Google Professional Cloud Network Engineer

Get started today

Ultimate access to all questions.

Explanation:

The issue arises because the private services access connection (VPC peering) does not automatically export routes to on-premises. By default, VPC Network Peering does not enable route import/export for service peerings. To resolve this:

Modify the VPC Network Peering connection to enable route import/export, ensuring the Cloud SQL IP range is imported into the Shared VPC.
Create a custom route advertisement on the Cloud Router to explicitly advertise the Cloud SQL IP range over BGP via the Dedicated Interconnect. This ensures on-premises knows how to route traffic to the Cloud SQL instance.

Options B, C, and D are incorrect because:

Changing the VPC routing mode to global (B, D) is not applicable here, as Shared VPC routing modes cannot be modified after creation.
Creating additional Cloud Routers or BGP peerings (C) is unnecessary since the existing Cloud Router in us-west1 is sufficient once properly configured.

Explanation:

Modify the VPC Network Peering connection to enable route import/export, ensuring the Cloud SQL IP range is imported into the Shared VPC.
Create a custom route advertisement on the Cloud Router to explicitly advertise the Cloud SQL IP range over BGP via the Dedicated Interconnect. This ensures on-premises knows how to route traffic to the Cloud SQL instance.

Options B, C, and D are incorrect because:

Changing the VPC routing mode to global (B, D) is not applicable here, as Shared VPC routing modes cannot be modified after creation.
Creating additional Cloud Routers or BGP peerings (C) is unnecessary since the existing Cloud Router in us-west1 is sufficient once properly configured.

Comments (0)

No comments yet.

As a network administrator managing hybrid connectivity, your team needs to access a Cloud SQL instance in the us-west1 region within a Shared VPC. You've set up a Dedicated Interconnect connection and a Cloud Router in us-west1, confirming successful connectivity between the Shared VPC and on-premises data center. After establishing a private services access connection for Cloud SQL using the reserved IP range with default settings, on-premises users still cannot reach the instance. How do you troubleshoot and resolve this issue?

Exam-Like

Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes. 2. Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

53.8%

Change the VPC routing mode to global. 2. Create a custom route advertisement in your Cloud Router to advertise the Cloud SQL IP address range.

23.1%

Create an additional Cloud Router in us-west2. 2. Create a new Border Gateway Protocol (BGP) peering connection to your on-premises data center. 3. Modify the VPC Network Peering connection used for Cloud SQL, and enable the import and export of routes.