Native MySQL connection using internal IP

1,228 views
Skip to first unread message

Jakub Głuszecki

unread,
Nov 16, 2013, 9:02:28 AM11/16/13
to google-cloud...@googlegroups.com
Hi folks!

I have a Ruby no Rails application running on Compute Engine VM's.
I'm excited about a new possibility to use native mysql connections to CloudSql instances,
however I'm not happy to connect using an external IP.
Is there any possibility now, or planned in the near future, to connect to CloudSql instance using some sort of internal IP, just like two Compute Engine Vm's can connect to each other using internal subnet?

Razvan Musaloiu-E.

unread,
Nov 16, 2013, 10:22:59 PM11/16/13
to google-cloud...@googlegroups.com
Currently we only have support via externals IPs. Note that the SSL support [1] provides a way to secure the connections to Clouud SQL from both GCE and Internet.


-- Razvan ME


--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/3088169e-b8d9-46bf-9830-85030b429046%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Jakub Głuszecki

unread,
Nov 17, 2013, 7:23:41 AM11/17/13
to google-cloud...@googlegroups.com
Thanks for your answer Razvan,
I'm aware of SSL support, I agree that it improves security, however I have some other concerns about connecting using external IP - I'm afraid of network/firewall issues. Is there any possibility that some firewall (on the Google side) interferes with mysql connections between GCE and CloudSql instances? I have some issues with unused connenctions. Everything works fine if a connection is busy, but few minutes of inactivity seems to break it. I'm going to dig deeper, but maybe You can provide me with some hints.

W dniu niedziela, 17 listopada 2013 04:22:59 UTC+1 użytkownik Razvan Musaloiu-E. napisał:
Currently we only have support via externals IPs. Note that the SSL support [1] provides a way to secure the connections to Clouud SQL from both GCE and Internet.


-- Razvan ME
On Sat, Nov 16, 2013 at 6:02 AM, Jakub Głuszecki <jakub.g...@gmail.com> wrote:
Hi folks!

I have a Ruby no Rails application running on Compute Engine VM's.
I'm excited about a new possibility to use native mysql connections to CloudSql instances,
however I'm not happy to connect using an external IP.
Is there any possibility now, or planned in the near future, to connect to CloudSql instance using some sort of internal IP, just like two Compute Engine Vm's can connect to each other using internal subnet?

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.

Jakub Głuszecki

unread,
Nov 17, 2013, 8:50:15 AM11/17/13
to google-cloud...@googlegroups.com
Using mysql client it looks like this: (connecting from GCE vm instance)

mysql> select count(*) from leads;
+----------+
| count(*) |
+----------+
|        2 |
+----------+
1 row in set (0.00 sec)

[ ... now take a 15 mins break ... ]

mysql> select count(*) from leads;

[ ... it hangs and after few minutes: ]

ERROR 2013 (HY000): Lost connection to MySQL server during query

[ ... another try, right after error msg appeared ]

mysql> select count(*) from leads;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    8
Current database: landingpage

+----------+
| count(*) |
+----------+
|        2 |
+----------+
1 row in set (0.10 sec)

Tony Tseng

unread,
Nov 18, 2013, 11:05:16 AM11/18/13
to google-cloud...@googlegroups.com
Hi there,
The 15 minute window may indicate that your instance has been brought down due to inactivity. Is your instance on a per use pricing plan (https://developers.google.com/cloud-sql/pricing#per_use)? If that's the case, that'd explain why the server has gone away.


To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/94128185-6a4a-4ffa-aff8-f6e23a5470de%40googlegroups.com.

Razvan Musaloiu-E.

unread,
Nov 18, 2013, 11:30:00 AM11/18/13
to google-cloud...@googlegroups.com
I was able to reproduce the issue reported by Jakub Głuszecki. The instance was up so it's not the 15-minute timeout. I'll dig some more to find the root cause.

-- Razvan ME


Jakub Głuszecki

unread,
Nov 18, 2013, 11:58:38 AM11/18/13
to google-cloud...@googlegroups.com
I switched to package billing plan plus I have an application making
regular sql queries to cloudsql instance (using GCE health check) but
the problem I reported using mysql client still exists.

