Obtaining GCP IP ranges to enable proxy and firewall configuration

Depending on your company's infrastructure configuration, the on-prem components may or may not go through a proxy/firewall to reach your pod.

When your organizations internal IT team uses a static IP in the proxy/firewall setting to allow traffic directly to your pod, there has sometimes been an issue due to Amazon Web Services (AWS) performing automatic scaling on their side, which will assign/remove IP from the ELB dynamically. 

Note: Symphony have no control over AWS regarding their scaling.

In the event that your company does use a static IP in the proxy/firewall settings, you may want to use the steps below to find the IP ranges for your pod. 

As per the FAQ here, Google Cloud Platform (GCP) uses a large range of IP addresses, which change over time. For historical reasons, GCP publishes its list of public IP addresses in an SPF record for_cloud-netblocks.googleusercontent.com.

When you need the literal IP addresses for GCP, use one of the common DNS lookup commands, for example nslookup, dig or host, to retrieve the TXT records for the domain _cloud-netblocks.googleusercontent.com (Figure 1):

$ nslookup -q=TXT _cloud-netblocks.googleusercontent.com

Figure 1 Command

This returns a list of the domains included in Google's SPF Record (Figure 2):

_cloud-netblocks1.googleusercontent.com, _cloud-netblocks2.googleusercontent.com, 
_cloud-netblocks3.googleusercontent.com, _cloud-netblocks4.googleusercontent.com,
Figure 2 Response

Next, look up the DNS records associated with those domains one at a time (Figure 3):
$ nslookup -q=TXT _cloud-netblocks1.googleusercontent.com
$ nslookup -q=TXT _cloud-netblocks2.googleusercontent.com
$ nslookup -q=TXT _cloud-netblocks3.googleusercontent.com
$ nslookup -q=TXT _cloud-netblocks4.googleusercontent.com
$ nslookup -q=TXT _cloud-netblocks5.googleusercontent.com

Figure 3 Commands

The above results will return a list of IP Ranges and once consolidated, these will be the GCP IP ranges used.

Note: GCP does not provide any mapping between the IP range to their corresponding zones.

If you require further assistance regarding this, please contact the Symphony Support team at support@symphony.com