Hello, I am design a system on GCP to add GCP project level egress network bandwidth for our data plane projects (>10k) projects.

Detailed requirement & context:

1: we managed 10k+ GCP projects and want to apply egress network bandwidth on project level. E.g. 2 GCE VMs + 5 dataproc nodes + Google Lifescience API VMs share the same network bandwidth (2MB/s).

2: We want to minimize the cost. We know there is a solution that can be deploy a FortiGateon on each of those projects, but the cost would be large.

3: The number of projects will grow. We have new users coming to us every day and they will get new project.

A rough idea on my mind:

Setup shared VPC/VPC peering then route all traffic from those data plane projects to our central control plane(another GCP project). Then host fortigate on our controll plane. Then use fortigate to apply a network bandwidth on GCP project level. Now I am now stuck there. I know there is ip based traffic shaping on fortigate but I don't think there is one ip per project solution on GCP. 

Any idea are appreciated!