Load balancer feature comparison

This page gives you a comparative overview of the load balancing features offered by Cloud Load Balancing. If you haven't already done so, begin by reading the following:

To get an overview of the different load balancing solutions that are available in Google Cloud, see Load balancing overview.
To determine which Google Cloud load balancer best meets your application's needs, see Choose a load balancer.

In the following tables, a checkmark indicates that a feature is supported. For more information about a feature, click the info link.

Type of load balancer

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Proxy	info	info	info	info			SSL Proxy info TCP Proxy info	info
Pass-through					info	info

Protocols from the load balancer to the backends

For links to reference information, see Backend services.

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
One of: HTTP (HTTP/1.1) HTTPS (HTTP/1.1) HTTP/2 (requires TLS), including gRPC
One of: TCP or UDP
One of: SSL (TLS) or TCP
GRE, ESP, ICMP, or ICMPv6						info
WebSockets	info	info	info	info

Protocols from the clients to the load balancer

For links to reference information, see Forwarding rules.

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
One of: HTTP/1.1, HTTP/2, or HTTPS	(no QUIC support)	(includes QUIC)	(includes QUIC)	(no QUIC support)
HTTP/3 (based on IETF QUIC)
One of: TCP or UDP
SSL or TCP								TCP only
GRE, ESP, ICMP, or ICMPv6						info
WebSockets	info	info	info	info

Backends

Filter this table:

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Backends must be in one region			(Standard Tier)				(Standard Tier)
Backends can be in multiple regions			(Premium Tier)				(Premium Tier)
Load balancer can have multiple backend services and a URL map
Virtual machine backends on Compute Engine
Zonal NEGs	Using `GCE_VM_IP_PORT` type endpoints with GKE: Use standalone zonal NEGs Use Ingress for Internal HTTP(S) Load Balancing	Using `GCE_VM_IP_PORT` type endpoints with GKE: Use standalone zonal NEGs	Using `GCE_VM_IP_PORT` type endpoints with GKE: Use standalone zonal NEGs Use Ingress for external HTTP(S) Load Balancing		Using `GCE_VM_IP` type endpoints with GKE: Use zonal NEGs for Internal TCP/UDP Load Balancing		Use standalone zonal NEGs	`GCE_VM_IP_PORT` type endpoints
Self-managed Kubernetes and GKE		Supported only with the GKE Gateway controller (Preview)
External endpoints in internet NEGs			info (Premium Tier)
Private external endpoints in hybrid NEG backends	info	info	info	info			info	info
Cloud Storage in backend buckets		info	info
Serverless backends	info Cloud Run (Preview)	info Cloud Run App Engine Cloud Functions	info Cloud Run App Engine Cloud Functions	info Cloud Run (Preview)
Private Service Connect NEGs	Access Google API	Access published services						Publish hybrid services

Health checks

For links to reference information, see Health checks.

Filter this table:

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
gRPC health checks	³			³		¹		³
HTTP health checks		²	²	²		¹
HTTPS health checks		²	²	²		¹
HTTP/2 health checks						¹
SSL health checks						¹
TCP health checks						¹
Configurable health checks: Port Check intervals Timeouts Healthy and unhealthy thresholds
Configurable request path (HTTP, HTTPS, HTTP/2)						¹
Configurable request string or path (TCP or SSL)						¹
Configurable expected response string						¹

¹ This table documents health checks supported by backend service-based network load balancers. Target pool-based network load balancers only support legacy HTTP health checks.

² The regional external HTTP(S) load balancer doesn't support legacy health checks. The global external HTTP(S) load balancer and the global external HTTP(S) load balancer (classic) support legacy health checks only if both of the following are true:

The backends are instance groups.
The backend VMs serve traffic that uses the HTTP or HTTPS protocol.

³ If you are allowlisted to use Envoy distributed health checks, then regional external HTTP(S) load balancers, internal HTTP(S) load balancers, and internal regional TCP proxy load balancers that use hybrid NEG backends do not support gRPC health checks. For more information, see the Hybrid NEGs overview.

IP addresses

For links to reference information, see Addresses.

