In GPC we need to allow VMs on VPC A Subnet 1 to communicate with VMs on other VPCs (in other projects) where there subnets overlap (exchange originates from A). eg. Project A | VPC A | Subnet 1 | 10.10.142.0/24 Project B | VPC B | Subnet 1 | 10.10.12.0/24 Project C | VPC C | Subnet 1 | 10.10.12.0/24
We have ruled out VPC Sharing due to a lack of project administration autonomy. And also ruled out VPC Peering due to not coping with overlapping subsets.
And have tried: NCC with spokes and a Private NAT, and with just Project A and Project B we were able to get a VM on each to SSH (with appropriate FW rules). But when adding C, we need to filter the CIDR 10.10.12.0/24 for both B and C spokes. And after re-adding the spokes, of course now there are no routes from A to B anymore and of course none for A to C (ie. subnets have to be filtered to allow overlap).
I think I need to add routes, but the gcloud command seems to need --net-external-ip-pool, which I do not have/want, as this all needs to be internal and not public.
How best to proceed to be able to route A to B and A to C. VPN maybe... VPC Peering with PNAT (although I think the same problem as the NCC solution we tried described above).
