Obtaining GCP IP ranges to enable proxy and firewall configuration

Depending on your company's infrastructure setup, the on-premises components may or may not go through a proxy/firewall to reach the Symphony pod.

We have seen previous cases where the customer's own network team use a static IP in the proxy/firewall settings, to allow traffic directly to the Symphony pod. However, static IP's provide an issue at this point due to AWS performing automatic scaling on their side, which will assign/remove IP from the ELB dynamically.

Note: Symphony have no control over AWS regarding their scaling, therefore Symphony is unable to notify you beforehand
 
In the event that your company does use static IP in the proxy/firewall settings, you may want to refer to the below steps to find the IP ranges for your pod. 

As per the FAQ here, Google Cloud Platform uses a large range of IP addresses, which change over time. For historical reasons, Google Cloud Platform publishes its list of public IP addresses in an SPF record for_cloud-netblocks.googleusercontent.com.

When you need the literal IP addresses for Google Cloud Platform, use one of the common DNS lookup commands (e.g. nslookup, dig, host) to retrieve the TXT records for the domain _cloud-netblocks.googleusercontent.com:

$ nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8

This returns a list of the domains included in Google's SPF record, such as:

_cloud-netblocks1.googleusercontent.com, _cloud-netblocks2.googleusercontent.com, _cloud-netblocks3.googleusercontent.com, _cloud-netblocks4.googleusercontent.com,_cloud-netblocks5.googleusercontent.com

Next, look up the DNS records associated with those domains, one at a time:

$ nslookup -q=TXT _cloud-netblocks1.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks2.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks3.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks4.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks5.googleusercontent.com 8.8.8.8

The above results will return you a list of IP Range, once consolidated this will be the GCP IP ranges used.

 

Note: GCP does not provide any mapping between the IP range to their corresponding zones

 

If you require further assistance regarding this, please contact the Symphony Support team at support@symphony.com