The Google cloud platform (GCP) provides a state to confirm whether the VM's live response is correct. This document describes how to verify and use the state of the load spreader.

This page is used to validating the state concept, targeting users who understand the rules of the GCP firewall.

Status confirmation category, protocol, port

GCP performs status verification based on category and protocol.

There are two types of confirmation status: confirmation status and status before confirmation. Port specification means used in protocol sets and status acknowledgments of each category.

Most load dispersers use the unacknowledged state, but for the network load disperser, the previous state confirmation is needed. On the status confirmation concept page, refer to status confirmation to confirm the appropriate category, protocol and port assignment method.

The protocol selected to confirm the status does not need to match the protocol used in the load spreader, so it is impossible to match. Please refer to the protocol and load divider for details.

The term "confirmation status" refers to the confirmation without displaying the previous status. It is explicitly mentioned in this document that the previous status confirmation is "confirm previous status".

Create status confirmation

With GCP, you can select the status and selection when completing the back-end composition of load dispersion period in GCP console.

In GCP console, different state acknowledgments can be formed with load dispersion period. This is the case where the status needs to be confirmed first or the use status of the multi load disperser needs to be confirmed. You can create states using GCP console, gcloud command-line tools, or rest APIs. After checking the background information of this sector, it will enter the confirmation status and modification.

gcloud gcloud

The network load disperser must use the back-end composition or selected state in GCP console to complete the network load disperser period. If you want to create the previous state separately, you must use the gcloud command-line tool or the rest API. Please refer to the previous status for details.

gcloud gcloud

Flag to confirm all States

The next flag has nothing to do with the protocol and confirms all States together.

The meanings are as follows.

ssl tcp 5s 5s 2

Port slogan

To confirm the status, specify the port in addition to the protocol. The way to specify the port is based on the type of load dispersion period and the type of back-end used by the back-end service. The following table shows the port options for the combination of the payload disperser and backend. On the table, the term "Internship combination" means non management type instant combination, management type instant combination, or management type field avatar combination.

Only one type of port can be used for acknowledgment status.

--port 1 65535 --port-name --use-serving-port --port 1 65535 --use-serving-port --port 1 65535 --port-name --use-serving-port

1 Port specification combination will be resolved as follows.

• If use serving port is specified, neither port nor ------ port name can be determined.

--use-serving-port --port --port-name

• --When both port and port name are specified, port takes precedence.

--port --port-name --port

• If none of the three are specified, the base value is -- port = 80.

--port=80 --use-serving-port --port --port-name --port --port-name --port --port=80

2 beta: --- the beta gcloud instruction must be used when the use serving port requires it.

--use-serving-port gcloud --use-serving-port gcloud

• gcloud beta compute health-checks create gcloud beta compute health-checks update
NONE PROXY_V1 NONE PROXY_V1 PROXY UNKNOWN\r\n /
• The answer string must consist of ASCII text, numbers, and white space.
• The maximum length of the answer string is 1024 words.
• Width card is not supported.
• Content based checking does not support graphics. Like haproxy! I won't support it.
! !

-The success criteria of request path and response slogans modification status confirmation.

--request-path --response --request-path --response

Check selection flags for SSL and TCP status

In addition to common slogans and ports, you can also use SSL and TCP state. In this example, the default interval, time limit, and state threshold are the criteria. Using 3268, the TCP state with the name of Hc-tcp-3268 is created.

hc-tcp-3268 hc-tcp-3268
• The protocol can be TCP (in this case) or SSL.
tcp ssl
• Proxy & header is one of none or proxy v1 If omitted, GCP uses none PROXY \\\ \\\\ \\\ xY \\\\\\\\
NONE PROXY_V1 NONE PROXY_V1 PROXY UNKNOWN\r\n
• Request & String: if the TCP or SSL session is set, it can be sent to a string of 1024 ASCII at most.
• Response & String: provides a string of up to 1024 ASCII.
tcp ssl NONE PROXY_V1 NONE PROXY_V1 PROXY UNKNOWN\r\n

-The request and - response flags modify the success criteria for status confirmation. When used alone with the response banner or with the request banner, it should be consistent with the expected response string.

