GCP Associate Cloud Engineer Practice Question

Your team created an auto mode VPC network in a new project and connected it to the on-premises network (10.0.0.0/16) by using Cloud VPN. The VPN negotiation fails because several auto-created subnets overlap with routes advertised from on-prem. You must eliminate the overlap, keep using the same project, and be able to add more non-overlapping /20 subnets in additional regions later. What should you do?

Delete the current VPC and create a new auto mode VPC that uses the 172.16.0.0/12 network instead of 10.128.0.0/9.
Add a secondary IP range to each overlapping subnet and configure the VPN to advertise only the secondary ranges.
Switch the existing VPC from auto mode to custom mode, delete the automatically created subnets, and create new /20 subnets in each region using address space outside 10.0.0.0/16 (for example 172.16.0.0/20).
Create a more specific custom route for each overlapping prefix that directs the traffic to the default internet gateway so the VPN proposal no longer conflicts.

Report Issue

Answer Description

An auto mode VPC pre-populates every current and future region with fixed /20 subnets carved from the 10.128.0.0/9 range. These CIDR blocks cannot be changed in an auto mode network, so any overlap with on-prem networks will persist unless the network is converted to custom mode. Converting an auto mode VPC to custom mode is a one-time, supported action; afterward you can delete the automatically created subnets and add new, precisely sized subnets that use non-overlapping address ranges such as 172.16.0.0/20. Deleting and recreating the entire VPC would work but would also remove existing resources and policies. Adding routes or secondary ranges does not resolve the underlying CIDR conflict visible to Cloud VPN.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.