3 and 4 for each GCP project deployed in your Google Cloud account.

Sign in to Google Cloud Management Console.

Select the GCP project that you want to access from the console top navigation bar.

Navigate to VPC Network dashboard at https://console.cloud.google.com/networking.

In the navigation panel, select VPC networks to access the list of VPC networks available within the selected project.

On the VPC networks page, click on the CREATE VPC NETWORK button from the dashboard top menu to initiate the setup process.

On the Create a VPC network setup page, perform the following:

1. In the Name box, enter a name for your new VPC network.
2. (Optional) Provide a short description for the new network in the Description text box.
3. Under Subnets, choose Custom to manually define the VPC network subnets. The custom mode network type provides you with complete control over its subnets and IPv4 address ranges. You decide which subnets to create within Google Cloud regions that you choose by using IPv4 ranges that you specify.
4. In the New subnet section, provide the following configuration parameters:
   • Provide a name for the new subnet in the Name box.
   • Select the GCP region where you want to deploy your subnet, from the Region dropdown list.
   • In the IP address range box, enter the IPv4 range for this subnet, in CIDR notation. You can use a standard private VPC network address range such as 10.0.0.0/9. This is the primary IPv4 range for this subnet.
   • (Optional) To define a secondary IPv4 range for this subnet, click Create secondary IP range and provide the secondary IP range (CIDR notation) and a name for the secondary subnet range.
   • For Private Google access configuration option, set whether virtual machines (VMs) created in this subnet can access Google Cloud services without assigning external IP addresses.
   • For the Flow logs option, choose whether to enable the VPC Flow Logs feature at subnet creation or enable it later by editing the VPC subnet configuration.
   • Click Done to create the custom subnet.
5. To create one or more VPC subnets, click on the Add subnet button and repeat step D.
6. Under Firewall rules, select any existing firewall rules you would like to add to the configuration. You can add additional rules after the VPC is created.
7. For Dynamic routing mode, choose whether to use Regional or Global dynamic routing for your new VPC network. The Regional dynamic routing mode (default) uses Cloud Routers to learn routes only in the region in which they were created. If you are using an internal load balancer with a dedicated interconnect or a VPN on this VPC network, use the Regional dynamic routing. The Global dynamic routing mode lets you dynamically learn routes to and from all GCP regions with a single VPN or dedicated interconnect, and a Cloud Router.
8. (Optional) Select an existing DNS server policy from the DNS server policy dropdown list or choose to create a new one. You can have only one DNS server policy for each VPC network within your Google Cloud account. The DNS server policy can specify inbound forwarding, outbound forwarding, or both.
9. Click Create to deploy your new, non-default Virtual Private Cloud (VPC) network.

Once the new VPC network is created, access the network configuration settings page, select Firewall rules tab and use the Add firewall rule button to create firewall rules that allow or deny traffic between the resources inside the network, such as communication between VM instances. You can also use network firewall rules to control what traffic leaves or enters the VPC network to and from the Internet.

At this point you can migrate your cloud applications from the default VPC network to the newly created non-default VPC network.

Now that the default Virtual Private Cloud (VPC) network is not in use anymore, follow the cloud security best practices and remove it from your GCP project. Before you can delete a VPC network, you must delete all GCP resources in all of its subnets, and all the resources that reference the network. Resources that reference the network include Cloud VPN gateways, Cloud Routers, firewall rules, and custom static routes. On the VPC networks page, click on the name of the default VPC to access the network configuration settings.

On the selected VPC network configuration page, click DELETE VPC NETWORK to remove the default Virtual Private Cloud (VPC) network from the selected GCP project. Inside Delete a network confirmation box, choose DELETE to confirm the removal action.

Repeat steps no. 2 – 10 for each GCP project deployed in your Google Cloud account.

Run compute networks create command (Windows/macOS/Linux) to create a custom (non-default) Virtual Private Cloud (VPC) network within the GCP project referenced as value for the --project parameter:

gcloud compute networks create cc-custom-vpc-network
					--project cc-production-app-123123
					--subnet-mode=custom
					--bgp-routing-mode=regional

The command output should return the configuration metadata available for the newly created VPC network:

Created [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/networks/cc-custom-vpc-network].

