This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP LB Health Check Probe is Failing

Posted on 09-20-2023 09:38 AM
khingwe
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have created an Unmmanged Instance group for testing that group has only one VM.

I have tried to create an external pass throughout TCP LB. With that, I want to create https based health probe. VM will accept HTTPS connection from other VM but with health check its failing,

The failure reason is that its received IP is configured in the forwarding rule as per the docs

 

 

 

 

gcloud compute health-checks create https test-health-check \
--project=testing \
--check-interval=10 \
--description="back_serv_lb"  \
--healthy-threshold=1 \
--port=443 \
--request-path="/Control/Ping" \
--timeout=5 \
--region=us-west1 \
--proxy-header=NONE \
--enable-logging \
--unhealthy-threshold=3 \
--port-name=t1

gcloud compute backend-services create test-lb-backend \
--load-balancing-scheme=EXTERNAL \
--protocol=TCP \
--health-checks=test-health-check \
--health-checks-region=us-west1 \
--region=us-west1 \
--port-name=t1

gcloud compute backend-services add-backend test-lb-backend \
--instance-group=test-instance-grp \
--instance-group-zone=us-west1-a \
--region=us-west1

gcloud compute forwarding-rules create test-lb-forwarding-rule-ipv4 \
--load-balancing-scheme=EXTERNAL \
--region=us-west1 \
--ports=443 \
--address=test-external-ip \
--backend-service=test-lb-backend \
--backend-service-region=us-west1

 

 

 

I have allowed all firewall rules as well in fact I have wide open firewall rules which can except paket from all.

The problem VM is receiving packets but instead of VM IP I am able to get the address which is public IP configured in the forwarding rule.

 

 

 

16:14:37.009627 IP 209.85.204.235.32768 > 34.82.153.7.10443: Flags [S], seq 4088963885, win 65535, options [mss 1412,sackOK,TS val 3670244615 ecr 0,nop,wscale 8], length 0

 

 

 

Why does it receive a public IP on that VM and the VM IP is a private IP so it will not respond to the request? 

 

As per the GCP documentation 

GCP LB sends its public IP to all backend VMs under an instance group. But I am using FreeBSD-based image deployment where during the image import I can not pass OS as freeBSD. So, os-gest-env should installed and create a proper route entry. If I can consume those packets can anyone help me out?

0 2 2,675
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
nestors
Staff
Reply posted on --/--/---- --:-- AM

It's not clear to me what you are trying to do, but one thing I see missing there is the Firewall rule in your backend vpc allowing for Health Checks when using External passthrough Network Load Balancers:

 

 

 

 

Posted on --/--/---- --:-- AM
khingwe
Bronze 1
Bronze 1
In response to nestors
Reply posted on --/--/---- --:-- AM

Hi @NES I am trying to create a TCP External passthrough LB. I have added the firewall rules as well but the health check probe is not passing.

I have capture the tcpdump and noticed that VM is receiving packets from from https://cloud.google.com/load-balancing/docs/health-checks#fw-netlb 

But it contains the public IP address which is configured in the forwarding rule.

Top Labels in this Space
Top Solution Authors
View all