I have a need to communicate from services (hosted in azure service fabric) to communicate with our on-premises resources. I would like all outgoing traffic from azure to have a static ip address so that on-premises network team can create a firewall incoming firewall rule based on this static ip address.
Since the service(s) hosted in service fabric can move from node to node (without user's intervention) and auto-scale feature can add new nodes or tear down existing nodes, I am guessing I have to use something with configuration step. So I would like to know following:
1) What needs to be modified in the fabric cluster so that all outgoing traffic has static ip address?
2) How do I modify it at configuration step so that I don't worry about node to node switch as well as auto-scale feature?
All nodes get the same outbound IP address, the same public IP that is assigned to your cluster/load balances in Azure. You can specify the public IP address by using an ARM template to deploy your cluster, you specify a name of the public IP (and that public IP is assigned to your subscription and is then referenced in the ARM template for the cluster).
Related
I have a VPS with Google Cloud Compute Engine which I can reach through an external IP. Next to my external IP I can reach my VPS through: 122.xx.xx.34.bc.googleusercontent.com
Is Google also offering an option to reach your website through NAME.bc.googleusercontent.com or something different than an IP.
I don't want use cheap domain name or free domain name as .tk
You can use any domain name to reach your VM instance that you run on Google Compute Engine. To do it follow steps below:
register domain name at any domain name registrar
set up DNS servers for your domain name (usually DNS hosting service provided by domain name registrar)
reserve external static IP for your VM (optional, but could be helpful)
create A record that point to external IP of your VM
wait 24-72 hours for propagating domain names
reach you service via domain name like https://domain.name
In addition, you can register your domain name at Google Domains and use Google Cloud DNS as DNS service for your domain.
You're not able to use NAME.bc.googleusercontent.com because 122.xx.xx.34.bc.googleusercontent.com is a PTR record.
I have a Python application which has been deployed to openshift.
I am using an external REST service in my application. In order to use this service, the developers of the REST service have to whitelist my IP because a Firewall blocks unauthorized IP addresses.
How can I find the external IP of my application? How can I find it in openshift? I tried a few OC commands, but I am not sure if I have to get the IP of the pod or the service.
Out of the box the traffic from internal cluster components will appear to external infrastructure like they are coming from whichever OpenShift compute host their pods are currently scheduled on.
Information on internal cluster networking and how traffic traverses from a process running inside a pod to the external network can be found at SDN: Packet Flow.
In your case you could have the external application whitelist all of the ip addresses of the compute hosts that are expected to run your application pods.
Alternately you could set up an EgressIP. This will cause all traffic originating from a specific OpenShift project to appear as if it is originating from a single ip address. You could then have your external application whitelist the EgressIP address.
Documentation for configuring EgressIP can be found in the official documentation under Enabling Static IPs for External Project Traffic
What you are searching for is the external IP of the Service. A Service acts as a load balancer for your pods but by default it only has a cluster-wide IP address. If you need a URL to access it from the outside, you can create a Route. For your purpose where you need an actual external IP address, you can assign the Service an external IP manually. Information on how to do this can be found in the official OpenShift Docs.
I'm writing a web application using Ethereum at the moment and realize only now that I have to specific a web3.provider's IP address to tap into the blockchain.
If I have to specify an IP address, how are web apps. (dApps) considered decentralized?
I recognize the data may be ... but the utility of the dApp itself is null if the user doesn't have a frontend tap.
So my question is, from a technical perspective, how do I dynamically grab an IP address to an Ethereum node w/o using some sort of centralized DNS platform?
ENS (the Ethereum Name Service) appears to work similarly to centralized DNS platforms as you need a resolver to get the resource.
What you need to know is that you should not connect your dapp to an IP. You and ever other user will are supposed to connect to a different node. So, it is the user who will connect to a node. The user will be connect to a local or remote node of his/here choice. For you as a developer, when you will be sure that any user connected to a healthy node, he will be using the same version of the dapp.
Note: local nodes can be Geth and Parity nodes connected to main-net. And remote nodes can be the nodes that MetaMask connects to (MetaMask uses infura.io).
Note: If you will force your users to connect to a specific IP, you cannot call your app 'decentralized'.
I'm trying to build a webserver in Google Cloud Platform that hosts multiple websites (GBP, IE, FR, DK etc.)
Generally, we assign a range of IPs to the server statically, set the bindings in IIS, then loadbalance using a virtual IP.
It seems near enough impossible to assign another internal IP in GCP. Lots of guides about additional external IPs, but we don't want a public facing webserver like this.
Anybody have any idea on how to add additional internal IPs to a VM / Instance?
Also, I have tried changing the internal address I have assigned to the Instance to static in network adapter settings, next thing I know I can't access my VM for love nor money, had to delete and re-create. If I go into advanced settings to add additional static IPs, w'ere set to DHCP apparently, so can't add additional IPs.
Thanks all.
Answer that I recieved from GCE discussion group, in Google Groups:
"You can add additional internal IP addresses to a VM instance. This is possible by enabling IP forwarding for the VM, creating a static network route, adding appropriate firewall rules, and setting additional internal IP addresses to network adapter of Windows. These steps are described in this article for Linux machines (https://cloud.google.com/compute/docs/networking#set_a_static_target_ip_address). The same steps are valid for Windows VMs. You will need to keep the initial internal IP address, subnet mask, gateway address and DNS settings of the adapter and manually enter them in properties of IPv4 of the network adapter. The below is a screenshot of my configuration on a VM instance (Windows 2008 R2) that perfectly works."
Update:
Now, you can create instances with multiple network interfaces On Google Compute Engine and assign IPs. For more information, refer to this public documentation link. However, currently it has following limitations:
Alias IP ranges are not supported on any network interface on a VM
that has multiple network interfaces enabled.
You cannot modify or delete the network interfaces after the VM has
been created.
I'm planning to create a web site that runs on several different machines in Google Cloud Compute, and I'm serious thinking to use the Network Load Balancing of Google. But I have some questions regards security and usability.
My machines can have a private ip address with the http port opened ?( we don't when some hacker is trying to get in ours servers)
My http response will have the machine own ip address or the ip in the Network Load Balance ?
Does Google protect the opened port in Google Cloud Compute machine against SYN,Pack flow attacks( like a router)?
You could use the HTTP/S load balancing to do what you want. https://cloud.google.com/compute/docs/load-balancing/http/
See https://cloud.google.com/compute/docs/load-balancing/http/cross-region-example#optional_remove_external_ips_except_for_a_bastion_host for removing external IPs.
Responses will come from the load balanced IP, not your VMs' IPs.
Yes for some types of malicious traffic, because the load balancing layer is doing full proxying. This means TCP and SSL termination both happen before your VMs.
if your machines have only private IP (RFC 1918 space) and no external IP, then configuring NLB doesn't make them externally accessible directly on port 80 (if thats what you configure for your service).
google does handle some level of attacks, but if you are like for a full-fledged ddos, then implementing additional layer on your end helps.
No. Is only possible to have the port 80(http) open if and only if the instance has a public ip address; however, it is possible to limit the machine instances affected with a bastion host.
No. Using the Network Load Balance will protect the ip address of you machine, but is possible (in theory) to gather the machine external ip address with random ip address scans or some flaw in the application.
GCE machine instances have some sort of protection, but they are susceptible to TCP or UDP flood according to securityfocus.