Google HTTPS Load Balancing Wrong Source IP

[Tarlan Amrahli]

Hi All,

We have configured  GLB with ingress. So, problem there we are getting wrong client ip in our logs. IP's which we have get is 35.191.0.0/16 and 130.211.0.0/22. I know that 

• The IP address of the Google Front End (GFE) that connected to the backend. These IP addresses are in the 130.211.0.0/22 and 35.191.0.0/16 ranges.

We added externalTrafficPolicy:Local in our ingress service but it not helped us

Is a any solution how to get client real ip in GLB with ingress?

[simrandeeps]

Hello,

I would suggest you to use the HTTP X-Forwarded-For header as described in document [1].

If there is no X-Forwarded-For header on the incoming request, these two IP addresses <client-ip>,<load-balancer-ip> are the entire header value.

If the request includes an X-Forwarded-For header, the load balancer preserves the supplied value before the <client-ip>,<load-balancer-ip> so it will be <supplied-value>,<client-ip>,<load-balancer-ip>. The load balancer does not verify any IP addresses that precede <client-ip>,<load-balancer-ip> in this header.

[1] https://cloud.google.com/load-balancing/docs/https#x-forwarded-for_header

[Tarlan Amrahli]

Hello  simrandeeps,
Thanks your respond. Where need I to use  X-Forwarded-For header? Have you any example

[Derek Murphy]

Hello,

I was in contact with a member of the networking support team and they had this advice to give : 

Your backend instance/application receives the traffic directly from the GFE IP addresses. This is expected. The X-Forwarded-For header has to be retrieved from the HTTP header of the requests. It has to be done at the application level

I hope this helps. Have a nice day.