Enabling connection draining

Connection draining is a process that ensures that existing, in-progress requests are given time to complete when a VM is removed from an instance group or when an endpoint is removed from a zonal NEG.

To enable connection draining, you set a connection draining timeout on the backend service. The timeout duration must be from 0 to 3600 seconds.

For the specified duration of the timeout, existing requests to the removed VM are given time to complete. The load balancer does not send new requests to the removed VM. After the timeout duration is reached, all remaining connections to the VM are closed.

Connection draining begins whenever you do the following:

It can take up to 60 seconds after your specified timeout duration has passed for the instance to be terminated.

If you enable connection draining on multiple backend services that share the same instance groups or NEGs, the largest timeout value is used. For example, suppose that the same instance group or zonal NEG is a backend for two backend services, where one backend service has a connection draining timeout of 100 seconds, and the other backend service has a connection draining timeout of 200 seconds. Google Cloud uses 200 seconds as the effective connection draining timeout so that existing connections are allowed to exist for 200 seconds before Google Cloud terminates them. If the backend is a managed instance group, operations that delete the instance are delayed by at least 200 seconds.

Specifications

  • Connection draining is available for backend services that are part of the following load balancers:

  • When a connection draining timeout is set, and an instance is removed from the instance group or an endpoint is removed from a zonal NEG, Google Cloud load balancers behave in the following way:

    • No new connections are sent to the removed instance or endpoint.

    • Active TCP sessions supporting existing connections to the removed instance or endpoint can persist until the connection draining timeout has elapsed.

    • If you don't set a connection draining timeout, Google Cloud terminates existing connections on the removed instance or endpoint as quickly as possible. Setting the connection draining timeout to zero (0) has the same effect.

Enabling connection draining

Console

  1. Go to the Load balancing page in the Google Cloud Console.
    Go to the Load balancing page
  2. Click Edit for your load balancer or create a new load balancer.
  3. Click Backend configuration.
  4. Click Advanced configurations at the bottom of your backend service.
  5. In the Connection draining timeout field, enter a value from 0 - 3600. A setting of 0 disables connection draining.

gcloud

Enable connection draining on a new or existing backend service by using the --connection-draining-timeout flag. The following examples demonstrate how to change the connection draining timeout:

  • For an existing external HTTP(S) load balancer, SSL proxy load balancer, or TCP proxy load balancer:

    gcloud compute backend-services update BACKEND_SERVICE \
        --global \
        --connection-draining-timeout=CONNECTION_TIMEOUT_SECS
    
  • For an existing internal TCP/UDP load balancer or internal HTTP(S) load balancer:

    gcloud compute backend-services update BACKEND_SERVICE \
        --region=REGION \
        --connection-draining-timeout=CONNECTION_TIMEOUT_SECS
    

Replace the placeholders with valid values:

  • BACKEND_SERVICE: The load balancer's backend service.
  • CONNECTION_TIMEOUT_SECS: The number of seconds to wait before existing connections to instances or endpoints are terminated, between 0 - 3600 seconds, inclusively. A setting of 0 disables connection draining. The connection draining timeout applies to all backends of the backend service.

    You can also use the gcloud compute backend-services edit command to update an existing backend service.

API

To enable connection draining in the API when creating or updating an instance or endpoint, make a request to the respective API URI to include the connectionDraining field in your request body. The following examples demonstrate how to set that attribute by editing an existing backend service. For information about other required attributes, see the documentation for each load balancer.

For external HTTP(S) load balancers, SSL proxy load balancers, and TCP proxy load balancers:

PATCH https://www.googleapis.com/compute/v1/projects/PROJECT_ID/global/backendServices

For internal TCP/UDP load balancers and internal HTTP(S) load balancers:

PATCH https://www.googleapis.com/compute/v1/projects/PROJECT_ID/region/REGION/backendServices

{
   "name": "BACKEND_SERVICE",
   "connectionDraining": {
     "drainingTimeoutSec": CONNECTION_TIMEOUT_SECS
   }
}

where:

  • PROJECT_ID is the project ID that contains your load balancer.
  • BACKEND_SERVICE is the backend service used by your load balancer.
  • CONNECTION_TIMEOUT_SECS is the number of seconds to wait before instances or endpoints are removed from the instance group or NEG, between 0 to 3600 seconds, inclusively. This timeout duration applies to all instance groups or NEGs that are part of the backend service.

What's next

For general information on backend services, see Backend services overview.