Load balancer feature comparison

This page gives you a comparative overview of the load balancing features offered by Cloud Load Balancing. If you haven't already done so, begin by reading the following:

In the following tables, a checkmark indicates that a feature is supported. For more information about a feature, click the info link.

Type of load balancer

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Proxy Load balancer modes:
regional
cross-region
Load balancer modes:
global
classic
regional
Load balancer modes:
regional
cross-region
Load balancer modes:
global
classic
regional
Passthrough Load balancer modes:
internal
Load balancer modes:
external

Protocols from the clients to the load balancer

This table lists the protocols supported for communication between clients and the different load balancers.

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
One of:

HTTP (HTTP/1.1)

HTTPS (HTTP/1.1)

HTTP/2 (requires TLS) including gRPC 1


No QUIC support

No QUIC support for regional mode.
HTTP/3 (based on IETF QUIC)
(Only global and classic modes)
SSL or TCP
TCP only

Regional mode: TCP only

Global and classic
mode: SSL or TCP
TCP, UDP, or L3_DEFAULT2
info

info
WebSockets

info


info

1 To support gRPC clients, create an HTTPS load balancer with HTTP/2 as the protocol from the load balancer to backends.

2 The L3_DEFAULT setting enables support for the following additional IP protocols:

  • For internal passthrough Network Load Balancers, L3_DEFAULT enables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE .
  • For external passthrough Network Load Balancers, L3_DEFAULT enables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .

Protocols from the load balancer to the backends

This table lists the IP protocol settings supported with backend services for different load balancers. For more reference information, see Backend services.

This table does not apply to Application Load Balancers with serverless NEG backends. The backend service protocol setting is ignored for these load balancers.

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
One of:

HTTP (HTTP/1.1)

HTTPS (HTTP/1.1)

HTTP/2 (requires TLS) including gRPC

One of:
SSL (TLS) or TCP

TCP only

Regional mode: TCP only

Global and classic
mode: SSL or TCP
TCP, UDP, or UNSPECIFIED1
info

info
WebSockets
info

info

1 The UNSPECIFIED setting enables support for the following additional IP protocols:

  • For internal passthrough Network Load Balancers, UNSPECIFIED enables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE .
  • For external passthrough Network Load Balancers, UNSPECIFIED enables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .

Backends

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Backends can be in multiple regions
(Only cross-region mode)

(Only global and
classic mode)

(Only cross-region mode)

(Only global and
classic mode)
Backends must be in one region
(Only regional mode)

(Only regional and
classic mode)

(Only regional mode)

(Only regional and classic mode)

info

info
Cloud Storage in backend buckets
(Only global and
classic mode)
External endpoints in internet NEGs
(Only regional mode)

(Global,
regional, and classic modes)

(Only regional mode)

(Only regional mode)
Multiple backend services and a URL map
Virtual machine backends on Compute Engine
Self-managed Kubernetes and GKE
Zonal NEGs
GCE_VM_IP_PORT endpoints

GCE_VM_IP_PORT endpoints

GCE_VM_IP_PORT endpoints

GCE_VM_IP_PORT endpoints

GCE_VM_IP endpoints

GCE_VM_IP endpoints
Private Service Connect NEGs
(Only global and regional mode)

(Only global and regional mode)
Private external endpoints in hybrid NEG backends
info

info

info

info
Serverless backends info
info
Dual-stack (IPV4 and IPv6) backends
info

(Only global and regional modes)

info

(Only global and regional modes)

info

info
IPv6-only backends
info

info

Health checks

For links to reference information, see Health checks.

Health checks are not supported for internal and external Application Load Balancers that use serverless NEG backends.

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
gRPC health checks 2 2 2 2 2 1
HTTP health checks 3
(Only classic and regional mode)
1
HTTPS health checks 3
(Only classic and regional mode)
1
HTTP/2 health checks
(Only classic and regional mode)
1
SSL health checks 1
TCP health checks 1
Configurable health checks
Configurable request path (HTTP, HTTPS, HTTP/2)
Configurable request string or path (TCP or SSL)
Configurable expected response string 1
Distributed Envoy health checks
(Only regional mode)

(Only regional mode)

1 This table documents health checks used by backend service-based external passthrough Network Load Balancers. Target pool-based load balancers support only legacy HTTP health checks.

2 Regional external Application Load Balancer does not support legacy health checks. The global external Application Load Balancer and the classic Application Load Balancer support legacy health checks only if both of the following are true:

  • The backends are instance groups.
  • The backend virtual machine (VM) instances serve traffic that uses the HTTP or HTTPS protocol.

3 Envoy-based regional load balancers (regional internal and external Application Load Balancers and regional internal and external proxy Network Load Balancers) that use hybrid NEG backends don't support gRPC health checks. For more information, see the Hybrid NEGs overview.

