Assigning new IP to a VM each time - google-cloud-platform

On GCP, I want to change external IP address of my VM instance several times in a day and in my project VM needs to be assigned new IP address each time. However, regardless of using ephemeral or static IP, when I try to change IP, there are only 3 or 4 different IP addresses. After 4 times change, the loop backs to start so the IP has been assigned before was assigned to VM again.
Is there a way to assign a new IP address to VM each time?

In this scenario you can use protocol forwarding in order to assign multiple/different external IP addresses to a VM instance. Then When traffic is sent to an external IP address that is served by a forwarding rule, the forwarding rule directs that traffic to the corresponding target pool or target instances.
As per document you can create up to 50 forwarding rule objects per project.

I think (don't know) that this isn't possible.
You are being loaned public IPs from Google's pool and, technically these are assigned randomly (you won't always get these IPs) but, over the timeframe you've monitored, you detect there's a pattern and the behavior is insufficient for your needs.
It's unclear why you need random IPs -- I assume random DNS naming won't suffice for your use-case -- you may want to submit a feature request to Google's Issue Tracker
Given that you detect a period of 3-4 IPs, you could temporarily hold these on VM interfaces and, once you obtain a different IP for your app, you could release the others?

Related

Multiple IPs on a single GCE instance

I want to have a VM with multiple internal IPs each with a one-to-one relation to external IP address on a single network interface.
I need to be able to initiate requests from that VM (single process) but need that different requests use different external IPs.
E.g.
10.146.0.3 <> 35.215.6.3
10.146.0.4 <> 35.215.6.6
10.146.0.5 <> 35.215.6.8
I managed to add multiple IPs to a single interface using alias IP ranges but can't find a way to map those extra internal IPs to external IPs.
This can be done quite to be easily done on AWS (took me about 5-10 minutes) as shown here, but after two full days looking around, I still can’t find a way to do this at GCP.
I am not looking for load balancing functionality or for any inbound connection related functionally (my VM acts as an HTTP client, not a server, so I only care about outbound connections). Also, if possible I also want to avoid multiple network interfaces as they are limited by 1 per vCPU and therefore don’t scale well cost-wise (plus all the hassle of having to create new VPCs).
Related questions (which don't quite solve my problem):
How do I setup 1 to 1 NAT in google cloud?
Multiple IP addresses on a single Google Compute Engine instance
How to assign multiple outgoing IPs addresses to a single instance on GCE?
For testing, I am using the following command:
curl -w '\n%{local_ip}\n' --interface <internal_ip> ifconfig.co
Which returns the external IP followed by the internal IP:
52.196.168.76
172.31.24.253
It's possible to add multiple external static IP addresses to a VM instance. Each VM instance can have up to eight network interfaces and you can assign a static external IP to the added interfaces.
However, is not possible to add the same NIC more than one to the same VM Instance and each added NIC subnetwork IP ranges cannot be overlapped. Each internal IP range got to be different1.
You may consider using a VM-appliance2 with multiple external IP addresses, useful for traffic separation as you intend to do.

GCP: Cloud NAT: Why does a Regional IP address attached to a Cloud NAT get labelled as "unused"?

If I set up Cloud NAT, and attach it to a network, I am charged about $0.050 per hour. This is fair since I don't have to set up my own NAT instance and I don't have to manage it myself.
Furthermore:
When reserving a static IP address on GCP, I am charged at a rate of about $0.010 per hour as long as I don't attach the IP address to an instance or a load balancer.
I understand that this is done to dissuade users from creating unused IP addresses.
However:
If I create a Regional IP address and instruct Cloud NAT to use that as its external IP address, the IP address is still marked as "unused" in the Cloud Console (In use by: None in the Web UI, and RESERVED using the gcloud command).
This leads to two things:
Confusion: It is not immediately obvious that the reserved IP address is in fact in use, and someone might try to delete it.
An unused IP address is charged, which is fair if it is indeed unused, but I would argue that it is in fact not unused, and google is running an "invisible instance" for me (even though it's just a network service feature in Andromeda, and probably does not involve a single running instance - at least according to the docs)
If anyone knows if this is a feature or a bug, I would be very thankful (and I would also be thankful if I could save $0.010 per hour :D)
Update
From the billing console I can deduce that the static IP address is not being charged for (when attached to Cloud NAT), even though it is marked as "unused".
The question is now if the bug is with the Web UI/gcloud or the billing system.

