API Gateway and load balancer

171 views
Skip to first unread message

Espen Zachrisen

unread,
Feb 19, 2021, 11:00:27 AMFeb 19
to api-gateway-users
In the doc (https://cloud.google.com/api-gateway/docs/deployment-model) there's a reference to putting the API Gateway behind an external load balancer:

Screen Shot 2021-02-19 at 9.57.20 AM.png

Are the API Gateways  in regions 1-3 set up as Internet NEGs in the load balancer? 
Does anyone have an example ? 

-- Espen

Denis Loginov

unread,
Mar 4, 2021, 7:46:28 PMMar 4
to api-gateway-users
Hi Espen,

This is not an official answer, but I'm looking to do the same and I think Chris confirmed that previously:
> That’s true, you can use an internet NEG to configure load balancer integration, but with the downside that the direct gateway URL is still available.
(he also confirmed this is how we could set up a custom domain for API GW currently).

There are some limitations with this approach, however, e.g. (my wording):
> However, the reason Cloud Armor is not effective for it yet is because internal-and-gclb ingress setting is not supported by API Gateway. So any Cloud Armor restrictions could be bypassed by making calls directly to the API Gateway endpoint.
That being said, the direct API Gateway is not inherently discoverable (even through DNS queries), so this may not be as much of a concern.

I haven't tried this yet, but very much looking to do it. If you try first, please let me know also if that works for you (I'll post back my findings also).
There's also https://groups.google.com/g/api-gateway-trusted-testers, where you can find more information about this question ;-)

Best,
Denis

Denis Loginov

unread,
Mar 6, 2021, 1:03:37 AMMar 6
to api-gateway-users
I now recall my previous question about this :-)
> for an HTTPS LB, it only seems possible to use an Internet NEG to interface with an API Gateway. But Internet NEG docs [2] say that only a single INTERNET_FQDN_PORT is supported per backend. This seems to make it impossible to use a URL scheme where a single host/path combination is balanced between multiple regions, depending only on the client IP. Could you clarify what scheme is meant in the diagram for API 3 from [1]

So perhaps I'm just as stuck as you with this, at this point. The cross-regional diagram doesn't seem to be possible atm, given these limitations..

Rania Mohamed

unread,
Mar 7, 2021, 8:18:08 AMMar 7
to Denis Loginov, api-gateway-users
Hi Espen,

I did the setup of the GLB for API Gateway for a client using NEG and it works fine except for the geo-region based routing, I was able to do it using a work around but not direct or out of the box as all the API Gateway public IPs are all setup in US-central based IPs and it is tied to the region hosting the API-Gateway.
Screenshot 2021-03-07 2.06.36 PM.png
Screenshot 2021-03-07 2.05.20 PM.pngScreenshot 2021-03-07 2.03.59 PM.pngScreenshot 2021-03-07 2.03.48 PM.png

That's why for the geo based routing now the API Gateway team is working with the GLB team to extend the serveless NEG to add API Gateway as an endpoint:
Screenshot 2021-03-07 2.14.47 PM.png

My Understanding that the feature should be ready this quarter so sometimes this month.

Please let me know in case you have any questions or concerns, I would always be happy to help out with anything :).

thanks,
-rania
 

--
You received this message because you are subscribed to the Google Groups "api-gateway-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-gateway-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/api-gateway-users/4ea46704-2087-4a92-a9c5-5b97cc2175f9n%40googlegroups.com.

Espen Zachrisen

unread,
Mar 9, 2021, 3:10:30 PMMar 9
to api-gateway-users
Thank you, Rania. That makes sense. We'll check it out and see if it'll work for us for now. Looking forward to the official support for the API Gateway as an endpoint group!

-- Espen

Pasha Seliverstov

unread,
Apr 9, 2021, 5:37:43 PMApr 9
to api-gateway-users
Hi Rania,

Thank you for the detailed response.

Today is 9th of April. Are any updates on geo-region based routing?

Best regards,
Pasha

Rania Mohamed

unread,
Apr 12, 2021, 3:26:26 AMApr 12
to Pasha Seliverstov, api-gateway-users
Hi Pasha,

I tried it again this weekend and still the serverless NEG only supports CF, Cloud Run and App Engine so unfortunately the geo-region based routing is still not available thru our LBs out of the box.
Please let me know in case you have any concerns or questions I would always be glad to help out with anything :)

thanks,
-rania

Stephen Gaffney

unread,
May 25, 2021, 11:51:50 AMMay 25
to api-gateway-users
Hi All,

Any update on the timeline for this new feature?

Thanks
Stephen

Rania Mohamed

unread,
May 25, 2021, 11:59:51 AMMay 25
to Stephen Gaffney, api-gateway-users
Hi Stephen,

If you are referencing the Serverless NEG supporting API gateway in order to have our LBs supporting the implementation of geo location based routing, yes we have it now in a preview mode :).


Unfortunately, it is still not supported yet from the console, today the preview is only enabling the feature in an alpha mode thru gcloud cli, though I would expect it to be available thru the console as soon we released it in a beta mode.

Sorry if I misinterpreting your question and please let me know in case you have any question or concern, would always be happy to help out with anything at all :).

thanks,
-rania

Stephen Gaffney

unread,
May 25, 2021, 12:25:02 PMMay 25
to api-gateway-users
Hi Rania,

Thank you for your quick reply! Sorry I should have specified but yes that's what I was enquiring about. That's great, thanks for the update, looking forward to using it. 

The link you provided returns a 404 for me, is there another way to access it?

Stephen

Reply all
Reply to author
Forward
0 new messages