How to end network traffic in a stateless manner

fdr · 10-13-2022 10:18 AM

I would like to be able to terminate all TCP sessions to a GCP VM in a few seconds, i.e. drop established connections, and thus the stateful firewall rules do not do the job.

I am able to do this on AWS (via the NACL feature) and Azure (via a null route). On GCP I am able to do it with IPv4 by use of address aliases, which is quite a bit different than the other implementations, but seems to work. However, I don't see a viable way to achieve this if using IPv6. Is there a way?

ErnestoC

Can you add more details about the application you are trying to set up involving this requirement? There is no mention of IPv6 addresses being supported for IP range aliases. Depending on more details, there could be other potential solutions.

fdr

Well, I'm not trying to set up applications, I'm writing software. I'd like to fence a server so that it cannot communicate with others under some situations.

ErnestoC

For IPv6 support in IP range aliases, you would have to create a Feature Request in Google’s issue tracker for Compute Engine. Keep in mind that there is no ETA for Feature Requests. However, the higher the amount of users requesting this feature, the more it will be considered by product teams for release.

fdr

I could accept some other solution: the alias approach is kinda weird, but it was the only option I could find. The abstract problem is cutting off stateless network traffic, by whatever means. Instance shutdown is contingent on too much working (e.g. host server).