LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page
  • Overview
  • Lab
  • Set the default region and zone for all resources
  • Create multiple web server instances
  • Configure the load balancing service
  • Sending traffic to your instances
  • Create an HTTP load balancer

Was this helpful?

  1. Google Cloud Computing
  2. Cloud Computing Fundamentals

Set Up Network and HTTP Load Balancers

LAB 6

PreviousKubernetes Engine: Qwik Start

Last updated 2 years ago

Was this helpful?

Overview

In this hands-on lab you'll learn the differences between a network load balancer and an HTTP load balancer and how to set them up for your applications running on Compute Engine virtual machines (VMs).

There are several ways you can . This lab takes you through the set up of the following load balancers:

Lab

Set the default region and zone for all resources

with the following command:

gcloud config set compute/zone us-central1-a
gcloud config set compute/region us-central1

Create multiple web server instances

Create 2 new VMs in your default zone

gcloud compute instances create www1 \
  --image-family debian-9 \
  --image-project debian-cloud \
  --zone us-central1-a \
  --tags network-lb-tag \
  --metadata startup-script="#! /bin/bash
    sudo apt-get update
    sudo apt-get install apache2 -y
    sudo service apache2 restart
    echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html"
gcloud compute instances create www2 \
  --image-family debian-9 \
  --image-project debian-cloud \
  --zone us-central1-a \
  --tags network-lb-tag \
  --metadata startup-script="#! /bin/bash
    sudo apt-get update
    sudo apt-get install apache2 -y
    sudo service apache2 restart
    echo '<!doctype html><html><body><h1>www2</h1></body></html>' | tee /var/www/html/index.html"
gcloud compute instances create www3 \
  --image-family debian-9 \
  --image-project debian-cloud \
  --zone us-central1-a \
  --tags network-lb-tag \
  --metadata startup-script="#! /bin/bash
    sudo apt-get update
    sudo apt-get install apache2 -y
    sudo service apache2 restart
    echo '<!doctype html><html><body><h1>www3</h1></body></html>' | tee /var/www/html/index.html"

Create a firewall rule to allow external traffic to the VM instances:

gcloud compute firewall-rules create www-firewall-network-lb
--target-tags network-lb-tag --allow tcp:80

Run the following command to list IPs of all instances:

gcloud compute instances list

Configure the load balancing service

Create a static external IP address for your load balancer:

gcloud compute addresses create network-lb-ip-1 --region us-central1

Add a legacy HTTP health check resource:

gcloud compute http-health-checks create basic-check

Add a target pool in the same region as your instances. Run the following to create the target pool and use the health check, which is required for the service to function:

gcloud compute target-pools create www-pool \
    --region us-central1 --http-health-check basic-check

Add the instances to the pool:

gcloud compute target-pools add-instances www-pool \
    --instances www1,www2,www3

Add a forwarding rule:

gcloud compute forwarding-rules create www-rule \
    --region us-central1 \
    --ports 80 \
    --address network-lb-ip-1 \
    --target-pool www-pool

Sending traffic to your instances

Enter the following command to view the external IP address of the www-rule forwarding rule used by the load balancer:

gcloud compute forwarding-rules describe www-rule --region us-central1

We can see below that every time the resource is requested, we get a response from a different server!

while true; do curl -m1 34.121.197.56; done

Create an HTTP load balancer

HTTP(S) Load Balancing is implemented on Google Front End (GFE). GFEs are distributed globally and operate together using Google's global network and control plane. You can configure URL rules to route some URLs to one set of instances and route other URLs to other instances. Requests are always routed to the instance group that is closest to the user, if that group has enough capacity and is appropriate for the request. If the closest group does not have enough capacity, the request is sent to the closest group that does have capacity.

To set up a load balancer with a Compute Engine backend, your VMs need to be in an instance group. The managed instance group provides VMs running the backend servers of an external HTTP load balancer. For this lab, backends serve their own hostnames.

create the load balancer template with the following command:

gcloud compute instance-templates create lb-backend-template \
   --region=us-central1 \
   --network=default \
   --subnet=default \
   --tags=allow-health-check \
   --image-family=debian-9 \
   --image-project=debian-cloud \
   --metadata=startup-script='#! /bin/bash
     apt-get update
     apt-get install apache2 -y
     a2ensite default-ssl
     a2enmod ssl
     vm_hostname="$(curl -H "Metadata-Flavor:Google" \
     http://169.254.169.254/computeMetadata/v1/instance/name)"
     echo "Page served from: $vm_hostname" | \
     tee /var/www/html/index.html
     systemctl restart apache2'

Create a managed instance group based on the template.

gcloud compute instance-groups managed create lb-backend-group \
   --template=lb-backend-template --size=2 --zone=us-central1-a

Create the fw-allow-health-check firewall rule.

This is an ingress rule that allows traffic from the Google Cloud health checking systems (130.211.0.0/22 and 35.191.0.0/16). This lab uses the target tag allow-health-check to identify the VMs.

gcloud compute firewall-rules create fw-allow-health-check \
    --network=default \
    --action=allow \
    --direction=ingress \
    --source-ranges=130.211.0.0/22,35.191.0.0/16 \
    --target-tags=allow-health-check \
    --rules=tcp:80

Set up a global static external IP address that people can use to reach your load balancer and take note of it:

gcloud compute addresses create lb-ipv4-1 \
    --ip-version=IPV4 \
    --global
    
gcloud compute addresses describe lb-ipv4-1 \
    --format="get(address)" \
    --global

Create a health check for the load balancer:

gcloud compute health-checks create http http-basic-check \
    --port 80

Create a backend service:

gcloud compute backend-services create web-backend-service \
    --protocol=HTTP \
    --port-name=http \
    --health-checks=http-basic-check \
    --global

Add your instance group as the backend to the backend service:

gcloud compute backend-services add-backend web-backend-service \
    --instance-group=lb-backend-group \
    --instance-group-zone=us-central1-a \
    --global
gcloud compute url-maps create web-map-http \
    --default-service web-backend-service

Create a target HTTP proxy to route requests to your URL map & Create a global forwarding rule to route incoming requests to the proxy:

gcloud compute target-http-proxies create http-lb-proxy \
    --url-map web-map-http

gcloud compute forwarding-rules create http-content-rule \
    --address=lb-ipv4-1\
    --global \
    --target-http-proxy=http-lb-proxy \
    --ports=80

Visiting the static public IP we took note of earlier returns a page with the backend group that the page is being served from as shown below!

(MIGs) let you operate apps on multiple identical VMs. You can make your workloads scalable and highly available by taking advantage of automated MIG services, including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating

Create a to route the incoming requests to the default backend service:

☁️
load balance on Google Cloud
Network Load Balancer
HTTP(s) Load Balancer
Managed instance groups
URL map
http://34.149.196.121/
The page shown above is dead if you're seeing it.