After Shutting Down compute engine instance do we get new system or the same old one with new IP?

I had a compute engine instance, I shut down that instance from command line. Now the thing is when I started it back the IP got changed, which I guess it was because it was ephemeral.
Now I wanted to ask as I am having now new IP. Does my system got changed or just my IP, because if my previous system is changed then I think that all of my data which I had on that compute engine will be still there and if my previous system got assigned to a new person then maybe he can see my data which will be a security breach.
The second question is, is there any way I can get my previous IP assigned to my new instance which I had before.
You're conflating a couple of things here. Networking in GCP is a purely software-defined configuration. As such, the IP of your machine is defined by software and is in no way dependent on things like your instance itself or the disk attached to the instance (where your data actually lives).
To answer your actual questions:
When the machine is restarted, a new ephemeral IP is assigned. Your data is on the disk attached to the machine, and nobody else has access to it.
You have no control over ephemeral IP addresses. If you want to maintain an IP address between restarts, you need to reserve a static IP and assign it to your instance.

Restrict the access to aws instance from specific IP

I want to set the security groups for the web server running in aws instance.My website should be accessible to through http/https. But file modification access to be set to particular IP address.I am currently connected to a Wifi router, and as I know IP that my PC assigned changes everytime.
Can someone please guide me on how to get a static IP address that I can allow access to my website.Thanks in advance.
You would need to see if you ISP can sell you a static IP - it's not always possible. I can't get one from my ISP when working from home, your ISP may be different for example.
However, if it is just you that needs static IP address (i.e. you as the developer/admin as opposed to users in the public), it is only a few clicks of the mouse to update the security rule thru the aws console each time you need elevated access. I do this for several servers running on EC2 which I keep locked down, and when I need to RDP into them, I open up the security groups to just my (dynamic) IP, and remove the rule when I am done - this will work if you only occasionally need access. You could also automate this process using a little scripting and/or lambda function.
Other option that I also do: I have an service that I need to access continually from a static IP - I use an another EC2 instance (with fixed IP) as the whitelist IP for this, and then I connect to that services by first connecting via RDP to the EC2 instance - and the EC2 instance with the fixed IP then accesses the service using its static IP.
You first have to know if your external IP changes if so you have to ask your ISP to change your IP to a static one
If it's the internal IP the one that changes but the external IP is the same you will have no problem accessing the aws.

How to reference another EC2 instance, which may be restarted or even have another instance started?

Consider an server ec2-50-1-2-3.compute-1.amazonaws.com, which is not publicly available and which does not have an elastic IP address. I cannot assign it an Elastic IP address as I don't have any more addresses to assign (used all 5 already on publicly-available servers).
The publicly-available servers need to access a service on ec2-50-1-2-3.compute-1.amazonaws.com. However, if I restart that server then it may receive a different address and I'll have to update 20 websites across 5 webservers with the new address. Is there any way to refer to the ec2-50-1-2-3.compute-1.amazonaws.com server which will persist even if I restart that server, considering that I have no more Elastic IP addresses to assign to it?
Is there any way to refer to
Key word "refer to" -- indeed, there is... a DNS CNAME.
Whether your DNS is in Route 53 or elsewhere, a CNAME record refers a system asking for a particular host by name, to a different host -- also by name.
Let's say, for example, that the service this system provides is the generation of reports. In the "example.com" domain...
reports IN CNAME ec2-50-1-2-3.compute-1.amazonaws.com.
Any machine looking up "reports.example.com" from the DNS will be referred to the hostname ec2-50-1-2-3.compute-1.amazonaws.com which will of course resolve to the machine's IP address.
If the machine's IP address (and therefore, in AWS, its hostname) changes because the instance was terminated or failed or replaced, you only have to update the information in one place -- the DNS. The systems that need to access this system would be configured with "reports.example.com" instead of the other hostname, so they wouldn't have to be maintained individually.
If you are using Route 53, it's also possible to configure Route 53 to actually give out a different answer using failover routing with health checks and divert requests elsewhere when the instance isn't working properly.
Amazon will not give you any difficulty at all if you simply request more Elastic IPs. It's right here: Request to Increase Elastic IP Address Limit
It turns out the the best way to refer to other instances in AWS is to use Amazon Virtual Private Cloud (VPC). In VPC each machine gets a static internal IP address, which persists for the lifetime of the instance. In fact in VPC one can configure full networking!