Study Google Cloud ACE Network Operations: key concepts, common traps, and exam decision cues.
This lesson is about routine network operations after a workload is already running. Google Cloud expects you to know how subnet growth, static IPs, Cloud DNS, and Cloud NAT solve different operational problems.
Static IP: Reserved address that stays stable instead of changing with instance or service lifecycle events.
Cloud DNS: Managed DNS service used to publish and resolve names to the right targets.
Cloud NAT: Managed outbound address translation path for private instances that need internet egress without public IPs on each VM.
ACE wants you to separate:
These questions are often really about which layer should change first, not about networking in the abstract.
| If the question is mainly about… | Strongest first lane |
|---|---|
| instances need outbound internet access but should stay private | Cloud NAT |
| a public-facing dependency needs a stable address | reserve a static IP |
| clients should reach a service by name instead of raw address | Cloud DNS |
| an existing subnet no longer has enough address space or planning headroom | subnet design or growth path |
flowchart LR
A["Client"] --> B["Cloud DNS name"]
B --> C["Static IP"]
C --> D["Service endpoint"]
E["Private VM"] --> F["Cloud NAT"]
F --> G["Outbound internet access"]
The top lane is about how clients find a stable public target. The bottom lane is about how private instances reach outward without getting their own public IPs. ACE often tests whether you can keep those two lanes separate.
| Control | What it really answers |
|---|---|
| subnet | where addresses are allocated inside the network |
| static IP | which endpoint needs a stable address |
| Cloud DNS | what name should resolve to that endpoint |
| Cloud NAT | how private instances reach the internet outbound |
Candidates often choose Cloud DNS when the question is really about outbound internet access, or they choose Cloud NAT when the stem actually wants a stable public address for inbound clients.
| Question | Static IP | Cloud DNS | Cloud NAT |
|---|---|---|---|
| Main purpose | stable address for a service or endpoint | map a name to the right target | outbound internet access for private instances |
| Strongest first when | the endpoint address must not change | humans or systems should use a stable hostname | VMs should stay private but still reach external services |
| Common trap | assuming it solves naming automatically | assuming DNS creates connectivity by itself | assuming it makes workloads publicly reachable inbound |
When a network-ops stem gets noisy, use this order:
That order prevents a common ACE mistake: debugging DNS for a problem that is really missing outbound egress from private instances.
| Trap | Better reading |
|---|---|
| “Cloud NAT gives each VM a public IP.” | Cloud NAT provides managed outbound translation without assigning public IPs directly to each VM. |
| “Cloud DNS makes the service stable by itself.” | DNS maps names to targets, but it does not reserve the underlying address. |
| “Static IP and DNS are interchangeable.” | One stabilizes the address. The other stabilizes how clients refer to it. |
| “Subnet questions are the same as internet-egress questions.” | Subnet planning and outbound internet access are separate operational lanes. |
Private VMs in a subnet must download packages from the internet, but the team does not want public IPs on each VM. Which lane is strongest first?
Correct answer: B. The requirement is outbound internet access for private instances, which is exactly the Cloud NAT lane.