2

I've been trying to setup some software on my server over at GCP, and assigned a public static IP. But I don't see it inside the VM through ifconfig or ip addr. I understand there is no way to get the IP show up inside the VM and there's a 1-to-1 mapping from NAT to the public IP, but what I don't understand is, why. While this question askes basically the same, the answers don't really answer the why part clearly.

I occasionally run VM on my windows PC, and sometimes, I bridge the adaptor so that the VM gets an IP on my local network, so I know that it's possible (unless I'm missing something here). IBM cloud seems to have this feature though.

So, my question is, what and why could be the reason this is not allowed, or not implemented yet? What problems does it solve or simplify? Why can't I just look at the IP with ifconfig or ip addr (I know I can't cause the IP isn't assigned to an interface, I mean to say why isn't there one)? As a beginner, I think that feature would be what one 'expects', so I want to know the technical reasoning behind this.

Thanks!

B_Dex_Float
  • 142
  • 2
  • 11
  • I am by no means whatsoever an expert on GCP (much less its internals) as my experience lies more with Azure (which does this external NATting as well), but I would imagine at least part of the reason is to reduce some pain points of pool-based IP assignment from outside of the instance itself. – esqew Sep 23 '20 at 17:59
  • Could you elaborate? IBM apparently does it (linked in the question). I'm really interested in the details, the problems, what the pain points actually *are*. I have no clue, that's why – B_Dex_Float Sep 23 '20 at 18:31
  • @DazWilkin answer is good. In summary, public static IP address are NOT assigned to your VM. That is why you cannot see them on a networking interface. You can read the IP address from the instance metadata. Public IP addresses are assigned to a special one-to-one NAT which manages public IP to private IP routing. Google definition: "If the network interface has an external IP address assigned to it, Google Cloud automatically performs one-to-one NAT for packets whose sources match the interface's primary internal IP address." – John Hanley Sep 23 '20 at 19:01
  • @JohnHanley "public static IP address are NOT assigned to your VM". I know, I want to know *why not?* – B_Dex_Float Sep 23 '20 at 20:06
  • 1/2): Because Google designed its networking that way. In GCP, networking is done in software. Public IP addresses have to be assigned to real hardware interfaces and then routed to the final destination (your VM). For IBM, you are speaking about the "legacy" version of their cloud. IBM legacy cloud can assign public IP addresses to VMs because there is a minimal software layer virtualizing networking in between. IBM' Cloud also offers a true VPC network which is virtualized. – John Hanley Sep 23 '20 at 21:22
  • 2/2) A similar comparison can be made with the public phone system. At the office, a phone number can be routed to any desk but none of the desks have a public phone number, just an internal extension (think private IP address). If you wanted a phone with a public phone number, the phone company would need to install a new line just for your office or change the physical wiring in the phone closet. – John Hanley Sep 23 '20 at 21:23
  • Yeah makes sense. I get that it's a design decision. If I was making a new cloud, say PotatoCloud(TM), why would I decide to allow/disallow this 'feature'. And what is this called? I think it's called Bridging or bridged adaptor? IP forwarding? Hmm won't something like a bridged adapter work (I hope I have the terms correct)? I can assign a IP from my local network into the VM, so I wondered why this wasn't put in GCP. From what I've seen, bridged adaptors are also SDN. – B_Dex_Float Sep 24 '20 at 16:10

1 Answers1

2

Google needs to resolve to IP addresses for the compute engine instance that you've created. As @esqew mentioned, it does this using NAT to convert the public IP address to an internal to Google, private address that corresponds to your instance.

Your instance does not sit on the public Internet and it is not directly addressable from the public Internet. Instead, the public IP address gets traffic to Google's front end and then Google services resolve the address. Although IP addresses may be bound to instances for extended periods, these addresses are reused many times.

Other machines, even those within your project, may use the public IP address to resolve to your instance but this traffic would be routed to Google's resolver and be sent back through the network to your instance. Using the instance's internal DNS or internal IP address is probably (!) more efficient.

In none of these situations does your instance need to be configured with this IP address. The instance needs to know how to route traffic and the every other device connected to the Internet needs to be able to reach your instance but that's it.

You can determine instance's public IP addresses using the metadata service. From the instance:

METADATA="http://metadata.google.internal/computeMetadata/v1"

# External IP for interface: 0 access-config: 0
curl --request GET \
--header "Metadata-Flavor: Google" \
${METADATA}/instance/network-interfaces/0/access-configs/0/external-ip

# Internal IP
curl --request GET \
--header "Metadata-Flavor: Google" \
${METADATA}/instance/network-interfaces/0/ip
DazWilkin
  • 32,823
  • 5
  • 47
  • 88
  • I know about the first 2 paragraphs in your answer. I understand the advantages of having a single IP be natted, but I was wondering why I can't put the ip on an interface through GCP. I get that it's an active decision made by them, and want to know if there's any potential reasons for that. Some services require the server have a public IP, but that's not the point either. I want to know *why*. Why isn't that feature there on all of the major cloud platforms? – B_Dex_Float Sep 23 '20 at 20:05
  • "In none of these situations does your instance need to be configured with this IP address", true, it's not really about the need to do something, I was trying to do that, and realized there was no way. I wanted to know why am I basically not allowed to do it. – B_Dex_Float Sep 23 '20 at 20:11
  • It is loosely coupled network design decision! Easy to manage network infrastructure. – Umesh Kumar Sharma Feb 10 '22 at 11:42