Filter this table:

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Internal IP address, accessible in your Virtual Private Cloud (VPC) network
External IP address (global anycast)			(Premium Tier)				(Premium Tier)
External IP address (regional)			(Standard Tier)				(Standard Tier)
External IP address from Bring your own IP (BYOIP)
Multiple forwarding rules with the same IP address, each having a unique protocol and port combination
Internet accessible (including by clients that are in Google Cloud and have internet access)
Privately accessible	From same VPC network From connected network From any region (with global access)				From same VPC network From connected network From any region (with global access)			From same VPC network From connected networks From any region (with global access)
Client source IP address preservation	X-Forwarded-For header	X-Forwarded-For header	X-Forwarded-For header	X-Forwarded-For header			In TCP Proxy header	In TCP Proxy header
IPv6 support		IPv6 termination	IPv6 termination (Premium Tier)		info (Preview)	info (Premium Tier)	IPv6 termination (Premium Tier)

Network topologies

Filter this table:

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Relationships between VPC networks and load balancer backends
Backends must be in the same VPC network
Backends can be located in multiple VPC networks in the same project (the networks do not have to be connected)
Backends can use a Shared VPC network
Load balancer frontend (URL map) can reference backend services created in different service projects in a Shared VPC network (cross-project service referencing)	info			info
Client access to load balancers
Google Cloud or on-premises clients must access the load balancer privately by being either in the same VPC network, in a peered VPC network, or in another network connected using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs)		With hybrid NEGs	With hybrid NEGs					With hybrid NEGs
Google Cloud client VMs require external IP addresses or a NAT solution like Cloud NAT to access the load balancer
On-premises client VMs require internet access to access the load balancer		Internet access is not required with hybrid NEGs	Internet access is not required with hybrid NEGs					Internet access is not required with hybrid NEGs
Google Cloud client VMs can be located in any region	If global access is enabled		(Premium Tier)		If global access is enabled			If global access is enabled
Google Cloud client VMs can be located in any project (subject to other requirements in this table)

Failover

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Automatic failover to healthy backends within same region
Automatic failover to healthy backends in other regions			(Premium Tier)				(Premium Tier)
Behavior when all backends are unhealthy	Returns HTTP 503	Returns HTTP 503	Returns HTTP 502	Returns HTTP 503	info (configurable)	info (configurable¹)	Traffic dropped	Traffic dropped
Configurable standby backends					info (configurable)	info (configurable²)
Connection draining on failover and failback					info (configurable)	info (configurable³)

This table documents failover as supported by backend service-based network load balancers.

¹ When all the backends of a target pool-based network load balancer are unhealthy, traffic is distributed among all backends.
² Target pool-based network load balancers use backup pools to support failover.
³ Target pool-based network load balancers do not support configuration of connection draining on failover/failback.

Logging and monitoring

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Byte count metrics	info	info			info	info	info	info
Packet count metrics					info	info	info	info
Round trip time or latency metrics	info	info			info	info	info	info
Connection count metrics							info	info
Connection attribute logs					info	info
HTTP request count metrics	info	info
HTTP request and response attribute logs	info	info

Session affinity

For detailed information, see Session affinity.

For links to reference information, see Backend services.

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Headers
HTTP cookie
Generated cookie
Client IP, no destination (1-tuple) `CLIENT_IP_NO_DESTINATION`					info (Preview)
Client IP, Destination IP (2-tuple) `CLIENT_IP`					¹	¹
Client IP, Destination IP, Protocol (3-tuple) `CLIENT_IP_PROTO`					¹	¹
Client IP, Client Port, Destination IP, Destination Port, Protocol (5-tuple) `CLIENT_IP_PORT_PROTO`					^1,2	^1,2
None (5-tuple) `NONE`					³	³

¹ Setting session affinity is only meaningful if the protocol uses sessions. For example, TCP.

² If the protocol does not have a concept of ports or if the packet does not carry port information (subsequent UDP fragments, for example), then a 3-tuple hash of the Client IP, Destination IP, and protocol is used instead.

³ If the protocol has a concept of ports and the packet carries port information, then None is a 5-tuple hash. If the protocol does not have a concept of ports or if the packet does not carry port information (for example, subsequent UDP fragments), then None is a 3-tuple hash of the Client IP, Destination IP, and protocol.

Load balancing methods

For detailed information, see the Backend services overview.

For links to reference information, see Backend services.

Filter this table:

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Balancing mode: connection
Balancing mode: rate (requests per second)	²	²
Balancing mode: backend utilization (instance group backends only)	²	²
Configurable maximum capacity per backend instance group or NEG	²	²
Circuit breaking	²
Percent of traffic/weight-based
Prefers region closest to client on the internet When the closest region is at capacity or isn't healthy, prefers next closest region			(Premium Tier)				(Premium Tier)
Within zone/region load balancing policy	Load balancing locality policy ²	Round robin in a zone and load balancing locality policy	Round robin in a zone	Round robin in a zone and load balancing locality policy	Hash-based distribution among all backends in the active pool when failover is configured, or among all backends in the region	Hash-based distribution among all backends in the active pool when failover is configured, or among all backends in the region ¹	Round robin in a zone	Round robin in a zone and load balancing locality policy

¹ This table documents load balancing methods supported by backend service-based network load balancers. Target pool-based network load balancers also perform hash-based distribution among all instances in the target pool or backup pool.

² This feature is not supported with load balancers using serverless NEG backends.

Routing and traffic management

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
HTTP/Layer 7 request routing	Suffix, prefix, and match on the following: host name and path headers method cookies request parameters	Suffix, prefix, and match on the following: host name and path headers method cookies request parameters	Suffix, prefix, and match on the following: host name and path headers cookies request parameters	Suffix, prefix, and match on the following: host name and path headers method cookies request parameters
Fault injection	info
Configurable timeouts	info¹	info	info	info			info	info
Retries	info¹	info	info	info
Redirects	info	info	info	info
URL rewrites	info	info	info	info
Request and response header transformations (configured on the URL map)	info	info		info
Traffic splitting	info
Traffic mirroring	info¹	info		info
Outlier detection	info	info		info
Retry failed requests	info	info		info

¹ This feature is not supported with load balancers using serverless NEG backends.

For internal HTTP(S) load balancers, see the following:

For the global external HTTP(S) load balancer, see the following:

For the global external HTTP(S) load balancer (classic), see the following:

Traffic management overview for external HTTP(S) load balancers

For the regional external HTTP(S) load balancer, see the following:

For traffic management features available with Traffic Director, see Traffic Director features: Routing and traffic management.

Autoscaling and autohealing

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Managed instance group autoscaling based on load balancer serving capacity
Autohealing (native to managed instance groups and GKE)
Connection draining						¹

¹ This table documents autoscaling and autohealing features supported by backend service-based network load balancers. Target pool-based network load balancers do not support connection draining.

Security

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Managed certificates		info	info				info (SSL proxy only)
CORS	info
Identity-Aware Proxy (IAP)			info
Google Cloud Armor		info	info			info (Preview)	info
SSL offload							(SSL proxy only)
SSL policies (TLS version and cipher suites)	info	info	info	info			info (SSL proxy only)

Special features

Feature	Internal HTTP(S)	External HTTP(S)			Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Feature	Internal HTTP(S)	Global	Classic	Regional	Internal TCP/UDP	External TCP/UDP Network	External SSL Proxy and TCP Proxy	Internal TCP Proxy
Cloud CDN		info	info (Premium Tier)
External endpoints in internet NEGs as external backends for Cloud CDN			info (Premium Tier)
Media CDN			info (Premium Tier)
Internal DNS names	info
Load balancer as next hop					info
Specify network interface of a backend VM (Multi-NIC load balancing)	The backend VM's `nic0` must be in the same network and region used by the forwarding rule.	The load balancer only sends traffic to the first network interface (`nic0`), whichever VPC network that `nic0` is in.			info	The load balancer only sends traffic to the first network interface (`nic0`) of the backend VM. The backend VM's `nic0` must be in the same network and region as the forwarding rule.	The load balancer only sends traffic to the first network interface (`nic0`), whichever VPC network that `nic0` is in.	The backend VM's `nic0` must be in the same network and region used by the forwarding rule.
Custom request and response headers (configured on the backend service)		info	info
Automatic Service Directory registration (Preview)	info				info
Connection tracking policy					Tracking mode Connection persistence on unhealthy backends Idle timeout	¹ Tracking mode Connection persistence on unhealthy backends
Source IP-based traffic steering (Preview)						¹ info
Weighted load balancing						¹ info

¹ This table documents features supported by backend service-based network load balancers. Target pool-based network load balancers do not support these features.

What's next

For detailed information on each load balancer, see the following: