ALERT: Due to maintenance activity, you might not see any screenshots. Your patience is highly appreciated. Thanks!!
This lab walks you through the difference between Ingress and Egress Traffic in the Google Cloud Platform.
Duration: 60 minutes
In very simple words Ingress Traffic is the number of Packets or the amount of data you are receiving from any source.
Egress Traffic is the number of Packets or the amount of data you send to the destination.
The flow of traffic is a very relative term, the same traffic came to be ingress and egress at the same time. For example, you are sending traffic from point A to point B. There 2 people standing at points A and B, According to the Person standing at point A, the traffic is Egress, whereas, for the person standing at Point B, the same traffic is Ingress.
The term Source and Destination is of utmost importance in terms of traffic.
A Firewall Rule is always applied within a Network. In GCP as the VPC is global in nature, so Firewall Rule is global as well. There are generally used to control the Egress and Ingress Traffic. There is a need to control the traffic as there can be many malicious attempts on your infrastructure or you need to filter the traffic in order to reduce your operational costs.
Apply to all the instances in the network.
Appy to a specific instance by specifying a tag.
Apply to a service account and use that service account in the VM and automatically that Firewall Rule will be applied to the VM.
You can think of the Priority as the level of severity. It ranges between 0 and 65535, where 0 means Highest Priority and 65535 means the Lowest Priority.
2 Firewall Rules are automatically applied to the VM with its creation. These are called the Implied Rules.
Allow Egress Rule i.e. Allows the VM to send the traffic to the internet. It has a Priority of 65535.
Deny Ingress Rule i.e Deny all the incoming traffic to the VM. It has a Priority of 65535.
default-allow-icmp(Lets you use tools such as ping)
default-allow-internal(This allows the communication between VMs within the same VPC network)
default-allow-rdp(This lets you connect to instances using the Remote Desktop Protocol)
default-allow-ssh(This lets you connect to instances using SSH)
Priority: Lies between 0-65535.
Action on Match: If the given parameters/conditions match allow or deny the traffic.
Target/Destination: Choose the destination from the 3 given choices All instances in a network, instances by network tag, and instances by service account.
Source: It can be an IPv4 range, a network tag, or a service account depending on the destination.
Protocols and Ports: Specify the Port and Protocols needed for the communication.
Creating 2 VM Instances.
SSHing into the VM.
Egressing and Ingressing traffic between the VMs.