This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP map load balancer to custom port

Posted on 11-12-2023 02:03 AM
her_I_am
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM
I'm trying to point my external load balancer to backend runs on port 4440, but I don't know what's missing tho the health check works fine.

And accessing the service from inside the managed instance(using wget) is working.

when I try to access the page using the load-balancer IP I'm getting a text says "stream timeout" and I'm allowing all traffic from LB IP.

So, what is that I'm missing here? I added a health check for the port that service running at and it's working.

firewall.pnghealth_check.pnginstance_group.pngloadbalancer.pngresponse.pnglb-allow-fw.png

Solved Solved
1 6 1,741
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
her_I_am
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

The issue was caused because I was using Regional external Application Load Balancer when I switched to Global external Application Load Balancer it was fixed/

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @her_I_am ,

Upon checking the details that you've provided, it seems to me that your backends were healthy. 

@her_I_am wrote:

when I try to access the page using the load-balancer IP I'm getting a text says "stream timeout" and I'm allowing all traffic from LB IP.

The VPC firewall rules will have no effect on the Load Balancer IP as these  rules are associated with the instances within your VPC, and they control the traffic to and from those instances.

Please refer to this documentation regarding how to correctly setup an external load balancer.

Jump to Solution

Posted on --/--/---- --:-- AM
dar10
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

@her_I_am Did you create Firewall Rules to Allow Traffic and Health Checks to Backend Services? The GFE use the following CIDRs and you need to allow ingress tcp:80 traffic from these CIDRs to your backends.

  • 35.191.0.0/16
  • 130.211.0.0/22
Jump to Solution

Posted on --/--/---- --:-- AM
her_I_am
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

The issue was caused because I was using Regional external Application Load Balancer when I switched to Global external Application Load Balancer it was fixed/

Jump to Solution

Posted on --/--/---- --:-- AM
abooij
Bronze 1
Bronze 1
In response to her_I_am
Reply posted on --/--/---- --:-- AM

Hey, I encountered the same error, with a pretty similar setup. Main difference being that I have the backend configured as a NEG containing a single Pod in a single GKE cluster.

Unfortunately I can't use the Global external Application Load Balancer. So instead I'm trying to stick with the Regional one.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
abooij
Bronze 1
Bronze 1
In response to abooij
Reply posted on --/--/---- --:-- AM

OK I managed to figure this out myself, so nevermind me. The issue is that for Regional external Application Load Balancers specifically, the firewall rule additionally needs to allow traffic from the proxy-only subnet associated with it. Actually the GCP docs say this: "Regional external Application Load Balancers require an additional firewall rule to allow traffic from the proxy-only subnet to reach the backends.".

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dar10
Bronze 5
Bronze 5
In response to abooij
Reply posted on --/--/---- --:-- AM

Yes, this is well documented in the architecture of this type of ALB (figure 5-55) of my book

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all