Reputation: 55
Create a multi IP proxy on GCP
I use GCP to create a multiple IP proxy for Web crawler.
I have created VPC and new instance with multiple nic's.
My config squid is as follows (part of it):
http_port 10000
http_port 10001
acl port1 myport 10000
acl port2 myport 10001
tcp_outgoing_address 10.170.0.4 port1
tcp_outgoing_address 10.0.0.2 port2
After I restart squid, I can access proxy on port 10000(nic0, default) but i cannot access on port 10001(nic1, default)
I can ping my nic1 ip address 10.0.0.2 in console, but cannot ping nic1 external ip.
How do I configure my NIC's to respond to ping on public IP ?
Upvotes: 3
Views: 2225
Answers (1)
Reputation: 4443
You have two ways to be able to use multiple external IP's with one VM.
1. Hard way
This approach (which you tried) is a little more complicated.
By design if you attach multiple interfaces to a single VM only the first one (NIC0) is configured with the route to the Internet. You have to congigure separate routing table for every additional interface (see Configuring policy routing).
For Google supported images, when you need a secondary network interface (an interface other than nic0) to communicate with any IP address not local to the primary subnet range of that secondary interface's associated subnet, you need to configure policy routing to ensure that egress packets will leave through the correct interface. In such cases, you must configure a separate routing table for each network interface using policy routing.
Additionally you have to create separate VPC networks for each NIC and if you want to use more than two you need to have a machine with more CPU's (which is another limitation).
In general, the following rules apply for n1-standard-x, n1-highmem-x, n1-highcpu-x, f1-micro, g1-small and custom VMs:
2 network interfaces for VM <= 2vCPU 1 network interface per vCPU for VM > 2vCPUs, with a cap of max 8 network interfaces per VM
Final step is to add proper rules to the GCP Firewall allowing traffic in & out from your VM.
As you see it can be done but has some steps and you still are limited to only 8 NIC's on a single VM.
2. Easy way
I'd personally try this approach which is much easier - doesn't specify the VM type (it can be even micro).
You can use Protocol Forwarding Rules.
Steps to fallow (I used gcloud utility).
- You need to have one VM (with a single public IP attached). You can use the one that you already have or create a new one if the configuring it from scratch isn't too much work. If you don't create one with
gcloud compute instances create vm2 --tags=tag1 - Then create a firewall rule that will allow traffic to your VM:
gcloud compute firewall-rules create allow80 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:80 --source-ranges=0.0.0.0/0 --target-tags=tag1 - Create target-instance for your VM:
gcloud compute target-instances create tar1 --instance vm2 - lastly create forwarding rules itself:
gcloud compute forwarding-rules create forward1 --ip-protocol TCP --ports 80 --target-instance tar1
I've used "network tags" in this example to simplify the application of any firewall rules and forwarding rules below. Have a look at the documentation if it's not clear to you.
When you run gcloud compute forwarding-rules list you should get
$ gcloud compute forwarding-rules list
NAME REGION IP_ADDRESS IP_PROTOCOL TARGET
forward1 europe-west3 34.107.72.88 ICMP europe-west3-c/targetInstances/pf-target-instance
forward2 europe-west3 35.246.227.80 ICMP europe-west3-c/targetInstances/pf-target-instance
forward3 europe-west3 35.198.70.64 ICMP europe-west3-c/targetInstances/pf-target-instance
Each forwarding rule needs it's own unique public IP - when you create one as described a new ephemeral public IP is assigned to it. You can reserve some static IP's beforehand and then assign them to newly created forwarding rules.
You can find forwarding rules in the console: Network Services > Load Balancing > Advanced > Forwarding Rules. In this particular example you cannot use console to create a forwarding rules due to target-instance use. Console only allows creating rules to direct it to target-pool.
You have to use gcloud utility in this case.
Upvotes: 2
Related Questions
- GCP support proxy protocol V2
- Use GCP services with python and proxy
- Google Cloud - Egress IP / NAT / Proxy for google cloud functions
- GCP: connection only between VM's (do not allow external IP's)
- Proxying to multiple services using Google ESP
- Route static IP to Google Cloud Function
- How to proxy an endpoint, using Google App Engine
- Assign a public IP to a nested VM on GCP without using proxy or port forwarding
- How to use one external ip for multiple instances
- open firewall for multiple IPs