This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Google Cloud Nat One rule needs more IP addresses

Posted on 07-31-2024 08:35 AM
Abdellatif051
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I have a Cloud NAT with this config (fake adresses):

  • Source subnets & IP ranges: All subnets' primary and secondary IP ranges
  • Cloud NAT IP addresses: Manual: 203.0.113.30, 203.0.113.40

    I added a customized rule 1:
  • Match: 198.51.100.20/30
  • source_nat_active_ips: 203.0.113.20All network service tier are premium.


After I added this custom rule I have a status alert: Rule needs one more IP address.

There is no mention in the documentation that requires us to add multiple addresses in a single cloud nat rule.

Alert screenshot: 
Screenshot 2024-07-31 at 17.22.26.png

 

Architecture screenshot:
Screenshot 2024-07-31 at 17.15.54.png

Is that normal ?

Has anyone had this problem before?

 



1 2 807
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
diannemcm
Staff
Reply posted on --/--/---- --:-- AM

Hi @Abdellatif051 ,

Welcome to Google Cloud Community!

Sharing with you this documentation that illustrates the steps on how to create NAT rules. I replicated on cloud console and it shows below result:

Screenshot 2024-08-02 11.33.06 PM.png

Disclaimer: Policy restricts IP address display.

Note that: 

  • NAT IP addresses across NAT rules must not overlap.
  • A rule must either have a non-empty Active or non-empty Drain IP address. If the rule has an empty Active IP address, new connections that match the NAT rule are dropped. See NAT rules specifications

I hope the above information is helpful.

Posted on --/--/---- --:-- AM
Abdellatif051
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hello @diannemcm 

Thank you for your response !

- All ip addresses across my NAT rules are not overlapped.

- I do not have any drained or an empty active IP address.

I created the same resources in 2 personal Google Cloud Projects and it works without any warning.

This warning is only displayed in my client google cloud organization.

After some modification I noticed that is related to Port allocation:

- Minimum ports per VM instance is below 2048 => Warning not displayed.

- Equal or greater than 2048 => Warning displayed.

Depending on traffic we need 2048 as Minimum ports per VM instance, and all our applications are in cloud run (Traffic routing: route all traffic to the VPC)

 

I searched all the documentation and I did not find a relationship between NAT port allocation and custom rule.

Did i miss something ?

Top Labels in this Space
Top Solution Authors
View all