Connection from/to 169.254.169.254 google services

172 views
Skip to first unread message

Sylvain Bergé

unread,
Aug 17, 2014, 7:38:13 AM8/17/14
to gce-dis...@googlegroups.com
Hi,

Can you please explain why internal google name server 169.254.169.254 send TCP request from 80 logical port to the internal instance IP?
In more general terms, what are the default connections from/to Google services with instances images provided by Google?

Thanks.

Gary Ling

unread,
Aug 18, 2014, 12:48:02 PM8/18/14
to gce-dis...@googlegroups.com
Hi Sylvain,

Network load balancing service does health check by issuing HTTP requests that originate from this IP. For more, see the doc here.

Hope it helps.

Gary Ling

Sylvain Bergé

unread,
Aug 18, 2014, 3:38:05 PM8/18/14
to gce-dis...@googlegroups.com
Hi Gary,

The problem is I didn't set up any check:
$ gcloud compute http-health-checks list
NAME HOST PORT REQUEST_PATH

In addition, the traffic was about :
SRC=169.254.169.254 SPT:80 ===> DST=internal instance IP DPT : 40021 or 40016

--
Sylvain

David Newgas

unread,
Aug 18, 2014, 3:56:04 PM8/18/14
to Sylvain Bergé, gce-dis...@googlegroups.com
Hi Sylvain,

Are you looking at this from a tcpdump? It looks like you are looking at the *response* to a request from your instance to the metadata server.

David


--
© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/b4cee597-72fc-4e77-9b0a-715b6d5e7a2c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Sylvain Bergé

unread,
Aug 18, 2014, 5:15:14 PM8/18/14
to gce-dis...@googlegroups.com, msy...@gmail.com
Hi David,

You right, it could be the explanation.
However, I am surprised because I use the following iptables rule:

pkts bytes target     prot opt in     out     source               destination
 124K   44M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

Because I didn't find any other trace, I think it is now fixed.

Thank you for your support.

--
Sylvain
Reply all
Reply to author
Forward
0 new messages