Now run your custom code at the edge with the Application Load Balancers

Application Load Balancers are essential for reliable web application delivery on Google Cloud. But while Google Cloud’s load balancers offer extensive customization, some situations demand even greater programmability. 

We recently announced Service Extensions plugins for Application Load Balancers in Preview. Now you can run your own custom code directly in the request/response path in a fully managed Google environment with optimal latency, so you can customize load balancers to meet your business requirements. All you need to do is provide the code — Google Cloud manages the rest. If you want to manage the compute yourself for more heavyweight operations, you can look to Service Extensions callouts, which are currently GA for Application Load Balancers.

Service Extensions plugins supports the following use cases:

• Header addition: Create new headers relevant for your applications or specific customers, or insert new headers for request and response.

• Header manipulation: Rewrite existing request and response headers or override client headers on their way to the backend or while responding to a client.

• Security: Write advanced security policies like custom token authentication based on client requests or response headers and make enforcement decisions within your plugin.

• Custom logging: Log user-defined headers or custom data into Cloud Logging.

• Exception handling: Redirect clients to a custom error page for certain response classes.

• HTML Rewriting: Rewrite HTML from your origin for Google reCAPTCHA integration or Google Analytics tagging.

Where you can run your code

Service Extensions run in the request and response path at the edge of Google's globally distributed network. Service Extensions plugins are now available as part of the existing traffic extension for the global external Application Load Balancer. The traffic extension runs after Cloud CDN and Cloud Armor but before traffic reaches the backend. Cloud CDN support for Service Extensions will come in a future release. Additionally, Service Extensions plugins are supported on the cross-region internal load balancer as part of the route and traffic extensions.

Service Extensions plugins architecture

Service Extensions plugins are designed for lightweight compute operations that run as part of the Application Load Balancer request/response path. Plugins are built on WebAssembly (Wasm), which provides several benefits:

1. Near-native execution speed, and startup time in the single milliseconds

2. Support for a variety of programming languages, such as Rust and C++

3. Cross-platform portability, so you can run the same plugin in various deployments, or locally for testing

4. Security protections, such as executing plugin logic in a sandboxed environment

Service Extensions plugins leverage Proxy-Wasm, a Google-supported open source project that provides a standard API for Wasm modules to interface with network proxies.

To run Service Extensions plugins, we built a compute platform that is massively multi-tenant (like the load balancers) and yet flexible in scale. Plugins are fully-managed, and provide dynamic sharding and auto-scaling to meet traffic demands. This architecture allows for:

1. Scalability: We can scale out to many Wasm hosts on demand as traffic patterns fluctuate.

2. Low latency: There are no additional proxies between the load balancer and Wasm hosts; this proxyless serverless architecture allows for even more latency-optimal paths.

What’s next

To get started with Service Extensions plugins, take a look at our growing samples repository with a local testing toolkit and follow our quickstart guide in the documentation.