0

I am using Google Cloud Platform and have manually setup a NAT gateway to peer two networks A and B so that workloads in network A have a default gateway which routes packets into network B. The gateway is implemented as a managed instance group (MIG) where each instance has a primary interface in network A and a secondary interface in network B. An internal load balancer in network A is then configured as the default gateway to route packets to the MIG (as described here). The MIG instances themselves are using IPTables to route packets.

My question is how can I health check each instance of this MIG? There is no user-space application in the hot path, just the kernel routing packets. Testing I can route through any MIG instance to some endpoint in network B risks failing all MIG instances if the endpoint goes down. I could test making a TCP connection to each instance but it wouldn't really test the whole routing logic.

dippynark
  • 233
  • 2
  • 12
  • 1) Google's health check service is for HTTP services so you have to build your own health check service. 2) Your health check service needs to be more reliable than the NAT gateway. That is a challenge. 3) Your question does not have a simple answer that I can think of other than simply monitoring the NAT gateway VM instance(s) and setting up alerts that you manage. – John Hanley Dec 05 '21 at 16:28
  • Any specific reason for this kind of setting? You cannot use `VPC Peering`? With your current scenario I'm agree with John's 3 points. But did you consider using for example Grafana dashboard like [Iptables Montoring Dashboard](https://grafana.com/grafana/dashboards/13674) – PjoterS Dec 06 '21 at 11:23

0 Answers0