Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/google-cloud-platform/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Networking 如何允许GCE中的私有实例之间进行通信_Networking_Google Cloud Platform_Firewall_Google Vpc_Private Network - Fatal编程技术网
Fatal编程技术网
  • networking/
  • Networking 如何允许GCE中的私有实例之间进行通信

Networking 如何允许GCE中的私有实例之间进行通信

networking google-cloud-platform

Networking 如何允许GCE中的私有实例之间进行通信,networking,google-cloud-platform,firewall,google-vpc,private-network,Networking,Google Cloud Platform,Firewall,Google Vpc,Private Network,以下是用例: 不允许使用外部IP GCP项目存在自定义VPC 实例A有一个正在运行的应用程序 实例B被视为客户端 SQL实例C也在VPC上,并且只有内部IP 目标是让B向A发送HTTP请求,以便A向SQL实例C发送查询 在这种情况下,需要采取哪些联网步骤?(只有防火墙问题,因为所有实例都在同一网络上?如果是,允许使用哪些防火墙规则?) 如果GCP中的其他服务器在同一VPC上,为什么我们不能ping它们 多谢各位 VPS防火墙设置: [ { "allowed": [

以下是用例:

  • 不允许使用外部IP
  • GCP项目存在自定义VPC
  • 实例A有一个正在运行的应用程序
  • 实例B被视为客户端
  • SQL实例C也在VPC上,并且只有内部IP
目标是让B向A发送HTTP请求,以便A向SQL实例C发送查询

在这种情况下,需要采取哪些联网步骤?(只有防火墙问题,因为所有实例都在同一网络上?如果是,允许使用哪些防火墙规则?)

如果GCP中的其他服务器在同一VPC上,为什么我们不能ping它们

多谢各位

VPS防火墙设置:

[
{
  "allowed": [
    {
      "IPProtocol": "tcp",
      "ports": [
        "22"
      ]
    },
    {
      "IPProtocol": "tcp",
      "ports": [
        "3389"
      ]
    }
  ],
  "description": "Allow incoming traffic on IAP",
  "direction": "INGRESS",
  "disabled": false,
  "kind": "compute#firewall",
  "logConfig": {
    "enable": false
  },
  "name": "fw-allow-iap",
  "network": "https://www.googleapis.com/compute/v1/projects//global/networks/NETWORK_HERE",
  "priority": 1000,
  "selfLink": "https://www.googleapis.com/compute/v1/projects//global/firewalls/fw-allow-iap",
  "sourceRanges": [
    "35.235.240.0/20"
  ]
},
{
  "allowed": [
    {
      "IPProtocol": "tcp",
      "ports": [
        "80"
      ]
    }
  ],
  "description": "",
  "direction": "INGRESS",
  "disabled": false,
  "kind": "compute#firewall",
  "logConfig": {
    "enable": false
  },
  "name": "NETWORK_HERE-allow-http",
  "network": "https://www.googleapis.com/compute/v1/projects//global/networks/NETWORK_HERE",
  "priority": 1000,
  "selfLink": "https://www.googleapis.com/compute/v1/projects//global/firewalls/NETWORK_HERE-allow-http",
  "sourceRanges": [
    "0.0.0.0/0"
  ],
  "targetTags": [
    "http-server"
  ]
},
{
  "allowed": [
    {
      "IPProtocol": "tcp",
      "ports": [
        "443"
      ]
    }
  ],
  "direction": "INGRESS",
  "disabled": false,
  "kind": "compute#firewall",
  "logConfig": {
    "enable": false
  },
  "name": "NETWORK_HERE-allow-https",
  "network": "https://www.googleapis.com/compute/v1/projects//global/networks/NETWORK_HERE",
  "priority": 1000,
  "selfLink": "https://www.googleapis.com/compute/v1/projects//global/firewalls/NETWORK_HERE-allow-https",
  "sourceRanges": [
    "0.0.0.0/0"
  ],
  "targetTags": [
    "https-server"
  ]
}
]
实例B设置:(实例A也有相同的设置)

}

专有网络防火墙规则控制专有网络流量。默认情况下,如果操作系统内部防火墙允许,同一专有网络中的两台机器可以相互ping。用详细信息编辑您的问题。你的问题在配置细节上太模糊了。@JohnHanley所有的机器都在专有网络上,这不足以让你知道吗?试图从B ping机器A,但未成功。。我认为应该有一个防火墙规则吗?请阅读此链接的这一部分:
不要发布代码、数据、错误消息等的图像。
搜索引擎在读取图像时有困难。我甚至看不懂你的图片。@JohnHanley doneRegarding-ping:我看不到允许ICMP通信的规则。默认情况下,使用此规则创建专有网络(
默认允许icmp
)。有人把它删除了。在VPC内创建允许ICMP的规则。接下来,确定是否有内部操作系统防火墙,以及是否允许ICMP。 
{
"canIpForward": false,
"confidentialInstanceConfig": {
  "enableConfidentialCompute": false
},
"cpuPlatform": "Intel Haswell",
"deletionProtection": false,
"description": "",
"disks": [
  {
    "autoDelete": true,
    "boot": true,
    "deviceName": "instance-1",
    "diskSizeGb": "10",
    "guestOsFeatures": [
      {
        "type": "UEFI_COMPATIBLE"
      },
      {
        "type": "VIRTIO_SCSI_MULTIQUEUE"
      }
    ],
    "index": 0,
    "interface": "SCSI",
    "kind": "compute#attachedDisk",
    "licenses": [
      "projects/debian-cloud/global/licenses/debian-10-buster"
    ],
    "mode": "READ_WRITE",
    "source": "projects/PROJECT_ID/zones/europe-west1-b/disks/instance-1",
    "type": "PERSISTENT"
  }
],
"displayDevice": {
  "enableDisplay": false
},
"kind": "compute#instance",
"machineType": "projects/PROJECT_ID/zones/europe-west1-b/machineTypes/e2-micro",
"metadata": {
  "fingerprint": "S0UuYvDZ4Tg=",
  "kind": "compute#metadata"
},
"name": "instance-1",
"networkInterfaces": [
  {
    "kind": "compute#networkInterface",
    "name": "nic0",
    "network": "projects/PROJECT_ID/global/networks/NETWORK_HERE",
    "networkIP": "10.0.1.4",
    "subnetwork": "projects/PROJECT_ID/regions/europe-west1/subnetworks/SUBNET_HERE"
  }
],
"reservationAffinity": {
  "consumeReservationType": "ANY_RESERVATION"
},
"scheduling": {
  "automaticRestart": true,
  "onHostMaintenance": "MIGRATE",
  "preemptible": false
},
"selfLink": "projects/PROJECT_ID/zones/europe-west1-b/instances/instance-1",
"serviceAccounts": [
  {
    "email": "PROJECT_ID-compute@developer.gserviceaccount.com",
    "scopes": [
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring.write",
      "https://www.googleapis.com/auth/servicecontrol",
      "https://www.googleapis.com/auth/service.management.readonly",
      "https://www.googleapis.com/auth/trace.append"
    ]
  }
],
"shieldedInstanceConfig": {
  "enableIntegrityMonitoring": true,
  "enableSecureBoot": false,
  "enableVtpm": true
},
"shieldedInstanceIntegrityPolicy": {
  "updateAutoLearnPolicy": true
},
"startRestricted": false,
"status": "RUNNING",
"tags": {
  "items": [
    "http-server",
    "https-server"
  ]
},
"zone": "projects/PROJECT_ID/zones/europe-west1-b"