For a large, multi-tiered application within a single Google Cloud project, the most efficient and low-overhead solution is to use a single large custom VPC with subnets for network segmentation.

Single Custom VPC and Subnets: A single custom VPC with subnets for each tier (Web, App, DB) is the least complex and lowest cost solution. A /16 VPC provides 65,536 available IP addresses, easily accommodating "more than 1,000 IP addresses."

Firewall Rules and IP Subnets: Using Firewall Rules that reference the IP address ranges of the subnets (e.g., allow traffic from the Web subnet's CIDR range to the App subnet's CIDR range) is the recommended and simplest method for defining the necessary secure traffic flow between the tiers (Web $\to$ App $\to$ DB), minimizing administrative overhead compared to managing many network tags.

Alternatives: Option C (VPC Peering) adds complexity and cost for connectivity. Option A (Shared VPC) is unnecessary if the application is in a single project. Option D suggests three small /24 VPCs, which is not sufficient for a large application.