I am able to do the setup and the backend servers can ping each other using local IP. However, they cannot do using public IP. If I allow egress using specific public IP then they can talk to each other. Is there a better way to configure a firewall rule to allow all servers in backend can ping each other using their public IO (instead of typing in each public IP address as egress source?
1 Answers
Great question, Srika! 😀 The answer is: Yes, I expect all communication between instances on the VPC to use the internal, private IP addresses and not any public IPs.
If you use the public IPs, the VPC Routing sees that traffic as destined externally for the Internet at large–and then that traffic tries to make its way back in. So with that understanding, that traffic should be blocked! 😁👍 This structure (of using private IPs and internal routing) helps strengthen network security.
so we need to complete this challenge lab with internal IP? What will be the firewall rule requried to enable BE-BE and FE-BE ping?
so we need to complete this challenge lab with internal IP? What will be the firewall rule requried to enable BE-BE and FE-BE ping with external ip