can I access nested VM gloabally in GCP

Question

I'm trying to use nested virtualization in Google Cloud Platform for hosting multiple web applications. but I'm confuse that if I can access these nested VM globally. I tried to google it but didn't find any good answer. Thank you.

@kasperd I mean if I host a apache server in nested VM then can I access apache application globally? accessing it by eg: 124.29.232.5:8484 — Mahmood Sanjrani, Dec 21 '17 at 12:32
Are you trying to use regional or global IP addresses? (Have you read documentation on what the difference is?) — kasperd, Dec 21 '17 at 12:36
Are you only trying to do HTTP/HTTPS traffic? Or do you also need to support more challenging protocols such as SSH? — kasperd, Dec 21 '17 at 12:45
@kasperd I only use HTTP/HTTPS traffic and doesn't need any thing else outside access. — Mahmood Sanjrani, Dec 21 '17 at 12:49

kasperd · Accepted Answer · 2017-12-21T13:08:44.037

3

Routing packets directly to nested VMs is not a standard feature of GCE. And if you attempted to build it by using existing features in "innovative" ways you are likely to hit the IP address quota by trying to allocate a separate external IP address to each nested VM.

A different approach

Instead of attempting to route packets directly to your nested VMs I recommend that you take a different approach.

On the intermediate VM which can be directly assigned an external IP address you can run a reverse proxy to support HTTP and HTTPS. This reverse proxy will use the hostname sent by the client to route the request to the correct nested VM.

Should the nested VMs need to establish outgoing connections you can have the intermediate VM configured to do NAT for connections from the nested VMs.

A word on reliability

If you are trying to build a highly reliable service you should expect individual intermediate VMs to occasionally be unavailable. So you should bring up more than one such intermediate VM for redundancy and load balance the traffic across those intermediate VMs using the HTTP load balancing or network load balancing provided by GCE.

Keep in mind that the health checks done by the GCE load balancing will not know about the nested VMs and thus will consider each intermediate VM to be either healthy or unhealthy even if a single of the nested VMs is unhealthy and the rest are unhealthy.

This means your proxy can receive a small amount of requests intended for a nested VM that is currently unhealthy, and you need to implement your own health checks such that you can route such requests to another intermediate VM.

edited Dec 21 '17 at 13:08

answered Dec 21 '17 at 13:03

kasperd

29,894
16
72
122

thank you @kasperd for suggestion. it will be great if you can provide doc or link which lead me to right direction because I don't know much about networking and virtualization. – Mahmood Sanjrani Dec 22 '17 at 09:25
actually I don't know how to make forward requests to nested VM. I'm using Ubuntu server as a host and windows as guest operating system. – Mahmood Sanjrani Dec 22 '17 at 14:58
@MahmoodSanjrani So you are running Windows on the nested VM and Ubuntu on the intermediate VM? I can't tell you how to configure networking on the Windows VM, but the default settings ought to work since it is on the nested VM. The network configuration on the Ubuntu machine will depend on what virtualization software you are using. What you need is a virtual network between guest and host. What you should avoid in that configuration is NAT and bridging modes as those are not applicable to your setup. If you don't know how to configure the virtual network that may be worth a separate question – kasperd Dec 22 '17 at 15:25
@MahmoodSanjrani Once you have working network between intermediate VM and nested VM you need to configure a reverse proxy on the intermediate VM. For the configuration of that it doesn't matter if the proxy and backends are physical or virtual machines. So you should be able to use the answers to one of the many earlier questions about how to do that. I have seen questions about such configurations in both Apache and Nginx on this very site. – kasperd Dec 22 '17 at 15:27
I have working network in host and guest machine. I have same global ip in host and guest machin. – Mahmood Sanjrani Dec 23 '17 at 07:40
I tried to call server webpage in host machine using guest machine ip, it works fine. – Mahmood Sanjrani Dec 23 '17 at 07:50
Now I think I need to forward host global IP request to guest machine but I followed this link https://serverfault.com/questions/170079/forwarding-ports-to-guests-in-libvirt-kvm but didn't worked. – Mahmood Sanjrani Dec 23 '17 at 10:05
I have asked an other question about IP/PORT forwarding to nested VM https://stackoverflow.com/q/47951798/8029105 – Mahmood Sanjrani Dec 23 '17 at 10:46
my problem got solve, I used your suggestion. Many many thanks . – Mahmood Sanjrani Dec 24 '17 at 04:44

can I access nested VM gloabally in GCP

1 Answers1