从 App Engine 到 Cloud SQL 的流量是通过互联网还是通过 Google 内部网络传输?
[英]Does traffic from App Engine to Cloud SQL travel over the internet or on Google internal network?
问题描述
We have this discussion in our office and can not come to a conclusion.
我们办公室有这个讨论,无法得出结论。 So I am reaching out here for some advice.所以我在这里寻求一些建议。
We have a Google Cloud SQL running with no public IP.我们有一个谷歌云 SQL 运行,没有公共 IP。 Google App engine from different App Engine project connect to this single cloud SQL by authorizing their service account.来自不同 App Engine 项目的 Google App 引擎通过授权他们的服务帐户连接到这个单一的云 SQL。
There are no VPC setup between the projects.项目之间没有 VPC 设置。 The apps are on google app engine standard environment.这些应用程序位于谷歌应用引擎标准环境中。 The instance's private IP is not used in the app projects.应用项目中未使用实例的私有 IP。
The connections between the projects are made using the tutorial found here项目之间的连接是使用此处找到的教程建立的
https://cloud.google.com/sql/docs/mysql/connect-app-engine https://cloud.google.com/sql/docs/mysql/connect-app-engine
creating an connection string as创建一个连接字符串为
mysql+pymysql://<db_user>:<db_pass>@/<db_name>?unix_socket=/cloudsql/<cloud_sql_instance_name>
The question is how does the traffic flow from other App Engine projects to this Cloud SQL instance?问题是流量如何从其他 App Engine 项目流向此 Cloud SQL 实例?
Does the connect handshake go via the internet (ie outside Google's Network) or does google handles the traffic and routes it internally without the request ever going to the internet?连接握手 go 是通过互联网(即谷歌网络之外)还是谷歌在没有请求进入互联网的情况下在内部处理流量和路由?
It would be a great help if any one can help answer these questions.如果有人可以帮助回答这些问题,那将是一个很大的帮助。
3 个解决方案
解决方案1
1 2019-11-11 05:09:49
If you have configured your Cloud SQL to use a Private IP address then connectivity occurs using VPC Network Peering and your communication from your Google App Engine (running inside Google and VPC connected) to your managed Cloud SQL (running on a separated VPC Network) is all internal within Google using VPC. If you have configured your Cloud SQL to use a Private IP address then connectivity occurs using VPC Network Peering and your communication from your Google App Engine (running inside Google and VPC connected) to your managed Cloud SQL (running on a separated VPC Network) is谷歌内部使用 VPC。
Details on this can be found in the article here:可以在此处的文章中找到有关此内容的详细信息:
解决方案2
1 已采纳 2019-11-12 02:37:46
The answer to this actually varies depending on which version of App Engine you are using.这个问题的答案实际上取决于您使用的 App Engine 版本。
On older versions of App Engine Standard, the /cloudsql/ unix socket connected over an internal network directly to your instance.在旧版本的 App Engine Standard 上, /cloudsql/ unix 套接字通过内部网络直接连接到您的实例。
On more recent versions of App Engine Standard, it uses a version of the Cloud SQL proxy to authenticate your connection to the instance via it's public IP.在 App Engine Standard 的更新版本中,它使用 Cloud SQL 代理版本来验证您通过其公共 IP 与实例的连接。 This is why the Connecting from App Engine page states your Cloud SQL instance must have a public IP.这就是“从 App Engine 连接”页面指出您的云 SQL 实例必须具有公共 IP 的原因。
解决方案3
0 2019-11-11 15:23:09
The connection from the App Engine Standard to the Cloud SQL instance it is made over the internet.从 App Engine 标准到 Cloud SQL 实例的连接是通过互联网建立的。 There are more internal services between the App Engine and the Cloud SQL, but the calls are not made to the private IP of the instance, by default. App Engine 和 Cloud SQL 之间还有更多内部服务,但默认情况下,不会对实例的私有 IP 进行调用。
If you look in the readme of the connector's repository you can see that you can use almost the same method to connect to the Cloud SQL instance from your local env.如果您查看连接器存储库的自述文件,您会发现您可以使用几乎相同的方法从本地环境连接到 Cloud SQL 实例。 That might be a clue that things happen on the internet.这可能是互联网上发生的事情的线索。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.