IP addresses

For links to reference information, see Addresses.

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Internal IP address, accessible in your VPC network
External IP address (global anycast)
(Only global and classic* mode)

(Only global and classic* mode)
External IP address (regional)
(Only regional and classic mode)

(Only regional and classic mode)
External IP address from Bring your own IP (BYOIP)
(Only global and classic mode)

(Only classic mode)
External IP address from Bring your own IPv6 (BYOIPv6) (Only
external mode)
Multiple forwarding rules with the same IP address, each having a unique protocol and port combination
Internet accessible#
Privately accessible
info+

info+

info+
Client source IP address preservation X‑Forwarded‑For header X‑Forwarded‑For header PROXY protocol PROXY protocol
IPv6 address support
IPv6 termination
(Only global and classic* mode)

IPv6 termination
(Only global and classic* mode)

info

info*

* Supported for Premium Tier.

Supported for Standard Tier.

External IP addresses from BYOIPv6 are not supported for target pool backends.

# Internet access is also available for clients that are in Google Cloud.

+ Private access is available in the same VPC network and from any region with global access. In cross-region mode, global access is enabled by default.

Network topologies

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Network Service Tiers support Premium Tier

Global mode: Premium Tier

Classic and regional mode: Premium or Standard Tier

Premium Tier

Global mode: Premium Tier

Classic and regional mode: Premium or Standard Tier

Premium Tier Premium or Standard Tier
Relationships between VPC networks, load balancers, and their backends
Load balancer and backends in different VPC networks
info

info

info

info
Backends can use a Shared VPC network
Cross-project service referencing
info

info
(Only global and regional mode)
Client access to load balancers
Google Cloud or on-premises clients must access the load balancer privately1
Google Cloud client VMs require external IP addresses or a NAT solution like Cloud NAT to access the load balancer
On-premises client VMs require internet access to access the load balancer
Google Cloud client VMs can be located in any region
info

(Only global and classic2 modes)

info

info
Google Cloud client VMs can be located in any project

1 Google Cloud or on-premises clients must access the load balancer privately by being either in the same VPC network, in a peered VPC network, or in another network connected using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs)

2 Supported for Premium Tier

Failover and availability

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Load balancer is resilient to zonal outages

Automatic failover to healthy backends within same region
Load balancer is resilient to regional outages

Automatic failover to healthy backends in other regions

(Only cross-region mode)

(Only global and classic# modes)

(Only cross-region mode)

(Only global and classic# modes)
Support for active-active high availability configuration
info

(Only in regional mode)
Support for active-passive failover configuration
Only in global mode
Behavior when all backends are unhealthy
info

info

info

info

info
(configurable)

info
(configurable*)
Configurable standby backends
info
(configurable)

info
(configurable)
Connection draining on failover and failback
info
(configurable)

info
(configurable)

* When all the backends of a target pool-based external passthrough Network Load Balancers are unhealthy, traffic is distributed among all backends.

Target pool-based external passthrough Network Load Balancers use backup pools to support failover.

Target pool-based external passthrough Network Load Balancers don't support configuration of connection draining on failover.

# Supported for Premium Tier.

Monitoring

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Byte count metrics
info

info

info

info

info

info
Packet count metrics
info

info
Round trip time (RTT) metrics
info

info
Request latency metrics
info

info

info
Connection count metrics
info

info
HTTP request count metrics
info

info

Logging

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Log type
HTTP request and response attribute logs
info

info
Connection attribute logs
info

info

info

info
Log fields
HTTP request
info

global, classic
regional
String that explains the proxy response proxyStatus statusDetails
proxyStatus
TLS metadata between client and load balancer
info

(Only regional mode)
Connection attributes: 5-tuple, bytes/packets sent and received
info

info

info
VM instance details and GKE details
info

(Only regional mode)

info

info
Client VPC or location details
info

info
Network tier details
info
Labels describing the load balancer resource
info

global, classic
regional

info

info

info

info

Session affinity

For detailed information, see Session affinity.

For links to reference information, see Backend services.

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Headers
(Only global and regional mode)
HTTP cookie
(Only global and regional)
Generated cookie
Stateful cookie

(Only global and regional)
Client IP, no destination (1-tuple)
CLIENT_IP_NO_DESTINATION

info
Client IP, Destination IP (2-tuple)
CLIENT_IP
1 1
Client IP, Destination IP, Protocol (3-tuple)
CLIENT_IP_PROTO
1 1
Client IP, Client Port, Destination IP, Destination Port, Protocol (5-tuple)
CLIENT_IP_PORT_PROTO
1,2 1,2
None (5-tuple)
NONE
3 3

1 Setting session affinity is only meaningful if the protocol uses sessions—for example, TCP.

2 If the protocol does not have a concept of ports or if the packet does not carry port information (subsequent UDP fragments, for example), then a 3-tuple hash of the Client IP, Destination IP, and protocol is used instead.

3 If the protocol has a concept of ports and the packet carries port information, then None is a 5-tuple hash. If the protocol does not have a concept of ports or if the packet does not carry port information (for example, subsequent UDP fragments), then None is a 3-tuple hash of the Client IP, Destination IP, and protocol.

Load balancing methods

For detailed information, see the Backend services overview.

For links to reference information, see Backend services.

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Balancing mode: connection
Balancing mode: rate (requests per second) * *
Balancing mode: backend utilization
(instance group backends only)
* *
Configurable maximum capacity per backend instance group or NEG * *
Circuit breaking *
(Only regional mode)

(Only regional mode)
Prefers region closest to client on the internet
(Only global and classic modes)

(Only global and classic modes)
Prefers region closest to the load balancer
(Only global and classic modes)

(Only classic modes)
Weight-based load balancing
(Only global and regional modes)
#
Within zone/region load balancing policy
info

info

info

info

info

info

* This feature is not supported with load balancers that use serverless NEG backends.

When the closest region is at capacity or isn't healthy, the load balancer prefers next closest region.

Supported for classic load balancers in Premium Tier only.

# This feature is not supported with target pool-based external passthrough Network Load Balancers.

Routing and traffic management

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
HTTP or layer 7 request routing
info

info
Fault injection
info

(Only global and regional modes)
Configurable timeouts
info

info

info

info
Retries
info

info
Redirects
info

global
classic
regional
URL rewrites
info

global
classic
regional
Request and response header transformations
(configured on the URL map)

info

(Only global
and regional modes)
Traffic splitting
info

(Only global
and regional modes)
Traffic mirroring
info1

(Only global and regional modes)

(Only regional mode)
Outlier detection
info

(Only global and regional modes)
Retry failed requests
info

(Only global and regional modes)
Custom error responses
(Only global mode)
Service load balancing policy
(Only cross-region mode)

(Only global mode)

(Only cross-region mode)

(Only global mode)

1 This feature is not supported with load balancers that use serverless NEG backends.

For traffic management features available with Cloud Service Mesh, see Cloud Service Mesh features: Routing and traffic management.

Autoscaling and autohealing

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Managed instance group autoscaling based on load balancer serving capacity (Only global and classic modes)
Autohealing (native to managed instance groups and GKE)
Connection draining 1
1 This table documents autoscaling and autohealing features supported by backend service-based external passthrough Network Load Balancers. Target pool-based external passthrough Network Load Balancers don't support connection draining.

Security

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Google-managed SSL certificates
info

info3

(Only global and classic mode)1
CORS
info

(Only global and regional modes)
Identity-Aware Proxy (IAP) 2
Google Cloud Armor (Preview)
info

info

(Only global and classic mode)

info

info
SSL offload
(Only global and classic modes)1
SSL policies
(TLS version and cipher suites)

info

info

info
(Only global and classic modes)1
Frontend mutual TLS
info

info

1 Supported only if the load balancer is configured with a target SSL proxy.

2 IAP is incompatible with Cloud CDN.

3 Global external Application Load Balancers and classic Application Load Balancers support both Compute Engine and Certificate Manager Google-managed SSL certificates, whereas regional external Application Load Balancers support only Certificate Manager Google-managed certificates.

Special features

Feature Application Load Balancer Proxy Network Load Balancer Passthrough Network Load Balancer
Internal External Internal External Internal External
Cloud CDN
(Only global and classic2 modes)
External endpoints in internet NEGs as external backends for Cloud CDN
(Only global and classic2 modes)
Service Extensions plugins and callouts
info

info
Internal DNS names
(Only regional mode)
Load balancer as next hop
info
Specify network interface of a backend VM
(Only regional3 and cross-region4 modes)
5 3 5 6
Multi-NIC load balancing info info
Custom request and response headers
(configured on the backend service)

(Only global and regional modes)
Automatic Service Directory registration (Preview)
info

info
Connection tracking policy
info

info1
Source IP-based traffic steering
info1
App Hub integration
info

info

info

info

info

info

1 These features are supported by backend service-based external passthrough Network Load Balancers. Target pool-based load balancers don't support these features.

2 Supported for Premium Tier

3 The backend VM's nic0 must be in the same network and region used by the forwarding rule.

4 The backend VM's nic0 must be in the same network used by the forwarding rule.

5 The load balancer only sends traffic to the first network interface (nic0), whichever VPC network that nic0 is in.

6 The load balancer only sends traffic to the first network interface (nic0) of the backend VM.

What's next

For detailed information about each load balancer, see the following: