1

Our company hosts infra on GCP. Default network is connected to cloud NAT. Because API provider we work with need to whitelist our IP address, I am adding static IP to the cloud NAT.

The question is - should I assign just one IP address or multiple IP addresses?

My understanding of pros/cons:

pros:

  • potentially API provider can have rate limit per IP. If we have multiple IPs we have more rate limits

cons:

  • it's tedious to whitelist multiple IPs

Both doesn't seem very strong point so I guess it doesn't matter? What is the best practice for egress IP addresses? Should I have one or multiple? If multiple how many is recommended?

Kazuki
  • 111
  • 2
  • Well if I don't have static IP NAT will auto assign IPs so I can get more than one IPs. Or if I don't have NAT, each VM can have its own IP. So I really don't think having multiple static IP is abuse. For your second question, per google's documentation there is vm-per-port limit, if VM has more connection than that, VM will obviously get new egress IP. – Kazuki Dec 04 '20 at 00:02

1 Answers1

2

This depends on your cloud implementation, even when you have 65535 available ports for each IP address, GCP Cloud NAT will only use 64512 for each protocol, so if your implementation on GCP requires more than those number of ports, then you must add new static IPs, this is automatically solved when using "Auto-Allocation" to scale up or down at any given moment without manual intervention, but this would select any random IP address to use (which might not be white-listed).

I am wild guessing here (since I don't know much about your implementation), but I would use multiple static IPs in order to have some spare ports in case your system out-grow those limits.

Frank
  • 371
  • 1
  • 7