Join Log in
Score:2
stkvtflw avatar Server

Google Cloud App Engine with network peering

ca flag
stkvtflw

I'm trying to connect App Engine application to MongoDB Cloud over a peering connection.

All services in my GCP are using non-default network called "main". I've setup peering connection with terraform:

resource "google_compute_network_peering" "mongodb_peering" {
  name         = "mongodb-peering"
  network      = google_compute_network.main.self_link
  peer_network = "projects/${mongo-cloud-project}/global/networks/${mongo-cloud-network}"
}

It works as expected.

Presumably App Engine uses default VPC network.

When I'm trying to create second connection on the default network I'm getting error because of overlapping ranges. So, I've just deleted the peering with main network and set up a new one with the default network.

Still the App Engine application cannot connect to mongodb over the peering connection.

App.yaml:

runtime: nodejs12

instance_class: F4

handlers:
  - url: /.*
    secure: always
    redirect_http_response_code: 301
    script: auto

automatic_scaling:
  max_instances: 2
  max_concurrent_requests: 80

inbound_services:
  - warmup
270
1 + 10
James S avatar
it flag
James S
What where the CIDR ranges of the main and default network for the first and second peering that you attempted?
0
Reply
stkvtflw avatar
ca flag
stkvtflw
@JamesS main: 10.128.0.0/9, default: 10.128.0.0/20
0
Reply
stkvtflw avatar
ca flag
stkvtflw
What's up with the downvote? Is something wrong with that question?
0
Reply
jabbson avatar
sb flag
jabbson
If you haven't solved it yet... When you said `when I'm trying to create second connection on the default network...`, what do you mean by `second connection`? My understanding you have an App Engine using the default VPC and the default VPC peering to the Atlas cloud and cannot connect from the GAE to the database?
1
Reply
jabbson avatar
sb flag
jabbson
Maybe also include info like - what flavour of gae you are using, how your app.yaml looks like, how you are accessing the database from the app, how your firewall is configured, whether you can access the same database from the VM in the VPC
1
Reply
James S avatar
it flag
James S
You cannot have 2 or more VPC peerings that in your case, uses the same overlapping IP Ranges. This will create confusion since the routes will be created with the same priority. My suggestion for now would be as @jabbson stated, clarify your goal and provide more details and use a completely different CIDR range with the other VPC peer.
0
Reply
stkvtflw avatar
ca flag
stkvtflw
@jabbson I also thought that App Engine is using the default VPC. I deleted the "main" pearing and created one for the default VPC. The connection did not work. I've just added app.yaml.
0
Reply
jabbson avatar
sb flag
jabbson
So this is for a standard environment then. If so then the app is not using any of your networks by default, you need to use the serverless VPC access connector to connect to your VPCs.
1
Reply
stkvtflw avatar
ca flag
stkvtflw
@jabbson thanks, that helped!
0
Reply
James S avatar
it flag
James S
@stkvtflw Were your questions answered? If so, please post it as an answer so other members with the same questions can see it.
0
Reply
Score:0
James S avatar Server
it flag
James S

You cannot have 2 or more VPC peerings that in your case, uses the same overlapping IP Ranges. This will create confusion since the routes will be created with the same priority.

And as @jabbson pointed out, the app is not using any of your networks by default. so you'll need to create a serverless VPC access connector to connect your VPCs.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.