--request --response --response --request --request --response --response --request

Create status and modify

After the modification status is confirmed, it cannot be converted to the former status check or vice versa.

Console

GCP console will be in status before status confirmation and validation. You can edit your status confirmation and previous status. However, the status confirmation page of GCP console cannot create the previous status.

If you want to confirm the status, follow the next step.

If you want to modify the status confirmation, follow the next step.

• Move from Google cloud platform console to status confirmation page. Move to status confirmation page
• Click status confirmation.
• If you want to modify the status confirmation, click Edit and execute the following. Change the parameters as required. Click Save.
• Change the parameters as needed.
• Click save.
• Change the parameters as needed.
• Click save.

Gcloud

To display status confirmation, use the next gcloud instruction.

gcloud gcloud

After confirming the status confirmation, use the name of Health & check & name to replace the appropriate gcloud instruction to describe the status.

gcloud gcloud

If you want to modify the state, use a name that matches Health & check & name instead of the appropriate gcloud directive. In addition to status confirmation and protocol, you can modify general slogans, port slogans, and selection flags. If the gcloud compute health checks update instruction modifies the status, the abbreviated flag will be displayed. The following commands are predictions for modifying check interval, time limit, request path, and status confirmation.

gcloud gcloud compute health-checks update gcloud gcloud compute health-checks update

API

• The healthchecks.list API displays the status.

The healthchecks.list API displays the status.

• If you know the name of the status confirmation, you can use the healthchecks.get API call to get the composition details.

If you know the name of the status confirmation, you can use the healthchecks.get API call to get the composition details.

• An API call when the status needs to be modified. Healthchecks.updatehealthchecks.patch.patch

Use API calls when status acknowledgment needs to be modified.

• healtchecks.update
• healtchecks.patch

The healthchecks.list API displays the status.

If you know the name of the status confirmation, you can use the healthchecks.get API call to get the composition details.

Use API calls when status acknowledgment needs to be modified.

• healtchecks.update
• healtchecks.patch

Confirm previous status

Status before creation

This sector describes the method of pre state verification required by the network load disperser.

Console

The status confirmation page of GCP console shows the status and previous status, but GCP console cannot create the previous status. Use the GCP console's network load spread page, but you can create previous states.

Gcloud

If you want to create the network load distribution pre period state, the next gcloud instruction will be used.

gcloud gcloud

The meanings are as follows.

5s 5s 2 80 /

API

You can create a previous state in the next API call to the network load spreader.

Front status confirmation view and modification

Console

GCP console will perform status confirmation and previous status confirmation on the status confirmation page. To modify the existing previous state, follow the next step.

• Move from Google cloud platform console to status confirmation page. Move to status confirmation page
• Click status confirmation.
• If you want to modify the status confirmation, click Edit and execute the following. Change the parameters as required. Click Save.
• Change the parameters as needed.
• Click save.
• Change the parameters as needed.
• Click save.

Gcloud

If you want to check the network load before the decentralized period, the next gcloud instruction will be used.

gcloud gcloud

After confirming the previous state, the appropriate gcloud instruction replaced by the state confirmation name of legacy & Health & check & name is used to describe the state.

gcloud gcloud

If you need to modify the previous state, replace the appropriate gcloud instruction with the name of legacy · health · cheeck · name. If you change the status of gcloud, there will be existing settings for abbreviations.

gcloud gcloud gcloud gcloud

Here... Other options are confirmation options for the state before creation.

API

If you want to check the network load distribution period, you will use the API call.

If you know the name of the status confirmation, you can use the API call to get the composition details.

If you need to modify the previous state, use the API call.

Firewall rules

In the program IP range of state confirmation, grace firewall rules that are transferred to the VM with distributed load shall be allowed to run. In the next example, by target tag, create a firewall rule that can be applied to VM inserts. For details of firewall rules, please refer to the description of objects in firewall rule summary and network label composition.

tcp:80

Status confirmation rule

In the next example, you create a grace firewall rule for the subordinate disperser.

