Your company's on-premises data center is attached to the prod-vpc in Google Cloud via a Cloud VPN tunnel. The analytics-vpc is in a separate project and must exchange private traffic with prod-vpc and also reach on-prem resources. You plan to configure VPC Network Peering between prod-vpc and analytics-vpc and to export/import custom routes on both sides. Which statement describes the resulting connectivity?
VMs in analytics-vpc cannot reach the on-premises network through prod-vpc; VPC Network Peering does not support transitive routing, so a separate VPN or Interconnect to analytics-vpc is required.
VMs in analytics-vpc will be able to reach the on-premises network through prod-vpc because the custom routes exchanged over the peering connection include VPN routes.
VMs in analytics-vpc will reach on-prem once you add firewall rules permitting IKE and ESP between analytics-vpc and prod-vpc over the peering connection.
VMs in analytics-vpc will reach on-prem only after you configure Cloud NAT in prod-vpc so that traffic is SNATed before crossing the peering link.
VPC Network Peering lets two VPC networks exchange private traffic across Google's backbone and, when route exchange is enabled, share their custom routes. However, peering is strictly non-transitive: routes learned from connected services such as Cloud VPN or Cloud Interconnect are not propagated across the peering connection. Therefore, even after you enable import and export of custom routes, analytics-vpc will not learn the on-premises network prefixes that prod-vpc receives through its VPN. To reach the data center, you must create a separate VPN or interconnect that terminates directly in analytics-vpc (or use another supported connectivity pattern). The other options are incorrect because neither additional firewall rules nor Cloud NAT can overcome the absence of transitive routing, and enabling custom route exchange does not make VPC peering transitive.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VPC Network Peering?
Open an interactive chat with Bash
What is transitive routing and why does VPC peering not support it?
Open an interactive chat with Bash
What alternative solutions exist for connecting analytics-vpc to the on-prem network?
Open an interactive chat with Bash
What is VPC Network Peering?
Open an interactive chat with Bash
Why is VPC Network Peering non-transitive?
Open an interactive chat with Bash
What alternatives exist to connect analytics-vpc to on-prem resources?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Planning and implementing a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .