The architecture presented below satisfies GCP customers requirements to use third party compute instance based appliances in their flows.
The design considers HTTP(S) load balancers due its advanced capabilities.
- HTTP(S) supports port 80, 8080, and 443.
- The combination instance (responsible for SNAT/DNAT ingress traffic) and port (back end port) can be used a single time
- An instance may belong to at most one load-balanced instance group
GCP Load Balancers Decision Chart
- Add the second app to Cloud DNS for proper name resolution
- Create a second instance group and health check.
How to Scale Scenario 1
- add a new external load balancer
- add a new set of compute instances
How to Scale Scenario 2
- add a second back end using another set of compute instances
- Use Routing Rules to forward traffic to the new back end
How to Scale Scenario 3
- add a new external HTTP(S) load balancer
- create a new back end using the same instance group as before but using different ports
- this step requires the creation of a new named port in the instance group
- this step also requires proper secure firewall rules proper configured
- compute instance DNAT using SRC:DST port 81 and DST:DST port 80
How to Scale Scenario 4
- this scenario is a hybrid of scenarios 2 and 3
- a new BE is created using port 82
The HC as before is the same as we are checking the health of the compute instances:
- routing rules
- compute instance DNAT config: