Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Network Engineer Exam - Topic 8 Question 79 Discussion

Actual exam question for Google's Professional Cloud Network Engineer exam
Question #: 79
Topic #: 8
[All Professional Cloud Network Engineer Questions]

You have the following routing design. You discover that Compute Engine instances in Subnet-2 in the asia-southeast1 region cannot communicate with compute resources on-premises. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: D

This answer follows the Google-recommended practices for using privately used public IP (PUPI) addresses for GKE Pod address blocks1. The benefits of this approach are:

It allows you to use any public IP addresses that are not owned by Google or your organization for your Pods, which can help mitigate address exhaustion in your enterprise.

It prevents any external traffic from reaching your Pods, as Google Cloud does not route PUPI addresses to the internet or to other VPC networks by default.

It enables you to use VPC Network Peering to connect your GKE cluster to other VPC networks that use different PUPI addresses, as long as you enable the export and import of custom routes for the peering connection.

It preserves the fully integrated network model of GKE, where Pods can communicate with nodes and other resources in the same VPC network without NAT.

The options that you need to select when creating a private GKE cluster with PUPI addresses are:

--disable-default-snat: This option disables source NAT for outbound traffic from Pods to destinations outside the cluster's VPC network.This is necessary to prevent Pods from using RFC 1918 addresses as their source IP addresses, which could cause conflicts with other networks that use the same address space2.

--enable-ip-alias: This option enables alias IP ranges for Pods and Services, which allows you to use separate subnet ranges for them.This is required to use PUPI addresses for Pods1.

--enable-private-nodes: This option creates a private cluster, where nodes do not have external IP addresses and can only communicate with the control plane through a private endpoint.This enhances the security and privacy of your cluster3.

Option A is incorrect because it does not use PUPI addresses for Pods, but rather RFC 1918 addresses. This does not solve the problem of address exhaustion in your enterprise. Option B is incorrect because it reuses the secondary address range for Services across multiple private GKE clusters, which could cause IP conflicts and routing issues. Option C is incorrect because it does not specify the options that are needed to create a private GKE cluster with PUPI addresses.

1:Configuring privately used public IPs for GKE | Kubernetes Engine | Google Cloud2:Using Cloud NAT with GKE | Kubernetes Engine | Google Cloud3:Private clusters | Kubernetes Engine | Google Cloud


by Ernest at Apr 11, 2024, 08:16 AM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Network Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Benton
6 months ago
Wait, why can't they communicate at all? That's odd!
upvoted 0 times
...
Erasmo
6 months ago
Adding a second BGP session? Not sure that’s necessary.
upvoted 0 times
...
Jettie
6 months ago
Changing the VPC dynamic routing mode to Global sounds risky.
upvoted 0 times
...
Maryann
7 months ago
I think enabling IP forwarding is the way to go.
upvoted 0 times
...
Brandon
7 months ago
A custom route advertisement should fix it!
upvoted 0 times
...
Paola
7 months ago
Adding a second BGP session could be a solution, but I need to double-check if that's necessary for on-premises connectivity.
upvoted 0 times
...
Mollie
7 months ago
Changing the VPC dynamic routing mode to Global sounds familiar, but I feel like it might not directly solve the communication problem.
upvoted 0 times
...
Donette
7 months ago
I think enabling IP forwarding might help, but I can't recall if it's specifically for this kind of issue.
upvoted 0 times
...
Lenna
8 months ago
I remember something about custom route advertisements, but I'm not entirely sure if that's the right approach here.
upvoted 0 times
...
Ashlee
8 months ago
Based on the information provided, I believe the solution is to enable IP forwarding in the asia-southeast1 region, which is option B. This should allow the traffic to flow between the VPC and the on-premises network.
upvoted 0 times
...
Caprice
8 months ago
Okay, let's see. The problem is that the Compute Engine instances in Subnet-2 can't communicate with the on-premises resources. I'm thinking option A, configuring a custom route advertisement on the Cloud Router, might be the way to go.
upvoted 0 times
...
Glen
8 months ago
Hmm, this seems like a tricky one. I'll need to carefully review the network design and think through the potential issues.
upvoted 0 times
...
Celestina
8 months ago
I'm a bit confused here. Is the issue with the routing configuration or the connectivity between the VPC and the on-premises network? I'll need to double-check the details to determine the best approach.
upvoted 0 times
...
Merrilee
8 months ago
Views seem like the most logical choice here. That's the security technique that lets you control which users can see which parts of the database.
upvoted 0 times
...
Elouise
8 months ago
Okay, the key here is understanding the relationship between cash outflows for raw materials/manufacturing and cash inflows from sales. I think I can work this out.
upvoted 0 times
...
Hassie
8 months ago
Hmm, this one looks tricky. I'll need to think carefully about the TIBCO EMS Administrator Tool commands.
upvoted 0 times
...
Dewitt
8 months ago
This seems like a straightforward definition question. I'll carefully read through the options and think about which one best captures the full meaning of real property.
upvoted 0 times
...
Thora
1 year ago
I got this! Option C all the way. Global routing mode is the key to unlocking this networking puzzle.
upvoted 0 times
...
Torie
1 year ago
Wait, we're talking about networking here, right? I thought this was a cooking exam. Where's the recipe for cloud-roasted chicken?
upvoted 0 times
Lili
11 months ago
D) Add a second Border Gateway Protocol (BGP) session to the Cloud Router.
upvoted 0 times
...
Sabra
11 months ago
C) Change the VPC dynamic routing mode to Global.
upvoted 0 times
...
Paul
11 months ago
B) Enable IP forwarding in the asia-southeast1 region.
upvoted 0 times
...
Marvel
12 months ago
A) Configure a custom route advertisement on the Cloud Router.
upvoted 0 times
...
...
Michael
1 year ago
Option B sounds like the easy way out, but I'm pretty sure that's not the right answer. Probably gonna have to dig a little deeper on this one.
upvoted 0 times
Helga
11 months ago
That might be necessary to establish the connection.
upvoted 0 times
...
Virgie
12 months ago
D) Add a second Border Gateway Protocol (BGP) session to the Cloud Router.
upvoted 0 times
...
Lavonna
12 months ago
Yeah, that could help with the communication issue.
upvoted 0 times
...
Lenna
12 months ago
A) Configure a custom route advertisement on the Cloud Router.
upvoted 0 times
...
...
Gianna
1 year ago
I bet option D is the answer. It's all about that BGP, baby! Gotta get that second session up and running.
upvoted 0 times
Edelmira
1 year ago
User 3: Let's go with option D and see if it fixes the communication problem.
upvoted 0 times
...
Joni
1 year ago
User 2: Yeah, having a second BGP session might solve the issue.
upvoted 0 times
...
Yuette
1 year ago
User 1: I think option D is the way to go.
upvoted 0 times
...
...
Barrie
1 year ago
Hmm, this looks like a tricky one. I'm thinking option A might be the way to go, but I'm not quite sure. Better double-check the documentation just to be safe.
upvoted 0 times
Corazon
1 year ago
Yeah, let's double-check to make sure we're on the right track.
upvoted 0 times
...
Page
1 year ago
I think option A makes sense. Let's check the documentation to confirm.
upvoted 0 times
...
...
Marge
1 year ago
I believe changing the VPC dynamic routing mode to Global could be the solution. It might help with communication between the instances.
upvoted 0 times
...
Stephaine
1 year ago
I agree with Keena. Enabling IP forwarding in the asia-southeast1 region might also help.
upvoted 0 times
...
Keena
1 year ago
I think we should configure a custom route advertisement on the Cloud Router.
upvoted 0 times
...

Save Cancel