2013/11/18 Razvan Musaloiu-E. <raz...@google.com>:
>>>>>> an email to google-cloud-sql-d...@googlegroups.com.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/google-cloud-sql-discuss/3088169e-b8d9-46bf-9830-85030b429046%40googlegroups.com.
>>>>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>>>
>>>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Google Cloud SQL discuss" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to google-cloud-sql-d...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/google-cloud-sql-discuss/94128185-6a4a-4ffa-aff8-f6e23a5470de%40googlegroups.com.
>>>
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google Cloud SQL discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to google-cloud-sql-d...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/google-cloud-sql-discuss/CAJY7PsCeOU9n2Rs-DG%2BBy1wvht1a%2BgGjhrsm25w57B0Z-9%3DFxg%40mail.gmail.com.
>>
>> For more options, visit https://groups.google.com/groups/opt_out.
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Google Cloud SQL discuss" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> google-cloud-sql-d...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/google-cloud-sql-discuss/CA%2BUvTg2NOmwKRbi-a3S3XKuZDyhWr%3Dser9pN3MJ3_MYYPtYO%3Dw%40mail.gmail.com.
>
> For more options, visit https://groups.google.com/groups/opt_out.



--
Jakub Głuszecki

Razvan Musaloiu-E.

unread,
Nov 18, 2013, 9:17:21 PM11/18/13
to google-cloud...@googlegroups.com
It seems that you are affected by a limitation in GCE:

   Once a connection has been established with an instance, traffic is permitted in both directions over that connection, until the connection times out after 10 minutes of inactivity.

Can you try configuring the TCP keepalive [2]?

[1] https://developers.google.com/compute/docs/networking#overview

-- Razvan ME


Razvan Musaloiu-E.

unread,
Nov 18, 2013, 10:26:11 PM11/18/13
to google-cloud...@googlegroups.com
Yup, lowering the keepalive make the mysql client happy. Here is the command I used:

sudo bash -c 'echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time'

-- Razvan ME

Jakub Głuszecki

unread,
Nov 19, 2013, 4:36:06 AM11/19/13
to google-cloud...@googlegroups.com
Thank you Razvan. I confirm that adjusting tcp_keepalive_time solves
the problem.
Call me old-fashioned, I still would love to have the ability to
connect to cloudsql using GCE internal subnet.

2013/11/19 Razvan Musaloiu-E. <raz...@google.com>:
> https://groups.google.com/d/msgid/google-cloud-sql-discuss/CA%2BUvTg1DW9E%2B%3DEZJADtvni%3DjocO5kWSDK%3Dr3AnUxm5H_VceKQw%40mail.gmail.com.

Sergio Garcia Murillo

unread,
Nov 19, 2013, 5:05:58 AM11/19/13
to google-cloud...@googlegroups.com
+1 ;)

Or at least be able to authorize them with something different than the
public IP address, which can be a real burden when launching servers
dynamically with temporal ip addresses.

