GCP Cloud - Ingress High Availability
Follow

Overview

The network load balancer that can be deployed in the GCP Cloud fits the architecture and features we are looking for. More details can be found at this link for those interested. Internal TCP/UDP Load Balancing overview | Google Cloud

Important Notes:

In GCP, to process both tcp and udp flows, one needs to configure 2 sperate load balancer types. One would be to process TCP type flows and the other would be processing the UDP type flows. Even though they would have two separate front end IPs, users would be able to set up the exact same forwarding rule for the same prefix to 2 different LB types, i.e.

FW1: 192.168.0.0/16 via TCP LB’s IP
FW2: 192.168.0.0/16 via UDP LB’s IP.

The order of configuring the components of the load balancing service is as follows:

```
NF ERs, at least one per AZ
```

Firewall Rules to allow traffic and health checks to Backend ERs

```
Unmanaged Instance Groups, one per AZ
```
```
Health Checks
```
```
TCP Load Balancer
```
```
UDP Load Balancer
```

The source IP address for Load Balancer Health Check Probes is sourced from the below subnets.

35.191.0.0/16
130.211.0.0/22

The default ufw setup blocks the load balancer's inbound request and the health-check port is only available to the machine itself.

The command "sudo ufw allow from (Load balancer IP or subnet/CIDR) proto tcp to any port 8081" needs to be run in order to allow health check probes on the router host for the load balancer.

sudo ufw allow from 130.211.0.0/22 proto tcp to any port 8081
sudo ufw allow from 35.191.0.0/16 proto tcp to any port 8081

FQDN Based Service

Please see the DNS Resolution Section in the Ingress Cloud HA Article for more details

Configuration Steps:

Log into the GCP Console.
Navigate to Compute Engine → Instance Groups and click on “Create Instance Group”
Select “New unmanaged instance group“ and fill in the details
Repeat the step above for every AZ that is required.
Navigate to Compute Engine → Health Checks and click on “Create a health check”
Fill in the health check details and click on “Create”
Navigate to Network services → Load balancing
Click on “Create Load Balancer”
Click on “Start Configuration” under TCP Load Balancing”
Check “Only between my VMs” and “Single region only”. Then, click on “Continue”
Fill in the LB details along with the Backend Service configuration
Switch to the Frontend configuration, fill in all the details, and then click on “Create”
Repeat the load balancing steps for the UDP Load Balancer
Or assuming that you are still in the Load Balancing menu, then click on “Create Load Balancer”
Click on “Start Configuration” under UDP Load Balancing”
Check “Only between my VMs”, and then click on “Continue”
Fill in the LB details along with the Backend Service configuration
Switch to the Frontend configuration, fill in all the details, and then click on “Create”
Status after both are configured successfully
Configure forwarding rules to route the traffic to Load Balancers
Navigate to VPC network → Routes
Click on “Create Route” and fill in all the details.
Select TCP Type as "Forwarding rule name" and click on “Create”
Repeat the above step for the same route but select the UDP Type as "Forwarding rule name"
Repeat the above steps for all desired routes
Done!