Solving for true-source IP with global load balancers in Google Cloud
Global load balancers in Google cloud perform source NAT of traffic. Since they do support PROXY protocol, administrators have a path to maintaining true source IP when using this option.
Nice work! I really like how the web app displays all the relevant information back as a direct feedback to the solution. Would another design pattern be to use regional passthrough tcp LBs, with DNS LB (GSLB) as a disaggregation layer across the multiple regional tcp passthrough LBs within GCP? Realizing this introduces a new element of TTL vs Anycast.
- MichaelOLearyMay 05, 2024Employee
MattHarmon yes I believe so. In this case the customer wanted that Anycast public IP address, but yes that's a nice point you make. An alternative design could have multiple regional passthrough TCP LB's, and use DNS load balancing to distribute traffic across them. This would persist true source IP and they wouldn't need to use Proxy Protocol to achieve it. I don't remember the business reason behind the desire for a single IP address that was globally advertised via Anycast, but like you said, it does add the element of DNS LB'ing.