Solved: DIRECT VPC for cloud run

deepaksingh · 06-18-2024 08:08 AM

I'm encountering a minor issue. I'm using a direct VPC connection between Cloud Run and MongoDB. However, when I increase the instances for Cloud Run, I'm starting to experience timeout errors in my services. Currently, I'm using a /17 subnet for my direct VPC, so I don't believe the issue is related to that. Are there any other potential issues that could be causing this?

deepaksingh

Hi @knet , the issue has been resolved, and I appreciate your adjustments on your end. Upon reviewing our setup, we identified that the mistake was using a network tag for our firewall rule instead of a subnet when configuring for direct VPC connections. To address this, we updated the firewall rule to utilize the subnet IP range as the "source filter" instead of the network tag. Initially, we didn't consider the firewall as the cause because some service instances connected successfully via direct VPC despite network tags potentially not being supported in ingress rules for direct VPC connections

View solution in original post

deepaksingh

@knet is there any way this could be checked ?

knet

I don't know why this would happen, but I forwarded this to our networking eng team in case this is an issue we weren't aware of. Hopefully this is transient.

deepaksingh

Sure, please let me know once you figure out something.

rajatSharma96

@knet Is there any solution to this problem. Getting the same issue in our setup too.

rajatSharma96

@knet , Getting the same issue in my setup too.

Akshat01

We faced a similar issue recently. Switched from Serverless VPC connector to DirectVPC for connecting to our database (which is hosted on a VM in the same VPC) - after this switch we face a lot of connection errors while scaling up instances of our cloudrun service. For eg. if we scale up from 1 to 10 instances, around 5 instances fail to start because of DB connection errors.

knet

Thank you everyone for chiming in here. Our engineering team is aware and working on resolving this issue.

knet

Hi everyone, our engineering team has told me that they need to look at some projects experiencing these issues, this might be a different issue than they thought. If you have a support package, please file a support ticket; if not, could you please send me a private message with your project number and the name of the service experiencing these issues?

deepaksingh

@kent

Thank you for the update. I don't have a support package, so I'll send you a private message with the project number and service name. Looking forward to helping resolve these issues.

knet

This issue was fixed last week; let me know if you still experience problems.

deepaksingh

Hi @knet , the issue has been resolved, and I appreciate your adjustments on your end. Upon reviewing our setup, we identified that the mistake was using a network tag for our firewall rule instead of a subnet when configuring for direct VPC connections. To address this, we updated the firewall rule to utilize the subnet IP range as the "source filter" instead of the network tag. Initially, we didn't consider the firewall as the cause because some service instances connected successfully via direct VPC despite network tags potentially not being supported in ingress rules for direct VPC connections

kata_dev

Hi @deepaksingh , I'm facing a similar issue. It might be caused by incorrect firewall settings. If possible, could you please tell me in detail how you changed the firewall configuration?