• 35.191.0.0/16
35.191.0.0/16
• 130.211.0.0/22
130.211.0.0/22 35.191.0.0/16 130.211.0.0/22

To create a network load dispersion rule, refer to the next section of the network load dispersion rule.

Console

• Move to the firewall rules page of our cloud platform console. Move to the firewall rules page
• Click Create firewall rule.
• Enter the next information on the create firewall rule page. Name: enter a name for the rule. FW allow health checks is used in this example. Network: select VPC network. Priority: enter the priority number. The lower the number, the higher the priority. To select the priority of a gristre rule that goes beyond the firewall rule. Orientation: match task: match task: allow. Check object: check the specified target label, and enter the tag text box. In this example, use allow health checks. Seasoning filter: IP range: 35.191.130.160.210.210.0/22 allowed protocols and ports. TCP is the default protocol for all status confirmation protocols. Click create.
• Enter a name for the rule. Use FW allow health checks in this example.
fw-allow-health-checks
• Network: select VPC network.
• Priority: enter the priority number. The lower the number, the higher the priority. Firewall rules must have high priority.
• Running direction: select ingress.
• Task on match: allowed.
• Object: when the specified object label is selected, enter the label text box. Use allow health checks in this example.
allow-health-checks
• Seasoning filter: select IP range.
• Source IP range: 35.191.0.0/160.210.0.0.0/22
35.191.0.0/16,130.211.0.0/22
• Allowed protocols and ports: TCP. TCP is the basic protocol of all state confirmation protocols.
tcp
• Click create.
• Add various instant stens Network tags with distributed load to apply the new grace firewall rules. In this case, use allow health checks with the network tag.
allow-health-checks
• Enter a name for the rule. Use FW allow health checks in this example.
fw-allow-health-checks
• Network: select VPC network.
• Priority: enter the priority number. The lower the number, the higher the priority. Firewall rules must have high priority.
• Running direction: select ingress.
• Task on match: allowed.
• Object: when the specified object label is selected, enter the label text box. Use allow health checks in this example.
allow-health-checks
• Seasoning filter: select IP range.
• Source IP range: 35.191.0.0/160.210.0.0.0/22
35.191.0.0/16,130.211.0.0/22
• Allowed protocols and ports: TCP. TCP is the basic protocol of all state confirmation protocols.
tcp
• Click create.
fw-allow-health-checks allow-health-checks 35.191.0.0/16,130.211.0.0/22 tcp allow-health-checks

Gcloud

Use the allow health checks label to allow the firewall rule with the name FW allow health checks of instons connecting to the network. Use the next gcloud instruction. Change network name to network name.

allow-health-checks fw-allow-health-checks gcloud allow-health-checks fw-allow-health-checks gcloud

Add various instant stens Network tags with distributed load to apply the new grace firewall rules. In this case, use allow health checks with the network tag.

allow-health-checks allow-health-checks

Please refer to gcloud firewall rule file and API file for details.

gcloud gcloud

Network load dispersion rule

In the next example, you need to make sure that the former state of the network is decentralized to create grace firewall rules. In order to confirm the source IP range before the network load is distributed, please refer to the following.

• 35.191.0.0/16
35.191.0.0/16
• 209.85.152.0/22
209.85.152.0/22
• 209.85.204.0/22

209.85.204.0/22

209.85.204.0/22 35.191.0.0/16 209.85.152.0/22

209.85.204.0/22

209.85.204.0/22 209.85.204.0/22

Console

fw-allow-network-lb-health-checks allow-network-lb-health-checks 35.191.0.0/16, 209.85.152.0/22, 209.85.204.0/22 tcp allow-network-lb-health-checks

Gcloud

The allow network LB health checks tab allows FW allow network LB ALT checloud instructions for instant connections into the network. Change network name to network name.

allow-network-lb-health-checks fw-allow-network-lb-health-checks gcloud allow-network-lb-health-checks fw-allow-network-lb-health-checks gcloud

Add various instant stens Network tags with distributed load to apply the new grace firewall rules. Use the network tag allow network LB health checks in this example.

allow-network-lb-health-checks allow-network-lb-health-checks

Please refer to gcloud firewall rule file and API file for details.

gcloud gcloud

Load dispersion and connection

Protocol and load disperser

Protocol usage is best compared to the protocol (or pre state validation) used in the backend service or object grass during the load dispersion period. However, the situation confirmation protocol and load dispersion period protocol do not need to be the same. Like the next one.

