According to Alibaba Cloud EipAddress Allocation.
An available EIP is randomly allocated in the specified region after this API is called. EIP supports ICMP, TCP, and UDP protocols, but does not support IGMP and SCTP protocols.
I create an EipAddress on Alibaba Cloud VPC using below mentioned Request code:
https://vpc.aliyuncs.com/?Action=AllocateEipAddress
&RegionId=cn-beijing
&CommonParameters
How I can know which IP is assigned to my vpc.
If you want to know which IP address is created try this API call.
https://vpc.aliyuncs.com/?Action=DescribePublicIpAddress
&RegionId=cn-beijing
&<CommonParameters>
Here is sample response.
{
“RequestId”:” 365F4154-92F6-4AE4-92F8-7FF34B540710”,
“Code”:200,
“Success”:”true/false”,
“PublicIpAddress”:[
“110.11.1.0/24”
],
“RegionId”:”cn-beijing”,
“PageNumber”:1,
“PageSize”:100,
“TotalCount”:1000
}
From documentation https://www.alibabacloud.com/help/doc-detail/65592.htm?spm=a2c63.p38356.b99.76.667b30a6zlzLJZ
You can check which IP address is assigned by calling the following API Request:
Request:
https://vpc.aliyuncs.com/?Action=DescribePublicIpAddress
&RegionId=cn-beijing
Please replace your RegionID if you are using it in a different region.
The Action DescribePublicIpAddress is used to query the IP address range in a specified region.
Response:
{
“RequestId”:” 123425345345252”,
“Code”:200,
“Success”:”true”,
“PublicIpAddress”:[
“111.10.1.0/24”
],
“RegionId”:”cn-beijing”,
}
Related
I was starting with the Google Cloud Platform's microservice demo. And I was curious how gRPC stubs work when the services are deployed in containers.
As far as my understanding goes, the container of a particular service are addressed by the Service IP specified in the YAML configuration file. So the gRPC server of a service must listen at the service IP? But I came across the following snippet of code:
l, err := net.Listen("tcp", fmt.Sprintf(":%s", port))
if err != nil {
log.Fatal(err)
}
I am wondering how does the server listen to an address without an IP?
:{port} isn't an "address without an IP".
The documentation for Listen includes "if the host in the address parameter is empty or a literal unspecified IP address, Listen listens on all available unicast and anycast IP addresses of the local system".
So, in this case, without a host address, the effective address would be 0.0.0.0 which corresponds to all interfaces. Corollary a common mistake people make when using containers is to bind their code to localhost (127.0.0.1) which cannot be accessed from outside the container.
Using 0.0.0.0 is a common (good) practice, particularly when using containers, as it effectively delegates address binding to the container runtime.
So, your app runs on {port} on all interfaces within the container. The container runtime then binds (one of more of) these interfaces to the host's interface(s) and your e.g. client code connects to the host's IP address.
When your container is being managed by Kubernetes, Kubernetes assigns IP address(es) to the containers running your app and these are often exposed to other services using a Kubernetes Service resource which not only has an IP address but also a cluster DNS.
The Kubernetes YAML probably specifies a Service DNS.
Kubernetes resolves requests to the DNS name to a selected container (IP and port)
The container runtime routes incoming requests on the host's port to the container's port
Your gRPC server will accept traffic from the container runtime on any interface that's on the {port} that you've defined it to net.Listen on.
I have a Go service, deployed on Heroku, which pulls the IPv4 address from the request header successfully.
ip := net.ParseIP(strings.Split(r.Header.Get("X-Forwarded-For"), ",")[0]).String()
I have deployed the identical code as a service to Google Cloud, and the IP addresses are frequently IPv6 in about 25% of the time. After examining the full Request Header, there is no IPv4 address available anywhere, only IPv6.
Heroku's Request Header X-Forwarded-For ALWAYS contains the IPv4 address, yet Google Cloud doesn't. Does anyone know a way to force the IPv4 format for Request Headers in Google Cloud?
Clients can connect via IPv4 or IPv6 but not both. Only one address family will be used by the client and only one IP address will be recorded by the proxy.
