0

I'm trying to set up an XMPP server on Google Compute Engine. I'm currently playing with Prosody. My preferred deployment strategy for servers is to have immutable infrastructure, so I tend to build an image of the server I want (using Packer), create an instance template of it, and create a managed instance group of that instance template with a target size set to 1. This has the benefit of making sure I always have at least one server alive and responding to requests, and automatically recreates the server in the event of an issue. It also means I need to have all my requests go through a load balancer, however, as the server IP isn't stable.

For HTTP/S this isn't an issue, as the HTTP/S load balancers work quite well. For TCP, this is proving to be an issue. Network Load Balancing requires a list of instances to balance between, which means when my instance is destroyed and recreated, the load balancer is out of date. TCP Proxy Load Balancing and SSL Proxy Load Balancing don't have this issue, but they have a restricted set of ports that they can be used with. Curiously, 5222 (the reserved port for client-to-server XMPP traffic) is in this whitelisted group of ports, but 5269 (the reserved port for server-to-server XMPP traffic) is not in this whitelist. I'm not sure why Google would allow client-to-server traffic but not server-to-server traffic.

I guess my question is whichever of these I can get an answer to:

  • Does Google actually block port 5269 on their SSL/TCP proxy load balancers?
    • If yes, why? They allow 5222, which is effectively useless without 5269, I think?
  • Is port 5269 actually required for XMPP, or will servers fall back to 5222?
  • Is there some strategy I'm missing here for getting TCP traffic on port 5269 to an instance in an instance group?
Paddy
  • 136
  • 5
  • At GCP we do not block port 5269 on SSL/TCP proxy load balancers. Have you allowed this port in your firewall ? – Mohibul Mahmud Jan 11 '19 at 23:15
  • At GCP we only support a very specific set of ports for [TCP Proxy](https://cloud.google.com/load-balancing/docs/tcp/#overview) and [SSL Proxy](https://cloud.google.com/load-balancing/docs/ssl/) load balancers. If you determines that you need to accept traffic on TCP 5269, then you could use a GCP network load balancer instead.Network load balancers pass traffic on whatever port it's sent; they are not proxies. – Mohibul Mahmud Jan 15 '19 at 23:18

0 Answers0