Google发布/订阅的IP范围是什么? [英] What is the IP range(s) of Google pub/sub?

问题描述

我有一个Google发布/订阅订阅，可将主题消息推送到AppEngine标准服务端点.

我想将对AppEngine标准服务的访问限制为用户IP，并且仍然允许来自Google Pub/sub的消息.

在AppEngine防火墙中，唯一的选择是允许某些IP范围.

Google发布/订阅的IP范围是什么?

解决方案

我注意到来自Pub/Sub推送订阅的所有IP请求都来自2002:axx:xxxx::.根据IETF RFC 3056 ，2002:::是6to4范围.然后，将2002:axx:xxxx::转换为10.XXX.XXX.XXX，这是Google在这种情况下为内部联网保留的范围.

注意:除发布/订阅"以外的其他服务可能会(在某些时候)使用范围2002:a00::/24，10.XXX.XXX.XXX.例如 App Engine Flexible .如果在此特定项目中无法描述来自Flexible的请求，则将其屏蔽并赋予其更高的优先级.

最后，您的防火墙条目:

10      Allow   2002:a00::/24   Pub/Sub 
default Deny    *               The default action.

此外，在Google的问题跟踪器中为此创建了一个问题. >

I have a Google pub/sub subscription that pushes messages for a topic to an AppEngine standard service endpoint.

I want to restrict access to the AppEngine standard service to user IPs and still allow for messages coming from Google Pub/sub.

In the AppEngine firewall, the only option is to allow certain IP ranges.

What is the IP range(s) of Google pub/sub?

解决方案

I've noticed that all the IP requests from Pub/Sub push subscriptions are coming from 2002:axx:xxxx::. As per IETF RFC 3056, 2002::: is an 6to4 range. 2002:axx:xxxx::, then, is translated to 10.XXX.XXX.XXX, which is an range reserved for the internal networking in this case used by Google.

Note: that other services apart from Pub/Sub might [at some point] use range 2002:a00::/24, 10.XXX.XXX.XXX. For example App Engine Flexible. If requests from Flexible are not describable in this particular project then you will have block it and give it a higher priority.

In the end your Firewall entries:

10      Allow   2002:a00::/24   Pub/Sub 
default Deny    *               The default action.

Also, there is an issue created about it in Google's issue-tracker.

这篇关于Google发布/订阅的IP范围是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！