You are designing a VPC architecture for your organization using a Network Connectivity Center hub-and-spoke topology:

• One Network Connectivity Center hybrid spoke exists to receive on-premises routes (172.16.0.0/16).
• One additional VPC spoke needs to be added as a Network Connectivity Center spoke.

Your organization has constrained routable IP space (192.168.0.0/20) for its cloud environment. The spoke VPC is connected to on-premises via a Cloud Interconnect in us-east4.

How should you configure the architecture to enable access to on-premises resources from multiple Google Cloud regions (us-west1, europe-central1, and asia-southeast1) while minimizing IP address usage?

Exam-Like

Configure a Private NAT gateway and NAT subnet in us-west1(192.168.1.0/24), europe-central1(192.168.2.0/24) and asia-southeast1(192.168.3.0/24). 2. Add the VPC as a spoke and configure an export include policy to advertise only 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 to the hub. 3. Enable global dynamic routing to allow resources in us-west1, us-central1 and asia-southeast1 to reach the on-premises location through us-east4.

33.3%

Configure a Private NAT gateway instance in us-west1(172.16.1.0/24), europe-central1(172.16.2.0/24), and asia-southeast1(172.16.3.0/24). 2. Add the VPC as a spoke and configure an export include policy on the VPC spoke to advertise only the NAT subnets 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24 to the hub. 3. Enable global dynamic to allow resources in us-west1, us-central1, and asia-southeast1 to reach the on-premises location through us-east4.

22.2%

Configure a Private NAT gateway instance in us-east4(192.168.1.0/24). 2. Add the VPC as a spoke and configure an export include policy on the VPC spoke to advertise 192.168.1.0/24 to the hub. 3. Enable global dynamic routing to allow resources in us-west1, us-central1 and asia-southeast1 to reach the on-premises location through us-east4.

22.2%

Configure a Private NAT gateway instance in us-west1(192.168.1.0/24), europe-central1(192.168.2.0/24), and asia-southeast1(192.168.3.0/24). 2. Add the VPC as a spoke and configure an export exclude policy on the VPC spoke to advertise only the NAT subnets 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 to the hub. 3. Enable global dynamic routing to allow resources in us-west1, us-central1, and asia-southeast1 to reach the on-premises location through us-east4.

22.2%

Google Professional Cloud Network Engineer