This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Problem with outgoing (egress) traffic in Google Cloud Job with NAT and static IP

Posted on 07-17-2024 10:09 AM
bill_bakas
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have written a service that requires a static IP for communication with an API. I followed Google's instructions here https://cloud.google.com/run/docs/configuring/static-outbound-ip, and indeed, the traffic is now routed from a fixed IP.

The problem is that I observe random connection timeouts each time, especially with the first requests to the external API. To make sure that the issue is not related to a network problem or an issue with the external API.

I reproduced the problem with a very small Docker image that makes only a GET request to a requestbin once per second. I still experienced the same behavior. When I remove the NAT and the requests come from random IPs, everything works fine.

I cannot find what is wrong and why it doesn't work correctly with NAT and static IP.

I want to route all outgoing traffic through a static IP.

 

1 2 709
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
diannemcm
Staff
Reply posted on --/--/---- --:-- AM

Hi @bill_bakas

Welcome to Google Cloud Community!

By default, a Cloud Run service connects to external endpoints on the internet using a dynamic IP address pool and note that Cloud NAT does not allow unsolicited inbound connections, the reason why you are experiencing connection timeouts.

If you want to use a static IP for your service, consider using Load Balancer for Serverless Apps, this page shows you how to create an external Application Load Balancer to route requests to serverless backends which includes Cloud Run service.

I hope the above information is helpful.

0 Likes

Posted on --/--/---- --:-- AM
Marc_Dillon
Platinum 1
Platinum 1
In response to diannemcm
Reply posted on --/--/---- --:-- AM

I'm trying to setup something that I think is similar. A cloud function that uses a static egress ip to access an external API that requires IP whitelisting. I've followed the instructions here:
https://cloud.google.com/functions/docs/networking/network-settings#associate-static-ip
But now when I test my function i get "upstream request timeout".

@diannemcm wrote:

note that Cloud NAT does not allow unsolicited inbound connections

Does this mean that the response from the API is not being received through the NAT, (if that sentence even makes sense, I'm a bit of a newb here), and thus isn't getting back to the cloud function? Is your load balancer link applicable in my case as well?

 

 

Top Solution Authors
View all