search

gdg-x / hub

[DEPRECATED] API Data Hub for the Global GDG Community
https://hub.gdgx.io
Apache License 2.0
36 stars 19 forks source link

Additional firewall rules required for Google Cloud Load Balancing #106

Open Splaktar opened 7 years ago

Splaktar commented 7 years ago

Dear Google Cloud Platform customer,

We’re writing to inform you that as part of the Google Cloud Platform Geo expansion effort, we are expanding the IP ranges used for HTTP(S) Load Balancing, SSL Proxy and Network Load Balancing. Action is required on your part to add firewall rules allowing traffic to your load balanced instances from the new IP ranges.

If you use HTTP(S) Load Balancing or SSL Proxy:

Current behavior: Proxied traffic from the load balancer and the health check probes to your load balanced instances have source IP addresses in the range 130.211.0.0/22. Action required: We are introducing an additional range 35.191.0.0/16 for this purpose. You need to update your firewall rule to allow traffic from this new range (35.191.0.0/16) in addition to the current range (130.211.0.0/22). If you use Network Load Balancing:

Current behavior: You are not required to add firewall rules for Network LB health checks today Action required: We are introducing three new ranges for health checking: 209.85.152.0/22, 209.85.204.0/22, and 35.191.0.0/16. You need to ensure that your firewall allows traffic from 209.85.152.0/22, 209.85.204.0/22, and 35.191.0.0/16. The health check probes to your backend instances will come from one of these ranges. The following projects, associated with you, require updates to the firewall rules:

GDG-x Cloud (gdgx-cloud)

You have until Wednesday, January 31, 2018 to add the new firewall rule(s). After this one year period has elapsed, absence of the firewall rules described above will result in traffic failures. We will send out another reminder in a few months to ensure that you have completed the above required actions.

If you have any questions or concerns, please do not hesitate to contact Google Cloud Support or your Account Manager.

Splaktar commented 7 years ago

We had a TCP (Network) load balancer in place for use with our Redis cluster, but I could never get it to work. I've deleted it.

Splaktar commented 7 years ago

We also have a HTTPS load balancer setup for the Hub web server cluster. This used to be a 2 node cluster, but one of the VMs became corrupted a month or so ago. I wasn't able to recover it and had to delete it. I haven't had time to rebuild another GCE VM to replace that second node.

Hopefully as part of #100 we will no longer need to manage and configure our own HTTPS load balancer. Then this issue will no longer apply. Hopefully that happens before 1/31/18.