I'm currently evaluating Google Compute Engine (GCE, sometimes Google Compute Platform). A requirement for moving our work into GCE is that all traffic, "public web" included, must go through our network first. So we're not planning on using the ephemeral or public IP addresses provided by GCE at all. We have created a VPN connection to our internal network that works successfully. However, as web applications are wont to do, we'd like to use the GCE load balancing options, either HTTP or network.
Based on the GCE interface, the only option I see in GCE is to create an ephemeral/public IP address for a load balancer, and then specify which hosts it belongs to. Remember, there is no inbound or outbound access from this GCE network to "the internet", so that won't work. Thanks to the /usr/share/google/google_daemon/manage_addresses.py
daemon that is running, every member of the load balance group gets a local address attached to it's eth0
interface, visible by ip route ls table local type local dev eth0 scope host proto 66
. It can talk to itself, even using the load balancer address. But again, this is not sufficient.
Instead, I'm wondering if there's an option I've overlooked for creating a load balanced IP address from the VPN network. This is similar to Amazon's ELB in a VPC option - the elastic load balancer (ELB, usually balancing HTTP) is created "in the VPC" and returns a VPC specific address. No outside internet access required, inbound or outbound.
My hunch is that this is not yet possible from GCE, so I'm also hoping that if this is something on the roadmap, one of the GCE engineers might chime in.
Thanks.