0

I'm trying to put a GCP regional TCP load balancer on front of my service. My service expose 7933 port out. And I can get response from my service server's IP.

The set up is based on this article.

https://cloud.google.com/community/tutorials/modular-load-balancing-with-terraform

But I don't know why I got connection refused from Load Balancer. I can make sure my service is up (cause I can get response from server's IP).

Also I made this TCP load balancer worked before by selecting Session affinity to Client IP and protocol. But I don't why it does not work at all after one day.

What's more, my firewall rule is fine and cloud armor is not select.

My set up on GCP (this service cannot provide health check yet)

wzf1943
  • 1
  • 1

1 Answers1

0

Assuming you are using an external TCP load balancer, I would recommend to do the below following checks for successful communication from the LB IP.

1)I understand you mentioned that your service is listening on specific port but, I would recommend verifying if service is set to listen for “any iP”(0.0.0.0) or for the address of the Load balancer. You can run below command to see all listening TCP ports on Linux

Netstat -nltp

2)I Noticed you have not configured the Health check and configured session affinity. I would recommend enabling health check to make sure that the backend that the session affinity sending the request is healthy.

3)Verify if the firewall has been configured properly. I would recommend to click the Instance and under network details select “View details” and analysis the firewall rules(need ingress allow access from 0.0.0.0/0 to the port:7933).

If all the above configuration has been checked and still issue persist. I would recommend creating a support case to review the project details and assist you further.

Dattu Pragnu Nellutla
  • 21
  • 2
  • Hi, thank your answer. Based on your answer. I checked 3 steps one by one. – wzf1943 Jan 21 '20 at 18:52
  • 1. ctive Internet connections (only servers) tcp 0 0 10.138.0.5:7933 0.0.0.0:* LISTEN - ... – wzf1943 Jan 21 '20 at 18:55
  • 2. The service is using some special RPC protocol it's using TCP as it communication protocol. And regional TCP LB need the health check in HTTP protocol. 3. I think the firewall is fine. I checked it set up and logs no block activity found. – wzf1943 Jan 21 '20 at 18:57
  • But I created a HTTP(s) load balancer by hand. The HTTP(s) LB's health check can select TCP protocol. This HTTP(s) LB can return response to internal network nodes. My local machine can just got EOF from it... – wzf1943 Jan 21 '20 at 19:02
  • As per the netstat output(tcp 0 0 10.138.0.5:7933 0.0.0.0:* LISTEN) the issue seems to be because of the local machine not listening to “anyip”(0.0.0.0) on port 7933. to fix the issue I would recommend to open port 80 for any IP and or at least Load balancer IP address – Dattu Pragnu Nellutla Jan 22 '20 at 16:03