IBM Cloud Docs
Verifying connectivity to a Private Path service

Verifying connectivity to a Private Path service

After you create a Private Path service, the service's status is Stable. At this time, it's a good idea to test the connection to your service by creating a VPE gateway with the cloud resource name (CRN) associated with your Private Path service.

To verify that the Private Path service is fully functional before publishing it for consumer use, you must use the same account to create the VPE gateway as the account used to create the Private Path service. After you publish your Private Path service, any account can be used to create the VPE gateway.

You can verify connectivity to a Private Path service by using SSH to log into a virtual server instance running in the VPC containing the endpoint gateway. Then, initiate traffic to the VPE service endpoint or private IP.

Verifying connectivity to a Private Path service in the UI

To verify connectivity to a Private Path service from the IBM Cloud console, follow these steps:

  1. From your browser, open the IBM Cloud console and log in to your account.

  2. Select the Navigation Menu Menu icon, then click Infrastructure > Network > Private Path services.

  3. Locate your new Private Path in the table and click the name of the service to show its Details page.

  4. Copy the CRN to your clipboard.

  5. Click the Infrastructure breadcrumb at the top of the page, then click Virtual private endpoint gateways in the Network section.

  6. Create a VPE gateway to connect to your Private Path service using your Private Path CRN. For instructions, see Creating a VPE gateway.

  7. Navigate back to the Private Path services for VPC list page and click the name of your Private Path service in the table.

  8. In the Connections section:

    • If your default policy is set to Permit all requests, your request shows in the Permitted view.
    • If your default policy is set to Review all requests, your request shows in the Requests to review view. Permit your connection request.
  9. Connect to your service.

Verifying connectivity to a Private Path service from the CLI

The following example shows how to use the CLI to verify connectivity to a Private Path service.

Before you begin, make sure to set up your CLI environment.

You must first export the feature flag to use the CLI for Private Path beta release offerings.

To export the feature flag, enter the following commands:

export IBMCLOUD_IS_FEATURE_PRIVATE_PATH_SERVICE_GATEWAY=true
export IBMCLOUD_IS_FEATURE_PP_NLB_SUPPORT=true

To verify connectivity to a Private Path service from the CLI, follow these steps:

  1. Create a VPE gateway to connect to your Private Path service using your Private Path CRN. For instructions, see Creating a VPE gateway from the CLI.
  2. Connect to your service.

Verifying connectivity to a Private Path service with the API

To verify connectivity to a Private Path service with the API, follow these steps:

  1. Follow these instructions to create a VPE with TargetCrn specified with your Private Path service CRN.
  2. Ensure that at least one of your load balancer's members health is shown as ok.
  3. From a VSI in the same VPE's VPC, initiate a request to the VPE's private IP or service_endpoint and expect to get a reply. For example, SSH into a VSI in the same VPE's VPC with image ibm-ubuntu-18-04-6-minimal-s390x-3. Then run this command:
  export ip=<VPE-private-ip>
  export port=<load-balancer-listener-port>
  wget http://$ip:$port

Verifying connectivity to a Private Path service with Terraform

Terraform will support this feature after it reaches General Availability (GA) and is officially released.

The following example verifies connectivity to a Private Path network by using Terraform:

resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway" {
    name = "my-example-egw"
    target {
        crn = ibm_is_private_path_service_gateway.ppsg.crn
        resource_type = "private_path_service_gateway"
    }
    vpc = ibm_is_vpc.vpc.id
}

Next steps

  1. Publish your Private Path service
  2. Communicate connection information to consumers
  3. Review connection requests and Create account policies