Exam Professional Cloud Architect topic 1 question 50 discussion

Ans is C, https://cloud.google.com/vpc/docs/using-vpc "Primary and secondary ranges can't conflict with on-premises IP ranges if you have connected your VPC network to another network with Cloud VPN, Dedicated Interconnect, or Partner Interconnect."

I think C is correct.

The issue with using the same IP ranges as on-prem is purely a routing issue. The VPN tunnel secures the traffic between the networks(on-prem and GCP). However, the routing within each network still depends on unique IP addresses.

1. IP Address Conflicts: When you have overlapping IP ranges between your on-premises network and your Google Cloud network, you'll run into routing conflicts. Devices won't know where to send traffic, leading to connectivity problems and unreachable systems. 2. Cloud VPN and Routing: Cloud VPN creates a secure tunnel between your on-premises network and your Google Cloud Virtual Private Cloud (VPC). To ensure proper routing, each side of the connection needs to have distinct, non-overlapping IP address spaces. 3. Best Practice for Hybrid Networks: Using different IP ranges is a standard best practice for hybrid cloud setups. It prevents ambiguity and ensures that traffic flows correctly between your on-premises and cloud environments.

question is tricky. as network architect knowing gcp i have exp that you can use non-overlapping secondary ranges for vpn as well. in many migrations it is not possible to make new addressing hence you need to make them overlapping. this is why 2nd ranges are so useful. B is better choice. more realistic and possible in gcp. from overall perspective i agree to have non-overlapping but do not forget this is migration and you need to have full connectivity all the time. it is also not mentioning about what ips should be used

C is correct

Using an IP range on Google Cloud that does not overlap with the range used on-premises (option C) is a good choice to avoid IP address conflicts. However, it is important to use the same IP range as the on-premises applications for the primary IP range to ensure that the on-premises systems remain accessible. Therefore, using the same IP range on Google Cloud as on-premises for the primary IP range and using a secondary range that does not overlap with the range used on-premises can avoid IP address duplication and ensure that the on-premises systems remain accessible. Hence, option B is the better choice.

The recommended approach for organizing your networking in Google Cloud to ensure that all your on-premises systems remain reachable during the migration is option C: Use an IP range on Google Cloud that does not overlap with the range you use on-premises. When using Cloud VPN to establish a connection between your on-premises systems and Google Cloud, it is important to ensure that the IP ranges used in your on-premises systems and Google Cloud do not overlap. If the IP ranges overlap, it can cause conflicts and make it difficult to route traffic between your on-premises systems and Google Cloud. To avoid IP range conflicts, you should use an IP range on Google Cloud that is different from the range you use on-premises. This will ensure that all your on-premises systems remain reachable during the migration.

ok for C

no overlapping

C. Use an IP range on Google Cloud that does not overlap with the range you use on-premises

C, IP should never overlap if avoidable. double nat is nasty

The correct answer is C

C Why would you ever create an IP overlap?

Answer is C

From here: https://cloud.google.com/vpc/docs/create-modify-vpc-networks "Primary and secondary ranges can't conflict with on-premises IP ranges if you have connected your VPC network to another network with Cloud VPN, Dedicated Interconnect, or Partner Interconnect."

ANS - C Primary and secondary ranges for subnets cannot overlap with any allocated range, any primary or secondary range of another subnet in the same network, or any IPv4 ranges of subnets in peered networks.