Reputation: 43
how to communicate 2 instances inside the same VPC but different subnets (regions) using internal IP
I have 2 instances, 1 VPC and 2 subnets each one in different region.
1 instance has a public IP, the other one just have internal IP. I want the 2 instances to communicate with each other using their internal IP.
How can I achieve this?
--Edit
instances
name: instance-a
zone: us-central1-a
network: testing
network tags: testing-allow-internal testing-allow-ssh
internal ip: 10.10.0.2
external ip: none
name: instance-b
zone: northamerica-northeast1-a
network: testing
network tags: testing-allow-internal testing-allow-ssh
internal ip: 10.20.0.2
external ip: yes
vpc
name: testing
Dynamic routing mode: global
subnets
name: testing
region: us-central1
IP address ranges: 10.10.0.0/15
gateway: 10.10.0.1
Private Google Access: On
name: testing
region: northamerica-northeast1
IP address ranges: 10.20.0.0/15
gateway: 10.20.0.1
Private Google Access: On
Firewall Rules
name: testing-allow-internal
type: Ingress
targets: Apply to all
filters: IP ranges: 0.0.0.0/0
protocols / ports: all
action: Allow
priority: 65534
network: testing
name: testing-ssh
type: Ingress
targets: Apply to all
filters: IP ranges: 0.0.0.0/0
protocols / ports: tcp:22
action: Allow
priority: 65534
network: testing
Now, what I am trying to achieve: connect from local to instance-b via ssh usinf external IP. I just want instance-b to connect to instance-a via ssh using internal IP ie: ssh user@instance-b-external-ip >> ssh user@instance-a-internal-ip
I can ping, but when I try to connect to instance-a from instance-b using internal-ip via ssh, it always say permission denied.
New Edit SSH
I connect to instance-b using external-ip ie: ssh user@externalip. Inside instance-b i create ssh keys using the following command
ssh-keygen -t rsa -b 4096 -f ~/.ssh/instance_b
the pub key and private key
public key: instance_b.pub
private key: instance_b
I add the public key to the SSH KEYS using GUI
then I connect as usual ssh [email protected]
The authenticity of host '10.10.0.2 (10.10.0.2)' can't be established.
ECDSA key fingerprint is SHA256:iA1FfVyXM1234OsIy424ElVLnjGg2tMuSmdbsGWGLSs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.0.2' (ECDSA) to the list of known hosts.
[email protected]: Permission denied (publickey).
I get permission denied
BUT if I use the following command:
ssh -i ~/.ssh/instance-b [email protected]
I can connect. Why??
If I am missing anything, please let me know
Thanks!
Upvotes: 4
Views: 4145
Answers (1)
Reputation: 81336
VPC subnets within the same VPC can communicate with each other. The VPC Firewall rule default-allow-internal allows all TCP, UDP, and ICMP traffic between resources within the same VPC.
The key is to use the internal (private) IP address.
Upvotes: 4
Related Questions
- GCP: How can I create multiple subnets with the same address range in one VPC?
- Multiple subnets in a GCP network
- Public IPv4 communication within VPC in GCP
- How to create Private and Public subnets in GCP?
- VPC peering between 2 AWS Regions VPC via cloudformation
- How to connect multiple cloud with overlapping VPC?
- Google Cloud Run Internal DNS/IP for communication with same region VM
- How to resolve "The external IP address 'IP_ADDRESS_NAME' was not found in region" in GCP
- VPC Network on GCP
- How to establish communication between two private GCP clusters which are located in different regions?