Additional information:
Heroku does not support IPv6 so clients are forced to connect using IPv4. reference
If you only want IPv4 connections, do not enable the IPv6 frontends. However, I recommend using IPv6 where possible.
BGP group is used for communication between the Virtual Border Router (VBR) and the local IDC in Alibaba cloud VPC. I create a BGP Group using below mentioned command:
https://vpc.aliyuncs.com/?Action=CreateBgpGroup
&RegionId=cn-beijing
&PeerAsn=2010
&RouterId=vbr-2zeff11o2sqhnp1u7ci93
&CommonParameters
But how can I get Return Parameters (i.e. RequestID & BgpGroupID)?
As per the documentation https://www.alibabacloud.com/help/doc-detail/63231.htm?spm=a2c63.p38356.b99.103.4c0559d8LKgNw6 you should have received a response in XML or JSON format.
What was your response?
I am trying to implement https support for my GCP VM. For the purpose, I created all the load balancing components i.e. instance group, health check, backend service, url map & target proxy. All were created without error.
However now when I am creating a global forwarding rule for the final step, I am getting the following error:
ERROR: (gcloud.compute.forwarding-rules.create) Could not fetch
resource:
- Invalid value for field 'resource.IPAddress': '35.xxx.xxx.xxx'. Invalid IP address specified.
I am using the following command:
gcloud compute forwarding-rules create fa-global-fwding-rule-1 --target-https-proxy=fa-https-proxy-1 --ports=443 --global --address=35.xxx.xxx.xxx
(IP add digits masked with xxx)
What am I missing?
I already have a working VM instance through http where I had promoted its ephemeral address to a static address (above is the same address 35.xxx.xxx.xxx)
Also once I implement https support, I want the http connect to continue working as well so that my existing apis are not disturbed until I move them to https
Any advice/help?
GCPs Load Balancer does not check to see if the static IP you picked was regional or global. If you accidentally reserved a "regional" IP instead of a "global" IP, it throws that silly error:
Invalid value for field 'resource.IPAddress': '35.xxx.xxx.xxx'.
Invalid IP address specified.
I don’t find any issues with your command, this kind of error is mostly observed due to IP conflict if the specified IP address is in use or not available. The Forwarding Rules map the IP address for your load balancer to the Target Proxy that will handle the requests.So first you will need to create your IP address though. Using this command:
$gcloud compute addresses create my-address --global
And then create a forwarding rule. You will need a global, rather than regional, IP address for your HTTPS load balancer. Using this command :
$gcloud compute forwarding-rules create my-https-forwarding-rule --global
--address 123.123.123.123 --ip-protocol TCP --port-range 443
--target-https-proxy my-https-proxy
Can you confirm if you are using a global or a regional IP address?
For HTTP, You need to create a totally separate Target HTTP Proxy and Forwarding Rule for HTTP. You essentially need to have two load balancers to handle the traffic, and then actually redirect users in your application. Notice that we put the same IP address in for the HTTP Forwarding Rule. This makes it so that we can listen on port 80 and on port 443 at our IP address.
I'm using a AWS EC2 instances on VPC with an Internet Gateway and I need to connect my companies network which only accept connections from specific IP addresses(Firewall). The Outbound Traffic of my IP Address is the Internet gateway's IP Address. I have tried using a NAT Gateway, but the NAT Gateway Still uses an Internet Gateway.Is it possible to have Elastic IP for all outgoing traffic on AWS?
If you have as a destination a set of static IP addresses (the ones of your company), I solved the same by doing the following (based on this post):
Create a new subnet to host the NAT Gateway.
Create the NAT Gateway in the above subnet, and assign a new Elastic IP. This one will be our outgoing IP for hitting external APIs.
Create a route table for the NAT subnet. All outbound traffic (0.0.0.0/0) should be routed through the NAT Gateway. Assign the created subnet to use the new route table.
Modify the main route table (the one that handles all our EC2 instances requests), and add the IP(s) of the external API, setting its target to the NAT Gateway.
This way you can route any request to your company IPs through the NAT Gateway. All other requests are routed through the default Internet Gateway.