3597769e8e
* support multiple groups per zone in compute-vm * fix ilb as next hop example |
||
|---|---|---|
| .. | ||
| assets | ||
| README.md | ||
| backend.tf.sample | ||
| diagram.png | ||
| gateways.tf | ||
| main.tf | ||
| outputs.tf | ||
| test_session.png | ||
| variables.tf | ||
| vms.tf | ||
| vpc-left.tf | ||
| vpc-right.tf | ||
README.md
Internal Load Balancer as Next Hop
This example bootstraps a minimal infrastructure for testing ILB as next hop, using simple Linux gateway VMS between two VPCs to emulate virtual appliances.
The following diagram shows the resources created by this example
Two ILBs are configured on the primary and secondary interfaces of gateway VMs with active health checks, but only a single one is used as next hop by default to simplify testing. The second (right-side) VPC has default routes that point to the gateway VMs, to also use the right-side ILB as next hop set the ilb_right_enable variable to true.
Testing
Since ILBs as next hops only forward TCP and UDP traffic, simple tests use curl on clients to send HTTP requests. To make this practical, test VMs on both VPCs have nginx pre-installed and active on port 80.
On the gateways, iftop is installed by default to quickly monitor traffic passing forwarded across VPCs.
Session affinity on the ILB backend services can be changed using gcloud compute backend-services update on each of the ILBs, or by setting the ilb_session_affinity variable to update both ILBs.
Simple /root/start.sh and /root/stop.sh scripts are pre-installed on both gateways to configure iptables so that health check requests are rejected and re-enabled, to quickly simulate removing instances from the ILB backends.
Some scenarios to test:
- short-lived connections with session affinity set to the default of
NONE, then toCLIENT_IP - long-lived connections, failing health checks on the active gateway while the connection is active
Useful commands (adjust names and addresses to match)
Create a large file on a destination VM (eg ilb-test-vm-right-1) to test long-running connections.
dd if=/dev/zero of=/var/www/html/test.txt bs=10M count=100 status=progress
Run curl from a source VM (eg ilb-test-vm-left-1) to send requests to a destination VM artifically slowing traffic.
curl -0 --output /dev/null --limit-rate 10k 10.0.1.3/test.txt
Monitor traffic from a source VM (eg ilb-test-vm-left-1) on the gateways.
iftop -n -F 10.0.0.3/32
Poll summary health status for a backend.
watch '\
gcloud compute backend-services get-health ilb-test-ilb-right \
--region europe-west1 \
--flatten status.healthStatus \
--format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" \
'
A sample testing session using tmux:
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| project_id | Existing project id. | string |
✓ | |
| ilb_right_enable | Route right to left traffic through ILB. | bool |
false |
|
| ilb_session_affinity | Session affinity configuration for ILBs. | string |
CLIENT_IP |
|
| ip_ranges | IP CIDR ranges used for VPC subnets. | map(string) |
... |
|
| prefix | Prefix used for resource names. | string |
ilb-test |
|
| project_create | Create project instead of using an existing one. | bool |
false |
|
| region | Region used for resources. | string |
europe-west1 |