NAME                    SUBNET_MODE    BGP_ROUTING_MODE    IPV4_RANGE    GATEWAY_IPV4
cc-custom-vpc-network   CUSTOM         REGIONAL

Instances on this network will not be reachable until firewall rules are created. As an example, you can allow all
internal traffic between instances as well as SSH, RDP, and ICMP by running:
$ gcloud compute firewall-rules create <FIREWALL_NAME> --network cc-custom-vpc-network --allow tcp,udp,icmp --source-ranges <IP_RANGE>
$ gcloud compute firewall-rules create <FIREWALL_NAME> --network cc-custom-vpc-network --allow tcp:22,tcp:3389,icmp

Run compute networks subnets create command (Windows/macOS/Linux) to create and attach a custom subnet to the VPC network created at the previous steps. The following command example creates a VPC network subnet named "cc-europe-west2-subnet", in the London, UK (europe-west2) region with the primary IP address range set to 10.0.0.0/24. Use the compute networks subnets create command to create as many VPC subnets as you want:

gcloud compute networks subnets create cc-europe-west2-subnet
  --network=cc-custom-vpc-network
  --range=10.0.0.0/24
  --region=europe-west2

The command output should return the VPC subnet configuration metadata:

Created
[https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/regions/europe-west2/subnetworks/cc-europe-west2-subnet].

NAME                      REGION          NETWORK                  RANGE
cc-europe-west2-subnet    europe-west2    cc-custom-vpc-network    10.0.0.0/24

Run compute firewall-rules create command (Windows/macOS/Linux) to create the necessary firewall rules for your new, non-default Virtual Private Cloud (VPC) network. Firewall rules control incoming and/or outgoing traffic to GCP resources such as VM instances. The following command example creates a firewall rule that allows inbound traffic to all VM instances deployed within the VPC network through TCP port 80 (HTTP) and 443 (HTTPS):

gcloud compute firewall-rules create allow-http-https-traffic
  --network cc-custom-vpc-network
  --allow tcp:80,tcp:443
  --direction ingress
  --source-ranges 0.0.0.0/0
  --enable-logging

The command output should return the VPC firewall rule configuration metadata:

Created [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/firewalls/allow-https-traffic].

NAME                        NETWORK                 DIRECTION   PRIORITY    ALLOW     DENY      DISABLED
allow-http-https-traffic    cc-custom-vpc-network   INGRESS     1000        tcp:80,   tcp:443   False

(Optional) Now you can migrate your cloud applications from the default VPC network to the newly created non-default VPC network.

Once the default Virtual Private Cloud (VPC) network is not in use anymore, it is safe remove it from your GCP project. Before you can delete a VPC network, you must delete all GCP resources in all of its subnets, and all the resources that reference the network. Resources that reference the network include Cloud VPN gateways, Cloud Routers, firewall rules, and custom static routes. For example, run compute firewall-rules delete command (Windows/macOS/Linux) to delete a firewall rule named "default-allow-rdp" from the default VPC network:

gcloud compute firewall-rules delete default-allow-rdp

The compute firewall-rules delete command request should ask you for confirmation. Type Y to confirm the removal action. Once removed, the command output should return the ID of the deleted rule:

The following firewalls will be deleted:
- [default-allow-rdp]
Do you want to continue (Y/n)? Y
Deleted [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/firewalls/default-allow-rdp].

Run compute networks delete command (Windows/macOS/Linux) to remove the default Virtual Private Cloud (VPC) network from the selected GCP project:

gcloud compute networks delete default

The compute networks delete command request should ask you for confirmation. Type Y to confirm the removal action. Once the resource is deleted, the command output should return the ID of the removed VPC network:

The following networks will be deleted:
- [default]
Do you want to continue (Y/n)? Y

Deleted [https://www.googleapis.com/compute/v1/projects/cc-production-app-123123/global/networks/default].

Repeat steps no. 1 – 11 for each GCP project available within your Google Cloud account.