CODEWITHSUNDEEP
sshproxyssh-tunneltunnelinggoogle-cloud-networking
Kim
Kim

Reputation: 1898

Gcloud SSH Tunnel Proxy always through USA, even from other regions

When I create for example an instance in the Netherlands:

gcloud compute instances create p --zone europe-west4-c --machine-type=n1-standard-2

And do SSH tunnelling like:

gcloud compute ssh --zone europe-west4-c p -- -N -p 22 -D localhost:5000

Or after I added my SSH key to the instance and do:

ssh [email protected] -D localhost:5000

(where 55.66.77.88 is the public IP of my Gcloud instance)

Then pages like https://www.whatismyip.com/ still show my location is Mountain View, CA US and my ISP is Google LLC after I did set the socks proxy correctly.

This is not the case if I use DigitalOcean and do the same.

Does this mean that all outgoing requests from a Gcloud instance in any other region than USA are still routed through the USA?

Upvotes: 1

Views: 112

Answers (1)

DazWilkin
DazWilkin

Reputation: 40296

IP addresses are a global address space; there's no inherent (nor fixed) location associated with an IP address.

There are various ways that the location of an IP address may be inferred and, part of this calculation may involve identifying the owner of the IP address. You should lookup the owners of the IPs that you are being provided by Google and by Digital Ocean. You mentioned whatismyip, it provides a whois service. This functionality is provided by several providers (and you can form a consensus by checking with several of them).

Google owns the GCE instance IP address (unless this is a customer-owned IP [link]), and Google is based in Mountain View, CA and so it's probable that this is why that's the location associated with that address.

Google may allocate IP address to regions based demand and on some predictable mechanism that would make IPs sticky to locations and thus associate IPs with your location in Europe but, it's more likely (more flexible) that it does not and that, IPs are associated with machines around the globe as needed.

When you address a Google-owned (or -managed) IP, your local network providers get you to Google's global network quickly. This process usually (not always [link]) optimally routes the traffic.

Why then does the Digital Ocean IP refer to your location? Several possibilities:

  • that the location was inferred very recently to be you;
  • that Digital Ocean allocation of IPs is sticky to locations (and thus inferred to be near you);
  • that the IP is not owned by Digital Ocean but by a local provider (and thus inferred to be near you).

Upvotes: 2

Related Questions