Re: IP based routing in load balancer

kumar_sunil_786 · 10-16-2024 10:45 PM

- I have two backends (backend-1 and backend-2) connected to a global application load balancer. I want to route requests from a specific organization's IP address (112.90.86.20) to backend-2, and all other traffic to backend-1.

- I have implement below but it is not working. Please provide me the solutions

defaultService: projects/project-id/global/backendServices/backend-1

name: ip-based-routing

routeRules:

- matchRules:

- headerMatches:

- exactMatch: 112.90.86.20

headerName: X-Forwarded-For

prefixMatch: /

priority: 1

routeAction:

weightedBackendServices:

- backendService: projects/project-id/global/backendServices/backend-2

kensan

Hi @kumar_sunil_786 ,

Welcome to Google Cloud Community!

The X-Forwarded-For header is designed to contain the original client IP address, which is typically utilized for logging and debugging. However, it cannot be used directly for making routing decisions in Google Cloud Load Balancing.

You can use firewall rules as a workaround, by setting up backend-1 as a primary route and denying the traffic from your organization's IP address. Then creating another firewall rule for backend-2 that only accepts traffic from that specific IP address. Also ensure that the priority of the firewall rule denying traffic to backend-1 is higher than that of the rule allowing traffic to backend-1. This way, the denial rule can effectively filter out traffic before any allowing rules are applied.

I hope the above information is helpful.

navneetgulati

Hey @kensan ,
But how will I be able to get the IP of the client if it is sent via load balancer? Doesn't GCP hide the client IP if it is sent through a Load Balancer?
@kumar_sunil_786 Were you able to figure out the solution?