GCP Cloud - Ingress High Availability

Overview

The network load balancer that can be deployed in the GCP Cloud fits the architecture and features we are looking for. More details can be found at this link for those interested. Internal TCP/UDP Load Balancing overview  |  Google Cloud

Important Notes: 

In GCP, to process both tcp and udp flows, one needs to configure 2 sperate load balancer types. One would be to process TCP type flows and the other would be processing the UDP type flows. Even though they would have two separate front end IPs, users would be able to set up the exact same forwarding rule for the same prefix to 2 different LB types, i.e.

FW1: 192.168.0.0/16 via TCP LB’s IP
FW2: 192.168.0.0/16 via UDP LB’s IP.

The order of configuring the components of the load balancing service is as follows:

  1. NF ERs, at least one per AZ
  2. Firewall Rules to allow traffic and health checks to Backend ERs
  3. Unmanaged Instance Groups, one per AZ
  4. Health Checks
  5. TCP Load Balancer
  6. UDP Load Balancer
The source IP address for Load Balancer Health Check Probes is sourced from the below subnets.
35.191.0.0/16
130.211.0.0/22

The default ufw setup blocks the load balancer's inbound request and the health-check port is only available to the machine itself.

The command "sudo ufw allow from (Load balancer IP or subnet/CIDR) proto tcp to any port 8081" needs to be run in order to allow health check probes on the router host for the load balancer.

sudo ufw allow from 130.211.0.0/22 proto tcp to any port 8081
sudo ufw allow from 35.191.0.0/16 proto tcp to any port 8081

FQDN Based Service

Please see the  DNS Resolution Section in the Ingress Cloud HA Article for more details

Configuration Steps:

  1. Log into the GCP Console.

  2. Navigate to Compute Engine → Instance Groups and click on “Create Instance Group”

    5344c739-a8a4-4030-a44b-0b20e13f0262.png
  3. Select “New unmanaged instance group“ and fill in the details

    bb79512f-a700-4b6e-bfa1-118d5fad006d.png
  4. Repeat the step above for every AZ that is required.

  5. Navigate to Compute Engine → Health Checks and click on “Create a health check”

    151343f9-bb28-4a3e-adad-34e72bba0f46.png
  6. Fill in the health check details and click on “Create”

    b02b0188-1024-40b3-87c1-4dc13754609a.png
  7. Navigate to Network services → Load balancing

    4954728f-4e14-47c7-907c-a13c2ee89b38.png
  8. Click on “Create Load Balancer”

    f1381e60-112b-4851-8ede-748f6f6cca11.png
  9. Click on “Start Configuration” under TCP Load Balancing”

    75ff1e5e-2923-45f4-9640-265e0dd4d802.png
  10. Check “Only between my VMs” and “Single region only”. Then, click on “Continue”

    3ea8e50a-399e-46c3-90a2-eebada45685d.png
  11. Fill in the LB details along with the Backend Service configuration

    8f6ab1bc-feba-4001-8612-4f49672f056f.png
  12. Switch to the Frontend configuration, fill in all the details, and then click on “Create”

    704eadd7-a1ae-4292-a261-2f0149e4b099.png
  13. Repeat the load balancing steps for the UDP Load Balancer

  14. Or assuming that you are still in the Load Balancing menu, then click on “Create Load Balancer”

    552c69d1-910c-407b-8888-fe1b4c8dc4f4.png
  15. Click on “Start Configuration” under UDP Load Balancing”

    96d9a497-3624-4db5-b4c4-6fde645bd849.png
  16. Check “Only between my VMs”, and then click on “Continue”

    edcf1f0c-f07f-4e37-84b1-122ce75be02a.png
  17. Fill in the LB details along with the Backend Service configuration

    8ba36f61-076b-4aa7-909f-56fb07616d2b.png
  18. Switch to the Frontend configuration, fill in all the details, and then click on “Create”

    f01336ba-022a-4165-a1d6-4be7cfdddee5.png
  19. Status after both are configured successfully

    8838a32a-142d-4bd2-8369-16da8184de61.png
    ec8b4a71-114d-4e6d-a54b-a75b2d455db5.png
    cd34f8f7-8cc9-48e9-b93e-be9c052cecad.png
  20. Configure forwarding rules to route the traffic to Load Balancers

  21. Navigate to VPC network → Routes

    e985352f-8faa-4483-97bf-ce29f15957ca.png
  22. Click on “Create Route” and fill in all the details.

    9b0bb1d1-356a-4c85-be43-30bf4e28c347.png
  23. Select TCP Type as "Forwarding rule name" and click on “Create”

    3d0469c9-233e-4ebc-a607-428eb69656dc.png
  24. Repeat the above step for the same route but select the UDP Type as "Forwarding rule name"

    a95d71ee-157f-4691-8f12-9930796d85e7.png
  25. Repeat the above steps for all desired routes

  26. Done!

 

Was this article helpful?
1 out of 1 found this helpful