Best regards
Sergio
El 19/11/2013 10:36, Jakub G�uszecki escribi�:
> Thank you Razvan. I confirm that adjusting tcp_keepalive_time solves
> the problem.
> Call me old-fashioned, I still would love to have the ability to
> connect to cloudsql using GCE internal subnet.
>
> 2013/11/19 Razvan Musaloiu-E. <raz...@google.com>:
>> Yup, lowering the keepalive make the mysql client happy. Here is the command
>> I used:
>>
>> sudo bash -c 'echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time'
>>
>>
>> -- Razvan ME
>>
>>
>> On Mon, Nov 18, 2013 at 6:17 PM, Razvan Musaloiu-E. <raz...@google.com>
>> wrote:
>>> It seems that you are affected by a limitation in GCE:
>>>
>>> Once a connection has been established with an instance, traffic is
>>> permitted in both directions over that connection, until the connection
>>> times out after 10 minutes of inactivity.
>>>
>>> Can you try configuring the TCP keepalive [2]?
>>>
>>> [1] https://developers.google.com/compute/docs/networking#overview
>>> [2] http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html
>>>
>>> -- Razvan ME
>>>
>>>
>>> On Mon, Nov 18, 2013 at 8:58 AM, Jakub G�uszecki
>>> <jakub.g...@gmail.com> wrote:
>>>> I switched to package billing plan plus I have an application making
>>>> regular sql queries to cloudsql instance (using GCE health check) but
>>>> the problem I reported using mysql client still exists.
>>>>
>>>> 2013/11/18 Razvan Musaloiu-E. <raz...@google.com>:
>>>>> I was able to reproduce the issue reported by Jakub G�uszecki. The
>>>>> instance
>>>>> was up so it's not the 15-minute timeout. I'll dig some more to find
>>>>> the
>>>>> root cause.
>>>>>
>>>>> -- Razvan ME
>>>>>
>>>>>
>>>>> On Mon, Nov 18, 2013 at 8:05 AM, Tony Tseng <t...@google.com> wrote:
>>>>>> Hi there,
>>>>>> The 15 minute window may indicate that your instance has been brought
>>>>>> down
>>>>>> due to inactivity. Is your instance on a per use pricing plan
>>>>>> (https://developers.google.com/cloud-sql/pricing#per_use)? If that's
>>>>>> the
>>>>>> case, that'd explain why the server has gone away.
>>>>>>
>>>>>>
>>>>>> On Sun, Nov 17, 2013 at 5:50 AM, Jakub G�uszecki
>>>>>>> W dniu niedziela, 17 listopada 2013 13:23:41 UTC+1 u�ytkownik Jakub
>>>>>>> G�uszecki napisa�:
>>>>>>>> Thanks for your answer Razvan,
>>>>>>>> I'm aware of SSL support, I agree that it improves security, however
>>>>>>>> I
>>>>>>>> have some other concerns about connecting using external IP - I'm
>>>>>>>> afraid of
>>>>>>>> network/firewall issues. Is there any possibility that some firewall
>>>>>>>> (on the
>>>>>>>> Google side) interferes with mysql connections between GCE and
>>>>>>>> CloudSql
>>>>>>>> instances? I have some issues with unused connenctions. Everything
>>>>>>>> works
>>>>>>>> fine if a connection is busy, but few minutes of inactivity seems to
>>>>>>>> break
>>>>>>>> it. I'm going to dig deeper, but maybe You can provide me with some
>>>>>>>> hints.
>>>>>>>>
>>>>>>>> W dniu niedziela, 17 listopada 2013 04:22:59 UTC+1 u�ytkownik Razvan
>>>>>>>> Musaloiu-E. napisaďż˝:
>>>>>>>>> Currently we only have support via externals IPs. Note that the SSL
>>>>>>>>> support [1] provides a way to secure the connections to Clouud SQL
>>>>>>>>> from both
>>>>>>>>> GCE and Internet.
>>>>>>>>>
>>>>>>>>> [1] https://developers.google.com/cloud-sql/docs/instances#ssl
>>>>>>>>>
>>>>>>>>> -- Razvan ME
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sat, Nov 16, 2013 at 6:02 AM, Jakub G�uszecki
>>>> Jakub G�uszecki

Razvan Musaloiu-E.

unread,
Nov 19, 2013, 10:08:19 AM11/19/13
to google-cloud...@googlegroups.com
I agree that the ability to connect using local GCE address makes a lot of sense and it is something we would like to make it possible. We are not there yet though. :-)

-- Razvan ME

Razvan Musaloiu-E.

unread,
Nov 19, 2013, 10:09:31 AM11/19/13
to google-cloud...@googlegroups.com
The Cloud SQL Admin API [1] makes it possible to automate many actions, including updating the authorized networks. Have you try it?


-- Razvan ME


On Tue, Nov 19, 2013 at 2:05 AM, Sergio Garcia Murillo <sergio.gar...@gmail.com> wrote:
+1 ;)

Or at least be able to authorize them with something different than the public IP address, which can be a real burden when launching servers dynamically with temporal ip addresses.

Best regards
Sergio
El 19/11/2013 10:36, Jakub Głuszecki escribió:
Thank you Razvan. I confirm that adjusting tcp_keepalive_time solves
the problem.
Call me old-fashioned, I still would love to have the ability to
connect to cloudsql using GCE internal subnet.

2013/11/19 Razvan Musaloiu-E. <raz...@google.com>:
Yup, lowering the keepalive make the mysql client happy. Here is the command
I used:

sudo bash -c 'echo 60 > /proc/sys/net/ipv4/tcp_keepalive_time'


-- Razvan ME


On Mon, Nov 18, 2013 at 6:17 PM, Razvan Musaloiu-E. <raz...@google.com>
wrote:
It seems that you are affected by a limitation in GCE:

    Once a connection has been established with an instance, traffic is
permitted in both directions over that connection, until the connection
times out after 10 minutes of inactivity.

Can you try configuring the TCP keepalive [2]?

