堆栈内存溢出
  简体   繁体   English

谷歌云 HTTP 没有外部负载均衡器健康检查失败 IP

[英]Google Cloud HTTP Load Balancer Health Check Fails Without An External IP

 原文  2018-06-11 10:24:15       google-cloud-platform/ load-balancing

问题描述

Scenario: I have a Google Compute Engine instance exposing a web application via HTTP port 80 and I can access it directly using an external IP address.场景:我有一个 Google Compute Engine 实例通过 HTTP 端口 80 公开一个 web 应用程序,我可以使用外部 IP 地址直接访问它。

Then, I added a HTTP load balancer with a health check and afterwards, I could access the web application via the load balancer without any problem.然后,我添加了一个带有健康检查的 HTTP 负载均衡器,之后,我可以通过负载均衡器毫无问题地访问 web 应用程序。

Now, if I remove the external IP address of the compute instance, the health check of the load balancer starts failing.现在,如果我删除计算实例的外部 IP 地址,负载均衡器的健康检查开始失败。 I read [1] and added a firewall rule to allow health check probes coming from addresses in the ranges 130.211.0.0/22 and 35.191.0.0/16 but still the health check is failing.我阅读了 [1] 并添加了一条防火墙规则以允许来自 130.211.0.0/22 和 35.191.0.0/16 范围内的地址的健康检查探测,但健康检查仍然失败。

If I add the external IP address back to the compute instance, health check becomes active.如果我将外部 IP 地址添加回计算实例,运行状况检查将变为活动状态。 What I require here is to remove the public IP address of the compute instance and only expose the load balancer IP address to the inte.net.我这里要求的是去掉计算实例的公共IP地址,只把负载均衡器IP地址暴露给inte.net。

Question: Is it mandatory to have an external IP address on Google Cloud Compute Engine Instances for routing traffic via a Google Cloud HTTP load balancer?问题:是否必须在 Google Cloud Compute Engine 实例上有一个外部地址 IP 才能通过 Google Cloud HTTP 负载均衡器路由流量? If not, may I know how to route HTTP traffic to compute instances using a HTTP load balancer without having external IP address on the compute instances?如果没有,我可以知道如何使用 HTTP 负载均衡器将 HTTP 流量路由到计算实例,而计算实例上没有外部 IP 地址吗? Appreciate your thoughts on this.感谢您对此的想法。

[1] https://cloud.google.com/compute/docs/load-balancing/health-checks [1] https://cloud.google.com/compute/docs/load-balancing/health-checks

4 个解决方案

解决方案1
 3  2018-06-13 05:42:03

I contacted Google Cloud support team on this matter and found that external IP addresses are required for routing HTTP traffic from the HTTP load balancer to the Compute Engine instances.我就此事联系了 Google Cloud 支持团队,发现需要外部 IP 地址才能将 HTTP 流量从 HTTP 负载均衡器路由到 Compute Engine 实例。

The only possible solution here might be to apply firewall rules and block direct access to VMs according to the current design.此处唯一可能的解决方案可能是根据当前设计应用防火墙规则并阻止对 VM 的直接访问。

解决方案2
 2  2018-06-28 15:45:16

As per the public documentation :根据公开文件

HTTP(S) load balancing makes use of the targets' internal IPs, not their external IPs. HTTP(S) 负载平衡使用目标的内部 IP,而不是它们的外部 IP。

Therefore, you do NOT need the external IP .因此,您不需要外部 IP Actually that section explains how to remove the external IPs of the backends behind the load balancer while keeping at least one instance in the same network with a external IP.实际上,该部分解释了如何删除负载均衡器后面后端的外部 IP,同时将至少一个实例保留在具有外部 IP 的同一网络中。 This helps you to SSH the instance with external IP and then SSH from that instance to the load-balanced instances via its internal IP.这有助于您使用外部 IP SSH 实例,然后通过其内部 IP 从该实例 SSH 到负载平衡的实例。

This scenario should work with the HTTP(S) load balancer (Layer 7).此方案应与 HTTP(S) 负载平衡器(第 7 层)配合使用。 If you are using the network load balancer (Layer 3), then you need the external IP and you need to allow health check probes not only from 35.191.0.0/16 but also from 209.85.152.0/22 and 209.85.204.0/22 as explained here .如果您使用的是网络负载均衡器(第 3 层),那么您需要外部 IP,并且您不仅需要允许来自 35.191.0.0/16 的健康检查探测,还需要允许来自 209.85.152.0/22 和 209.85.204.0/22 的健康检查探测在这里解释。

解决方案3
 0  2019-06-05 15:40:27

The VMs behind the load balancer do not need public IP addresses.负载均衡器后面的 VM不需要公共 IP 地址。 I have a setup running without public IP addresses on the backend, and I opened up the firewall rules from the load balancer addresses for health checks.我在后端运行了一个没有公共 IP 地址的设置,我从负载均衡器地址打开了防火墙规则以进行健康检查。

解决方案4
 0  2022-10-09 17:08:19

The answer is no, it is not required to have external IP address on Google Cloud Compute Engine Instances for routing traffic via a Google Cloud HTTP load balancer as long as there is a firewall rule to allow traffic from the load balancers to your VM instances in particular for health check.答案是否定的,只要防火墙规则允许来自负载均衡器的流量到您的特别适用于健康检查。 See example architecture: https://cloud.google.com/architecture/building-inte.net-connectivity-for-private-vms请参阅示例架构: https://cloud.google.com/architecture/building-inte.net-connectivity-for-private-vms

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 http负载均衡器和运行状况检查 - http load balancer and health check Google Cloud 未在负载均衡器运行状况检查中应用 BackendConfig - Google Cloud not Applying the BackendConfig on the Load Balancer Health Check 如何将Google Cloud Load Balancer外部IP转发到域? - How to forward Google Cloud Load Balancer External IP to Domain? 带有外部IP的Google Container Engine,没有负载均衡器 - Google Container Engine with external IP, without load balancer Google Cloud HTTP 负载均衡器运行状况检查发送的请求过多? - Google Cloud HTTP Load Balancer health checks sends too many requests? Google Cloud kubernetes负载平衡器,后端的运行状况检查不起作用 - Google cloud kubernetes load balancer, health check on the backend isn't working Google云端:运行状况检查不会从UDP内部负载均衡器中删除失败的实例 - Google Cloud: Health Check is not removing failed instance from UDP Internal Load Balancer Google Cloud TCP负载均衡器转发IP - Google Cloud TCP Load Balancer forward ip Google Cloud Load Balancer IP未重定向 - Google Cloud Load Balancer IP Not Redirecting 带有外部服务器的 Google 云负载平衡器 - Google cloud load balancer with external server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM