[offtopic, not a technical issue] google charging for network traffic from US to EMEA about bitwarden_gcloud HOT 8 OPEN

FWIW, I already use the free tier of Cloudflare for DNS and proxying, and I also get a couple cents charged on some months, though not always. This doesn't include any blocking/firewall, but my understanding was that, through the Cloudflare network, the data center talking to the actual GCE VM would be in a region close to the VM.

However, do you see the "Network Internet Data Transfer" charges in the PDF invoices that Google sends? Because I've never seen anything so detailed there, mine just say "Fee for MONTH YEAR", and sometimes that's 0, sometimes not.

from bitwarden_gcloud.

from bitwarden_gcloud.

Yeah, I also see some amount on the line
Network Internet Data Transfer Out from Americas to China

It is in the order of 0.01 USD

So I did not bother much (yet)

But I'm wondering what could be this traffic going out to China...
bots traffic probably.

from bitwarden_gcloud.

I've noticed the same, 2 months with $.02. Unfortunately, putting the blocking in gcloud will still not eliminate traffic from bot traffic; even the packets that are dropped by ipsec will be charged. Having it outside as some sort of web app firewall (ala Cloudflare @turnah) is the best approach to make it fool-proof.

This month I'll have some time to research some possible methods and write up. There is some prior work done here

from bitwarden_gcloud.

I have about CAD 0.02 every month, not a big deal but the CF approach seems to be a more elegant approach.

Looks like a websocket change for the next version that we need to be prepared for: dani-garcia/vaultwarden#4024

from bitwarden_gcloud.

FWIW, I already use the free tier of Cloudflare for DNS and proxying, and I also get a couple cents charged on some months, though not always. This doesn't include any blocking/firewall, but my understanding was that, through the Cloudflare network, the data center talking to the actual GCE VM would be in a region close to the VM.

However, do you see the "Network Internet Data Transfer" charges in the PDF invoices that Google sends? Because I've never seen anything so detailed there, mine just say "Fee for MONTH YEAR", and sometimes that's 0, sometimes not.

When I check the Cost Breakdown, I always have:

Network Internet Data Transfer Out from Americas to China - $0.02

The CF implementation would be great if the traffic can be proxied.

from bitwarden_gcloud.

Ah I found it now under "Cost table", same as yours. Since I already use the free CF proxy, I suppose that's not enough.

I did configure Countryblock as documented in the wiki, but I guess some requests always slip through, not sure if it can be 100% avoided.

from bitwarden_gcloud.

I didn't have the capacity I thought I would to look at this in January. There shouldn't be any charges for inbound data to Google. Any firewall rule added by countryblock will DROP packets, so there should be no outbound to IPs from the countries.

There will be IP subnets not in ipdeny.com's lists that Google will charge exit fees to.

Cloudflare might eliminate some traffic that's using your DNS to scan, but I believe most of the traffic is from systems that scan the entire IPv4 space (think Shodan), so DNS will have little to do with it.

The most airtight solution will require something like Cloudflare Zero Trust VPN (free I think for these purposes), or only whitelisting cloudflare IPs from Google.

from bitwarden_gcloud.