TCP UDP

Back end service status confirmation

This sector describes the state of the next type of load spreader and the way back-end services are connected.

This page assumes that the next work has been completed.

Console

• Move to distributed page under Google cloud platform console. Move to load distributed page
• Click on the load spreader to display the details.
• Click Modify and then click back-end composition.
• Select status confirmation in the status confirmation menu.
• Click Update.

Gcloud

Open the internal TCP / UDP load dispersion backend service, and the next command will be executed. Identify the name and protocol of the backend service.

Open the decentralized back-end service under the TCP agent, and the next command will be executed.

To list the SSL agent's decentralized back-end services, the next command is executed.

pathMatchers

Identification status confirmation. Confirm status as needed.

Connect state acknowledgment to back-end services. The next command replaces the backend & Service & name with the backend service name and Health & check & name. This instruction overrides all States of the back-end service. In most cases, back-end services connect to only one state acknowledgment.

Change the back-end service state during the internal load dispersion period, and the next command will be used. The back-end service in the internal load dispersion period should be based on the management code and specify the region.

API

• You can use the backendservices.list API to call display backend services.

You can use the backendservices.list API to call display backend services.

• Confirm the status.

Confirm the status.

• If you want to connect to the backend service, you can use one of the API calls. Backendservices.updatebackendservices.patch

If you want to connect to the back-end service, you will use one of the API calls.

• backendServices.update
• backendServices.patch

You can use the backendservices.list API to call display backend services.

Confirm the status.

If you want to connect to the back-end service, you will use one of the API calls.

• backendServices.update
• backendServices.patch

Confirm the status before the network load is distributed

In this sector, it is a description of the method to confirm the state of the connected object under the decentralized network. This page assumes that the next work has been completed.

• A network load disperser is created.
• The previous state has been determined.
• The firewall rules with distributed network load are established.

If you want to distribute and connect with the new network load, please refer to the distributed settings under the network department. When creating a new network load dispenser, it must be associated with an object.

Console

Follow the next step if you want to connect to an existing network that is decentralized and connected.

• Move to distributed page under Google cloud platform console. Move to load distributed page
• Click the network load distributor to display the details.
• Click Modify and then click back-end composition.
• Select the existing status in the status confirmation menu. Only the previous status confirmation that meets the condition is displayed.
• Click Update.

Gcloud

Follow the next step if you want to connect to an existing network that is decentralized and connected.

Identify object grass. There is at least one object in the period of network load dispersion, and there may be subsidized backup.

API

You can use the targetpools. List API call to arrange objects.

Cut off the IP address range and solve the problem of status confirmation

In some cases, it is best to fail with intentional confirmation. Part of the problem solving activity that allows a particular VM to acknowledge a failure in state or to terminate part of the program.

The action screen of IP range of status confirmation will be temporarily cut off and forced to confirm the status or previous status confirmation fails. In this example, iptables firewall software running on Linux VM is used to display the method of state confirmation failure.

iptables iptables

If you want the VM to confirm status and status check, run health & check & port in the next routine to switch to the appropriate TCP port. If you want to intentionally fail the configuration at the end of VM, you can increase the confirmation interval and abnormal threshold value of the confirmation state, and then add the next iptables instruction on the terminal script.

iptables iptables iptables iptables

To remove the iptables rule, replace health \ \ CK \ \ \ \ \ \ CK \ port with the TCP port in status and execute the next command.

iptables iptables