[1] https://developers.google.com/compute/docs/networking#overview
[2] http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html

-- Razvan ME


On Mon, Nov 18, 2013 at 8:58 AM, Jakub Głuszecki
<jakub.g...@gmail.com> wrote:
I switched to package billing plan plus I have an application making
regular sql queries to cloudsql instance (using GCE health check) but
the problem I reported using mysql client still exists.

2013/11/18 Razvan Musaloiu-E. <raz...@google.com>:
I was able to reproduce the issue reported by Jakub Głuszecki. The

instance
was up so it's not the 15-minute timeout. I'll dig some more to find
the
root cause.

-- Razvan ME


On Mon, Nov 18, 2013 at 8:05 AM, Tony Tseng <t...@google.com> wrote:
Hi there,
The 15 minute window may indicate that your instance has been brought
down
due to inactivity. Is your instance on a per use pricing plan
(https://developers.google.com/cloud-sql/pricing#per_use)? If that's
the
case, that'd explain why the server has gone away.


On Sun, Nov 17, 2013 at 5:50 AM, Jakub Głuszecki
<jakub.g...@gmail.com> wrote:
W dniu niedziela, 17 listopada 2013 13:23:41 UTC+1 użytkownik Jakub
Głuszecki napisał:
Thanks for your answer Razvan,
I'm aware of SSL support, I agree that it improves security, however
I
have some other concerns about connecting using external IP - I'm
afraid of
network/firewall issues. Is there any possibility that some firewall
(on the
Google side) interferes with mysql connections between GCE and
CloudSql
instances? I have some issues with unused connenctions. Everything
works
fine if a connection is busy, but few minutes of inactivity seems to
break
it. I'm going to dig deeper, but maybe You can provide me with some
hints.

W dniu niedziela, 17 listopada 2013 04:22:59 UTC+1 użytkownik Razvan
Musaloiu-E. napisał:
Currently we only have support via externals IPs. Note that the SSL
support [1] provides a way to secure the connections to Clouud SQL
from both
GCE and Internet.

[1] https://developers.google.com/cloud-sql/docs/instances#ssl

-- Razvan ME


On Sat, Nov 16, 2013 at 6:02 AM, Jakub Głuszecki
<jakub.g...@gmail.com>
wrote:
Hi folks!

I have a Ruby no Rails application running on Compute Engine VM's.
I'm excited about a new possibility to use native mysql
connections to
CloudSql instances,
however I'm not happy to connect using an external IP.
Is there any possibility now, or planned in the near future, to
connect to CloudSql instance using some sort of internal IP, just
like two
Compute Engine Vm's can connect to each other using internal
subnet?

--
You received this message because you are subscribed to the Google
Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it,
send
--
You received this message because you are subscribed to the Google
Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it,
send an

--
You received this message because you are subscribed to the Google
Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send
an

--
You received this message because you are subscribed to a topic in the
Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit

https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to


--
Jakub Głuszecki


--
You received this message because you are subscribed to the Google Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an
--
You received this message because you are subscribed to a topic in the
Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/528B3806.20503%40gmail.com.

Stipe Ivan Latkovic

unread,
Dec 11, 2015, 1:21:20 AM12/11/15
to Google Cloud SQL discuss
Private networks still can't be authorized, is there a plan to change that in the near future?
--
You received this message because you are subscribed to the Google
Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it,
send an

--
You received this message because you are subscribed to the Google
Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send
an

--
You received this message because you are subscribed to a topic in the
Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit

https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to


--
Jakub Głuszecki

--
You received this message because you are subscribed to the Google Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an
--
You received this message because you are subscribed to a topic in the
Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsubscr...@googlegroups.com.

Razvan Musaloiu-E.

unread,
Dec 11, 2015, 1:29:35 AM12/11/15
to google-cloud...@googlegroups.com
We don't have that yet but the Second Generation Cloud SQL instances can be access without authorizing the IP of the client by using a proxy [1] that can get access using the service account of a VM.

[1] https://github.com/GoogleCloudPlatform/cloudsql-proxy

-- Razvan ME

--
You received this message because you are subscribed to the Google
Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it,
send an

--
You received this message because you are subscribed to the Google
Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send
an

--
You received this message because you are subscribed to a topic in the
Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit

https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to


--
Jakub Głuszecki

--
You received this message because you are subscribed to the Google Groups
"Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an
--
You received this message because you are subscribed to a topic in the
Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/google-cloud-sql-discuss/cLLxUxiS5ck/unsubscribe.
To unsubscribe from this group and all its topics, send an email to

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/9264168c-c537-452f-8c3a-c6757e4acb1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages