Availability, scale, and ease of management with new Layer-4 Internal Load Balancing features
Babi Seal
Product Manager, Google Cloud
Like many Google Cloud customers, you probably have workloads that need to be private without access to and from the public internet. For scaling and resilience of those workloads, we offer regional layer-4 Internal Load Balancing (L4 ILB), and we’ve recently added two new L4 ILB features - ILB global access and ILB as next-hop with multi-NIC support for third-party appliance integration that deliver greater availability, scale and ease of management.
L4 ILB global access
We have added a new global access feature for our L4 Internal load-balancer. While your L4 load-balancer’s backend instances are still in the same region as the L4 ILB, your clients can now access the L4 ILB from any region. This also allows your on-prem clients to access the load balancer, from any region via VPN or a Cloud Interconnect. By multi-homing via VPN or an interconnect to multiple regions, you now have highly available access to the services front-ended by your internal load balancer.
As illustrated above, if you lose VPN connectivity from your on-premises network in, say, Boston to Google Cloud region US East, you can still access the L4 ILB in US East via the backup VPN connection from Boston to Europe West.
We’re actively working on integrating L4 ILB global access into multiple services: Support for Kubernetes is available in 1.16 release, and Cloud SQL will also support L4 ILB to allow global access to a Cloud SQL database from within the Google Cloud network.
A key enabler for the global access feature was incorporating Hoverboard into L4 ILB, which increased the number of L4 ILB Forwarding Rules supported and enables rapid provisioning of these load-balancers.
L4 ILB global access was an oft-requested feature by our customers, many of whom beta-tested the feature. CoreLogic, a leading global property information services company, has this to share about L4 ILB global access:
"With our deep data, analytics and data-enabled solutions spread across multiple GCP regions in Europe, Australia, and the United States, we leveraged the reach, scale and simplicity of Google’s global network and Internal Load Balancer’s global access to deliver unique insights to our users." - Steven Myers, Cloud Platform Services and Infrastructure Build Leader, CoreLogic
Third-party multi-NIC appliance integration
You currently need to set up high availability for third-party appliances using the mechanism of routing, which is both complicated and limited in its high-availability capabilities. You have to stitch individual appliance-instances via a route, monitor them and withdraw each route as the instance goes away. We are excited to announce the availability of ILB as next-hop, making it easy to integrate these appliances with high availability and scale out. Simply configure a static route in Google Cloud that sets the next-hop to an Internal Load Balancer, which load-balances traffic to a pool of health-checked third-party VM appliances. The destination IP range can be a default route 0/0, an RFC 1918 prefix, or a non-GCP public IP range owned by you.
In addition, we removed the constraint for L4 ILB which restricted you to only load-balance to primary NIC0 interface of a VM instance. You can now incorporate multi-NIC VM appliances, with high availability.
Several customers are using next-hop support with ILB to easily incorporate third-party appliances, such as those from Palo Alto Networks, into their deployments in Google Cloud. Here is what Palo Alto Networks shared:
“Our customers are able to improve the scalability and availability of their inline threat prevention and network security protections by using Google Cloud's ILB as next-hop with multi-NIC support to distribute the load across their VM-Series Virtual Next-Generation Firewalls. This helps customers protect outbound and east-west traffic, as well as enabling consistent security for hybrid cloud environments.” - Mukesh Gupta, VP VM-Series, Palo Alto Networks
We brought you ILB global access and ILB as next-hop to offer greater availability, scale and ease of management of your services and virtual appliances. We hope you give these features a try. Start with the documentation on global access, read an overview on L4 ILB as next-hop, walk through a multi-nic configuration, and deploy it in Google Cloud. We look forward to your feedback!