Reputation: 629
What GCE IPs should I open to Google Load Balancer on Firewall to my instance groups?
I have a node.js instance group being balanced by google load balancer. Instance group's IPs are ephemeral and the load balance IP is static.
Accordingly to this google manual, after everything is set and running, I should be able to replace the 0.0.0.0/0 firewall rule to this:
gcloud compute firewall-rules create allow-lb-and-healthcheck \ --source-ranges 130.211.0.0/22,35.191.0.0/16 \ --target-tags http-tag \ --allow tcp:80
But unfortunately, this didn't work and I got a 502.
How can I find what IP I must allow in the firewall so Load Balancer can reach my instance-group? I tried my load balancer external IP and this also didn't work.
The only rule it seems to work is to open 0.0.0.0/0.
Upvotes: 1
Views: 1558
Answers (1)
Reputation: 15366
Make sure you have the IP addresses for the health checks opened as well: 209.85.152.0/22, 209.85.204.0/22, and 35.191.0.0/16. Without this the LB won't send traffic to a backend because it thinks it's unhealthy.
Upvotes: 4
Related Questions
- GCE Managed Instance Group - static IP address for outbound server requests
- How to get external IPs of specific instance group on GCE - Google Compute Engine?
- Setting up Network (TCP) Load balancer for GCE instances with Container-Optimized OS
- setup instance group GCE with HTTPS load balancer that allows custom port
- GCE Instance IP Address
- How to determine the IP ranges used by the GCP load balancers
- GCloud Firewall rules on network load balancer
- Google compute engine external ip
- Google Load Balancer firewall for instances/backends under LB
- Google Compute Load Balancer