About participant ULL VPC networks
This page provides an overview of Ultra Low Latency (ULL) Virtual Private Cloud (VPC) networks for exchange participants.
Overview
ULL VPC networks provide support for ultra-low latency unicast and multicast traffic for market trading applications, respecting strict jitter and variance targets. ULL VPC networks use a dedicated zonal physical fabric that is isolated from other traffic in Google Cloud. To help ensure optimal performance, non-essential traffic and features are restricted.
You create ULL VPC networks by using a pre-configured, role-specific network profile provided by Google Cloud. Participant ULL VPC networks are created by using the participant ULL network profile. For a general overview of network profiles, see Network profiles for specific use cases.
Participant ULL VPC networks support ULL communication between Compute Engine instances as described in the following sections.
ULL unicast connectivity
Participant ULL VPC networks have limited support for ULL unicast connectivity as follows:
Within the network: ULL unicast traffic isn't supported between instances in the same participant ULL VPC network.
With other networks through NCC: If a participant ULL VPC network is a VPC spoke in the edge group of a Network Connectivity Center (NCC) hub that uses the star topology:
- ULL unicast traffic is supported between instances in the participant ULL VPC network and instances in operator ULL VPC networks in the center group of the hub.
- ULL unicast traffic isn't supported between participant ULL VPC networks in the edge group of the hub.
ULL multicast connectivity
Participant ULL VPC networks support ULL multicast traffic, and can act as multicast consumer networks for multicast traffic sent from operator ULL VPC networks. For detailed information, see the ULL Multicast overview.
Specifications
Participant ULL VPC networks have the following specifications:
Zonal constraint. A participant ULL VPC network is constrained to the zone of the network profile that you specify when you create the network.
The name of the network profile that you specify when you create the network has the following format:
ZONE-vpc-ull-participant, for exampleus-south1-d-vpc-ull-participant. The zone must be from the list of Supported locations.Resources that use a participant ULL VPC network are limited to the same zone as the network profile associated with the network.
All instances that have network interfaces in the participant ULL VPC network must be created in the zone that matches the zone of the network profile used by the network.
All subnets created in the participant ULL VPC network must be located in the region that contains the zone of the network profile used by the network.
Supported Compute Engine instance types. Participant ULL VPC networks support attachments from only U4C instances.
Network interface egress bandwidth limits. For a given network interface attached to the network, participant ULL VPC networks support a maximum egress bandwidth of 1 Gbps.
1500 byte maximum transmission unit (MTU). The default MTU in a participant ULL VPC network is
1500bytes. You can't modify this value.Firewall differences. Participant ULL VPC networks support only regional network firewall policies that have a ULL policy type. For more information, see Firewall for ULL VPC networks.
Other features. The set of features that are supported in participant ULL VPC networks is pre-configured by Google Cloud to support running financial exchange workloads with ULL requirements. To help ensure optimal performance, participant ULL VPC networks support a limited set of features. For more information, see the following Supported and unsupported features section.
Supported and unsupported features
This section describes which features are supported by participant ULL VPC networks.
The following table lists the specific features that are enabled or disabled by the participant ULL network profile and includes the network profile property values set by Google Cloud.
If a feature isn't explicitly enabled or disabled by a network profile property, then the availability of that feature typically matches that of a regular VPC network. For example, Shared VPC isn't a feature configured by the network profile, but is supported for participant ULL VPC networks.
