How to whitelist IPs on google compute engine

google-cloud-platformgoogle-compute-engineload balancing

One of the ISPs is unable to access my website hosted on google compute engine, how to whitelist their IP blocks?
I dont see any IP blocked in iptables of individual linux machines running behind the load balancer.

Update 1: The firewall rule which allows incoming traffic from any source(Allow from any source (0.0.0.0/0) – tcp 80) is already added to these gce machines.

Update 2: Further analysis has resulted in the following observations
(We took the client on a remote call):

  1. http://mywebsite.com is not loading while https://mywebsite.com is loading. This is witnessed only by this user, other users are able to access the site on both http and https.
  2. Contacted the ISP provider and confirmed that there are other machines from that ISP which are facing the same issue. This means its not a client specific issue(browser, firewall, virus issue).
  3. ping mywebsite.com is successful on the client machine.
  4. tracert mywebsite.com results in reaching google's ISP without any packet loss, this is followed by a few request timeouts before it hits the IP of mywebsite. Sometime it never reaches the IP of mywebsite.com, all results after entering google ISP results in request time outs.

Traceroute example from the client's system is as follows:

1 <1 ms <1 ms <1 ms 192.168.0.1
2 1 ms 1 ms 1 ms 192.168.10.1
3 34 ms 9 ms 13 ms 103.194.232.3.rev.jetspotnetworks.in [103.194.232.3]
4 102 ms 10 ms 13 ms 103.194.232.1.rev.jetspotnetworks.in [103.194.232.1]
5 11 ms 9 ms 13 ms 115.42.32.65.rev.jetspotnetworks.in [115.42.32.65]
6 86 ms 87 ms 87 ms 72.14.218.21 -----------> Google ISP
7 89 ms 85 ms 85 ms 209.85.142.228 -----------> Google ISP
8 121 ms 122 ms 121 ms 66.249.94.39
9 145 ms 149 ms 144 ms 216.239.63.213
10 207 ms 208 ms 212 ms 216.239.62.201
11 200 ms 197 ms 197 ms 66.249.94.131
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 243 ms 191 ms 191 ms IP of mywebsite.com -----------> Sometimes this is never witnessed

Best Answer

If you have the firewall rule, and you can ping or traceroute the server, it shouldn't be a Cloud Platform configuration issue. This really looks more as an ISP connection issue. As for the asterisks on the traceroute output it means that the router at that hop doesn't respond to the type of packet you were using for the traceroute, Google internal network usually does not respond to ICMP packets.

Related Topic