> For the complete documentation index, see [llms.txt](https://docs.astrafy.io/partnerships/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.astrafy.io/partnerships/our-reselling-offer/networking.md). # Networking Networking design is critical to successful system design because it helps you optimize for performance and secure application communications with internal and external services. When you choose networking services, it's important to evaluate your application needs and evaluate how the applications will communicate with each other. For example, while some components require global services, other components might need to be geo-located in a specific region. Developing your cloud networking design includes the following steps: 1. Design the workload VPC architecture. Start by identifying how many Google Cloud projects and VPC networks you require. 2. Add inter-VPC connectivity. Design how your workloads connect to other workloads in different VPC networks. 3. Design hybrid network connectivity. Design how your workload VPCs connect to on-premises and other cloud environments. IT Networking in general is one of the most complex topics and one of the main reasons for bugs and headaches. Google Cloud makes it easy to navigate through complex networkign concepts but still it's of major importance to make [VPC](https://cloud.google.com/vpc) network design an early part of designing your organizational setup in Google Cloud. Organizational-level design choices can't be easily reversed later in the process. We usually tackle networking with an initial workshop where we cover the following topics: * VPC architecture required. If you are using only serverless products on Google Cloud, there is actually no need of VPCs. Otherwhise, we usually recommend a hub-spoke topology. * VPC networks, including their associated routes and firewall rules, * Traffic to and from instances In terms of security around the networking in place, we recommend the following: * Disable default networks * Secure your perimeter with VPC service controls * Inspect and monitor your network traffic * Use a web application firewall There are a multitude of other networking actions that can be taken but the focus at this stage is to set up well the foundations with best-practices. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.astrafy.io/partnerships/our-reselling-offer/networking.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.