What is the best way to capture the monthly network bandwidth( ingress\ egress) or outbound and inbound public traffic. Do I select individual devices to get bandwidth used. Or do I select my vyatta device only as everything should pass through that for public traffic to and from internet?
Also- what options do I have to see what servers specifically are passing public traffic across the internet? Are there any dashboard tools \ API's available for this?
Related
Expert
I want to know the public IP address range for Google Cloud Storage in a specific region.
I am planning to upload a file using software from a Windows server, and so I need to set the outbound firewall rules.
It seems that the range for Compute Engine is provided by GCP, but I could not find any for Google Cloud Storage.
https://cloud.google.com/compute/docs/faq#find_ip_range
The image in AWS S3 is like;
Get-AWSPublicIpAddressRange -Region ap-northeast-1 -ServiceKey S3 | select IpPrefix
IpPrefix
52.92.60.0/22
52.219.68.0/22
52.219.16.0/22
...
Could anybody help me?
What about reversing the concept?
Setup VPC service control in your GCP resources and configure the inbound firewall there instead of the outbound firewall on your server.
There is a private proxy server IPv4 and 1 port. It is possible to use HTTPS or SOCKS5. It will be used on multiple computers (configuration at the browser level, not a PC). DNS server shared (CloudFlare)
Since I am the owner of this proxy, I want to control and monitor it, namely to see:
the number of devices using it at the moment (online)
workload on proxy, traffic
What sites each computer runs
What of this is possible and with what tools? Is there a general solution (one tool) for all tasks?
Is VPS / VDS required for such purposes? If not, how is an addition than he can be useful?
From present:
Tinyproxy can generate static html file with you needs.
Artica Proxy has a web front end with statistics. Users and transit and sites.
From the past (not maintained):
squid: can generate static html file with your needs.
So I have GCP set up and Kubernetes, I have a web app (Apache OFBiz) running on pods in the GKE cluster. We have a domain that points itself to the web app, so essentially it's accessible from anywhere on the internet. Our issue is since this is a school project, we want to limit the access to the web app to the internal network on GCP, we want to simulate a VPN connection. I have a VPN gateway set up, but I have no idea what to do on any random computer to simulate a connection to the internal network on GCP. Do I need something else to make this work? What are the steps on the host to connect to GCP? And finally, how do I go about limiting access to the webapp so only people in the internal network have access to the webapp?
When I want to test a VPN, I simply create a new VPC in my project and I connect both with Cloud VPN. Then, in the new VPC, you can create VM that simulate computer in the other side of the VPN and thus simulate what you want.
To setup a VPN on GCP you can use Cloud VPN using static or dynamic routing, you will need to configure a remote peer from the location you want to access your GCP resources to establish the connection towards the Cloud VPN gateway on GCP end.
This means you may require a router that supports creating VPN tunnels on your on-premises or use a host that acts like a router to establish this connection using a VPN software towards Cloud VPN (like Strongswan, for example).
You can block external access to the resources on your VPC network by using GCP firewall rules and just allow specific ports or source IP ranges as you wish.
Another option, even if it's not a VPN or encrypted traffic, is to only allow ingress traffic from the public IP from where you would like to connect to your internal VPC, but this is less secure and would only work if you have an static public IP on your on-premises.
Since you said this is a school project, I would recommend asking your teacher for more direct advice. That said, you can't "simulate" a VPN but you can set up an IPSec client on your laptop or whatever and actually connect to it. Unfortunately Google doesn't appear to have any documentation on this so I'm guessing they presume you already know IPSec well enough to write a connection config yourself.
Using kubectl port-forward might be an easier solution.
Something similar as with Vyatta Gateway is their possible to have the transit Vlan on VM.
You can not create transit vlan on virtual server as you do with vyatta gateway, because a Network Gateway is sized to handle the routing load for multiple VLANs and the virtual server no.
For more information you can review these documents:
https://www.ibm.com/cloud/virtual-servers
https://knowledgelayer.softlayer.com/topic/gateways
https://knowledgelayer.softlayer.com/learning/network-gateway-devices-vyatta
AWS Device Farm seems only able to access public hosts/ips. I am looking into testing in non-production environment, but I could not find the settings to allow it to access hosts in a particular VPCs.
I work for the Device Farm team.
Currently, there is no out of the box support for VPCs with Device Farm.
However, one of the ways to achieve this would be to whitelist the IP range of devices in device farm and have your VPC host accept the connection from this IP range.
Hope that helps.