| Feature | Supported | Network profile property and value | Details |
|---|---|---|---|
| ULL communication | |||
| ULL unicast |
unicast:UNICAST_ULL
|
Participant ULL VPC networks support ULL unicast traffic as described in ULL unicast connectivity. | |
| ULL unicast in the same network |
allowSameNetworkUnicast:SAME_NETWORK_UNICAST_BLOCKED
|
||
| ULL Multicast |
multicast:MULTICAST_ULL
|
Participant ULL VPC networks support receiving ULL multicast traffic as described in ULL multicast connectivity. | |
allowMulticast:MULTICAST_ALLOWED
|
|||
| Subnets | |||
| IPv4-only subnets |
subnetworkStackTypes:SUBNET_STACK_TYPE_IPV4_ONLY
|
Participant ULL VPC networks support IPv4-only subnets, including the same Valid IPv4 ranges as regular VPC networks. Participant ULL VPC networks don't support dual-stack or IPv6-only subnets. For more information, see Types of subnets. |
|
PRIVATE subnet purpose |
subnetworkPurposes:SUBNET_PURPOSE_PRIVATE
|
Participant ULL VPC networks support regular subnets, which have a
Participant ULL VPC networks don't support Private Service Connect subnets, proxy-only subnets, or Private NAT subnets. For more information, see Purposes of subnets. |
|
| Auto mode |
allowAutoModeSubnet:AUTO_MODE_SUBNET_BLOCKED
|
Participant ULL VPC networks can't be auto mode networks. For more information, see subnet creation mode. | |
| Network interfaces | |||
| Multi-NIC in the same network |
allowMultiNicInSameNetwork:MULTI_NIC_IN_SAME_NETWORK_ALLOWED
|
Participant ULL VPC networks support multi-NIC instances, allowing two or more network interfaces of the same instance to be in the same network. Each network interface must attach to a unique subnet in the network. |
|
Attachments from nic0 |
allowDefaultNicAttachment:DEFAULT_NIC_ATTACHMENT_BLOCKED
|
Participant ULL VPC networks don't support attaching the
|
|
| Dynamic Network Interfaces |
allowSubInterfaces:SUBINTERFACES_BLOCKED
|
Participant ULL VPC networks don't support Dynamic NICs. | |
| Instance network migration |
allowNetworkMigration:NETWORK_MIGRATION_BLOCKED
|
Participant ULL VPC networks don't support migrating instance network interfaces between networks. | |
| IP addresses | |||
GCE_ENDPOINT address purpose |
addressPurposes:GCE_ENDPOINT
|
Participant ULL VPC networks support IP addresses with a
Participant ULL VPC networks don't support special purpose IP addresses,
such as the |
|
| External IP addresses for instances |
allowExternalIpAccess:EXTERNAL_IP_ACCESS_BLOCKED
|
Participant ULL VPC networks don't support assigning external IP addresses to instance network interfaces. Consequently, network interfaces attached to the network don't have internet access. | |
| Routes | |||
| Static routes |
allowStaticRoutes:STATIC_ROUTES_BLOCKED
|
Participant ULL VPC networks don't support static routes. | |
| IP forwarding |
allowIpForwarding:IP_FORWARDING_BLOCKED
|
Participant ULL VPC networks don't support IP forwarding. | |
| Network security | |||
| Cloud NGFW firewall policies |
allowFirewallPolicy:FIREWALL_POLICY_ALLOWED
|
Participant ULL VPC networks support Cloud NGFW firewall policies that have the ULL policy type as described in Firewall for ULL VPC networks. | |
| ULL policy type |
firewallPolicyTypes:ULL_POLICY
|
||
| Class D firewalls |
allowClassDFirewalls:CLASS_D_FIREWALLS_BLOCKED
|
Participant ULL VPC networks don't support firewall
rules that have class D addresses (224.0.0.0/4). |
|
| VPC firewall rules |
allowVpcFirewallRules:VPC_FIREWALL_RULES_BLOCKED
|
Participant ULL VPC networks don't support VPC firewall rules. | |
| VPC Packet Mirroring |
allowPacketMirroring:PACKET_MIRRORING_BLOCKED
|
Participant ULL VPC networks don't support VPC Packet Mirroring, which is a packet mirroring service for regular VPC networks. | |
| Network Connectivity | |||
| VPC Network Peering |
allowVpcPeering:VPC_PEERING_BLOCKED
|
Participant ULL VPC networks don't support connecting to other VPC networks using VPC Network Peering. Consequently, Participant ULL VPC networks don't support connecting to services using private services access. | |
| Cloud Router |
allowCloudRouter:CLOUD_ROUTER_BLOCKED
|
Participant ULL VPC networks don't support Cloud Routers and dynamic routes. | |
| Cloud Interconnect |
allowInterconnect:INTERCONNECT_BLOCKED
|
Participant ULL VPC networks don't support Cloud Interconnect VLAN attachments. | |
| Cloud VPN |
allowVpn:VPN_BLOCKED
|
Participant ULL VPC networks don't support Cloud VPN tunnels. | |
| NAT | |||
| Cloud NAT |
allowCloudNat:CLOUD_NAT_BLOCKED
|
Participant ULL VPC networks don't support Cloud NAT. | |
| Load balancing | |||
| Cloud Load Balancing |
allowLoadBalancing:LOAD_BALANCING_BLOCKED
|
Participant ULL VPC networks don't support Cloud Load Balancing. Consequently, Participant ULL VPC networks don't support load balancer features, including Google Cloud Armor. | |
| Private access for services | |||
| Private Google Access |
allowPrivateGoogleAccess:PRIVATE_GOOGLE_ACCESS_BLOCKED
|
Participant ULL VPC networks don't support Private Google Access. | |
| Private Service Connect |
allowPsc:PSC_BLOCKED
|
Participant ULL VPC networks don't support Private Service Connect. | |