This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Step 4.3 of the Command line provisioning document states: 'Create a network IP range with a CIDR length of /28. This range is required and is used by Apigee for troubleshooting purposes and cannot be customized or changed.'
Is this range used for troubleshooting I would be performing myself? Or is it used by Google support?
Is it one /28 per Apigee Org or per Apigee Instance?
I can specify a /22 for a new Apigee Instance but I cannot specify the /28. How does a new Apigee Instance identify the /28 to be used?
Recently (Jan, 2022), Apigee introduced a change in the network configuration to reduce the number of IPs required from the customer to manage the runtime instances. As part of that, customer can specify /22 range explicitly while creating an instance. However, we are still allocating an additional /28 range implicitly from any unassigned customer ranges for our internal usage, during the creation of every Apigee instance.
Due to multiple requests, we are exploring ways for the customer to pass /28 range along with /22, so that all IP ranges will be explicit. (No external ETA on this feature yet)
It is to be noted that even before this change (pre Jan, 2022), Apigee was using a /28 range from the larger block (like /16 to /20) customers were allocating to Apigee.
Note: In addition to the /22 range that is created, Apigee requires a non-overlapping, available /28 CIDR range. You created this /28 range in the previous step, Configure service networking. This /28 range is used by Apigee to access the instance for troubleshooting purposes and cannot be customized or changed. See also Creating instances.
Recently (Jan, 2022), Apigee introduced a change in the network configuration to reduce the number of IPs required from the customer to manage the runtime instances. As part of that, customer can specify /22 range explicitly while creating an instance. However, we are still allocating an additional /28 range implicitly from any unassigned customer ranges for our internal usage, during the creation of every Apigee instance.
Due to multiple requests, we are exploring ways for the customer to pass /28 range along with /22, so that all IP ranges will be explicit. (No external ETA on this feature yet)
It is to be noted that even before this change (pre Jan, 2022), Apigee was using a /28 range from the larger block (like /16 to /20) customers were allocating to Apigee.
Note: In addition to the /22 range that is created, Apigee requires a non-overlapping, available /28 CIDR range. You created this /28 range in the previous step, Configure service networking. This /28 range is used by Apigee to access the instance for troubleshooting purposes and cannot be customized or changed. See also Creating instances.
May I confirm we would not expect to see network traffic to or from the /28 range in normal operation? i.e. Typical northbound/southbound traffic will utilize IPs within the /22 range
That is true for (PAID) Apigee instances you should see the northbound endpoint and the southbound source IP for internal traffic coming out of the /22 CIDR block you specified.
No. As we mentioned, the "/28" range for the paid orgs will be used for internal usage. So, they won't show up in the imported routes. As @strebel mentioned, only "/22" will be seen in the imported routes.
So if I create two /22 IP ranges and two /28 ranges associated with one peering network and then create two (paid) Apigee X Organisations pointing to the same peering network I can specify a /22 for the runtime instance in each org but I'll never know which /28 is used by which org. Would I only need one /28 in this scenario as both orgs may be able to use the same one without conflict?
Yes, that is the problem we are trying to solve internally. Sooner (by Q2 approx), we will be able to provide an option for the customers to pass both /22 & /28 while creating the instances, so that it will be clear.
You cannot share /28 with multiple instances / orgs.
LinkedIn
Twitter
