Google Cloud Load Balancing

Load Balancing CDN Disabled

Risk Level: Medium

Description

This module guarantees that Cloud CDN is empowered on all load balancers. Cloud CDN speeds up and dependability just as brings down server costs. Empowering CDN on load balancers makes an exceptionally accessible framework and is essential for GCP best practices.

About the Service

Google Cloud Load Balancing:

According to Google services, the Google Cloud offers server-side load balancing so you can distribute incoming traffic across multiple virtual machine (VM) instances. Detect and automatically remove unhealthy VM instances using health checks. Instances that become healthy again are automatically re-added. Google's global load balancer knows where the clients are located and directs packets to the closest web service, providing low latency to users while using a single virtual IP (VIP). Using a single VIP means we can increase the time to live (TTL) of our DNS records, which further reduces latency. To know more about GCP Cloud Load Balancing click here.

Impact

HTTP(S) load balancing Content Delivery Network (CDN) passages contain data valuable for checking and investigating web traffic. Google Cloud sends out this logging information to Cloud Monitoring administration so that checking measurements can be made to assess a load balancer's arrangement, use, and execution, investigate issues, and further develop asset use and client experience. By default, Cloud CDN will cache static content – including web assets and video files – that are not explicitly marked as private for the configured default time to live (TTL), without requiring any changes at your origin. Cloud CDN speeds up and dependability just as brings down server costs. Empowering CDN on load balancers makes an exceptionally accessible framework and is essential for GCP best practices. Thus, ensuring that your Google Cloud Platform (GCP) load adjusting backend administrations are designed to log HTTP(S) traffic.

Steps to Reproduce

Using GCP Console-

In order to ensure or determine, if your Google Cloud Platform (GCP) service Load Balancing backend services have CDN enabled or not, follow the steps mentioned below:

  1. Firstly, use the administrator account for signing up to Google Cloud Platform Console.
  2. Now, from the top navigation bar, select the GCP Project you want to investigate.
  3. From the Navigation Menu on the left, you may find the Networking section.
  4. Click on the Network Services subsection under Networking.
  5. Under the Network Services navigation panel, you may find Load Balancing as shown in the figure below.
  6. Click on the Load Balancing navigation link and a Cloud Load Balancing Page will appear on the screen. Click to open directly from here.
  7. On the Load Balancing Page, click on the Load Balancers nav link, present at the top of the navigation bar. This is to access the list of all the load balancers present within the Google Cloud Load Balancers in your GCP Project.
  8. The list of all the load balancers will be displayed. Choose the Name of Load Balancer you want to examine for. 
  9. A new page with all the details of that load balancer will be opened up. 
  10. Click on the Details tab and check for the Cloud CDN Configuration attribute value set for the backend service under the Backend Section. 
  11. In case, the value of the Cloud CDN attribute is set to Disabled, then the CDN is not enabled for that particular load balancer in your current GCP project.
  12. You may repeat steps 8-11 for other load balancers in your GCP Project.
  13. You may repeat the above-mentioned steps to check for the other GCP projects/folders in your organization.

Steps for Remediation

Using GCP Console-

In order to enable Cloud CDN  in your Google Cloud Platform (GCP) service Load Balancing backend services, follow the steps mentioned below::

  1. Firstly, use the administrator account for signing up to Google Cloud Platform Console.
  2. Now, from the top navigation bar, select the GCP Project you want to investigate in.
  3. From the Navigation Menu on the left, you may find the Networking section.
  4. Click on the Network Services subsection under Networking.
  5. Under the Network Services navigation panel, you may find Load Balancing as shown in the figure below.
  6. Click on the Load Balancing navigation link and a Cloud Load Balancing Page will appear on the screen. Click to open directly from here.
  7. On the Load Balancing Page, click on the Load Balancers nav link, present at the top of the navigation bar. This is to access the list of all the load balancers present within the Google Cloud Load Balancers in your GCP Project.
  8. The list of all the load balancers will be displayed. Choose the Name of Load Balancer you want to examine for.
  9. A new page with all the details of that load balancer will be opened up. 
  10. Click on the Edit button available on the top navigation bar. On the Edit HTTPS load balancer page, select the Backend Configuration Tab present at the left panel.
  11. Under the Backend Configuration, click on the little Pencil icon available next to the name of Backend Bucket. This will open up the Edit page.
  12. Under the Edit Backend Service configuration panel, under Cloud CDN, click on Enable Cloud CDN checkbox.
  13. Now, choose the Cache mode from the options given there, and set the desired time limits.
     
  14. Click on the Update button on the Edit back-end bucket page.
  15. Now, go back to the Edit page and click on the Update button to reconfigure the settings.
  16. You may repeat steps 8-14 for other load balancers in your GCP Project.
  17. You may repeat the above-mentioned steps to check for the other GCP projects/folders in your organization.