This page gives you a comparative overview of the load balancing features offered by Cloud Load Balancing. If you haven't already done so, begin by reading the following:
- To get an overview of the different load balancing solutions that are available in Google Cloud, see Cloud Load Balancing overview.
- To determine which Google Cloud load balancer best meets your application's needs, see Choose a load balancer.
In the following tables, a checkmark indicates that a feature is supported. For more information about a feature, click the info link.
Type of load balancer
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Proxy | Load balancer modes: regional cross-region |
Load balancer modes: global classic regional |
Load balancer modes: regional cross-region |
Load balancer modes: global classic regional |
||
Passthrough | Load balancer modes: internal |
Load balancer modes: external |
Protocols from the clients to the load balancer
This table lists the protocols supported for communication between clients and the different load balancers.
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
One of:
HTTP (HTTP/1.1) HTTPS (HTTP/1.1) HTTP/2 (requires TLS) including gRPC 1 |
No QUIC support |
No QUIC support for regional mode. |
||||
HTTP/3 (based on IETF QUIC) | (Only global and classic modes) |
|||||
SSL or TCP | TCP only |
Regional mode: TCP only Global and classic mode: SSL or TCP |
||||
TCP, UDP, or L3_DEFAULT2 | info |
info |
||||
WebSockets | info |
info |
1 To support gRPC clients, create an HTTPS load balancer with HTTP/2 as the protocol from the load balancer to backends.
2 The L3_DEFAULT
setting enables support for the
following additional IP protocols:
- For internal passthrough Network Load Balancers,
L3_DEFAULT
enables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE . - For external passthrough Network Load Balancers,
L3_DEFAULT
enables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .
Protocols from the load balancer to the backends
This table lists the IP protocol settings supported with backend services for different load balancers. For more reference information, see Backend services.
This table does not apply to Application Load Balancers with serverless NEG backends. The backend service protocol setting is ignored for these load balancers.
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
One of:
HTTP (HTTP/1.1) HTTPS (HTTP/1.1) HTTP/2 (requires TLS) including gRPC |
||||||
One of: SSL (TLS) or TCP |
TCP only |
Regional mode: TCP only Global and classic mode: SSL or TCP |
||||
TCP, UDP, or UNSPECIFIED1 | info |
info |
||||
WebSockets | info |
info |
1 The UNSPECIFIED
setting enables support for the
following additional IP protocols:
- For internal passthrough Network Load Balancers,
UNSPECIFIED
enables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE . - For external passthrough Network Load Balancers,
UNSPECIFIED
enables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .
Backends
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Backends can be in multiple regions | (Only cross-region mode) |
(Only global and classic mode) |
(Only cross-region mode) |
(Only global and classic mode) |
||
Backends must be in one region | (Only regional mode) |
(Only regional and classic mode) |
(Only regional mode) |
(Only regional and classic mode) |
info |
info |
Cloud Storage in backend buckets | (Only global and classic mode) |
|||||
External endpoints in internet NEGs | (Only regional mode) |
(Global, regional, and classic modes) |
(Only regional mode) |
(Only regional mode) |
||
Multiple backend services and a URL map | ||||||
Virtual machine backends on Compute Engine | ||||||
Self-managed Kubernetes and GKE | ||||||
Zonal NEGs | GCE_VM_IP_PORT endpoints
|
GCE_VM_IP_PORT endpoints
|
GCE_VM_IP_PORT endpoints |
GCE_VM_IP_PORT endpoints |
GCE_VM_IP endpoints |
GCE_VM_IP endpoints |
Private Service Connect NEGs | (Only global and regional mode) |
(Only global and regional mode) |
||||
Private external endpoints in hybrid NEG backends | info |
info |
info |
info |
||
Serverless backends | info | info |
Health checks
For links to reference information, see Health checks.
Health checks are not supported for internal and external Application Load Balancers that use serverless NEG backends.
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
gRPC health checks | 2 | 2 | 2 | 2 | 2 | 1 |
HTTP health checks | 3 | (Only classic and regional mode) |
1 | |||
HTTPS health checks | 3 | (Only classic and regional mode) |
1 | |||
HTTP/2 health checks | (Only classic and regional mode) |
1 | ||||
SSL health checks | 1 | |||||
TCP health checks | 1 | |||||
Configurable health checks | ||||||
Configurable request path (HTTP, HTTPS, HTTP/2) | ||||||
Configurable request string or path (TCP or SSL) | ||||||
Configurable expected response string | 1 | |||||
Distributed Envoy health checks | (Only regional mode) |
(Only regional mode) |
1 This table documents health checks used by backend service-based external passthrough Network Load Balancers. Target pool-based load balancers support only legacy HTTP health checks.
2 Regional external Application Load Balancer does not support legacy health checks. The global external Application Load Balancer and the classic Application Load Balancer support legacy health checks only if both of the following are true:
- The backends are instance groups.
- The backend virtual machine (VM) instances serve traffic that uses the HTTP or HTTPS protocol.
3 Envoy-based regional load balancers (regional internal and external Application Load Balancers and regional internal and external proxy Network Load Balancers) that use hybrid NEG backends don't support gRPC health checks. For more information, see the Hybrid NEGs overview.
IP addresses
For links to reference information, see Addresses.
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Internal IP address, accessible in your VPC network | ||||||
External IP address (global anycast) | (Only global and classic* mode) |
(Only global and classic* mode) |
||||
External IP address (regional) | (Only regional and classic† mode) |
(Only regional and classic† mode) |
||||
External IP address from Bring your own IP (BYOIP) | (Only global and classic mode) |
(Only classic mode) |
||||
External IP address from Bring your own IPv6 (BYOIPv6) | (Only external ‡ mode) |
|||||
Multiple forwarding rules with the same IP address, each having a unique protocol and port combination | ||||||
Internet accessible# | ||||||
Privately accessible | info+ |
info+ |
info+ |
|||
Client source IP address preservation | X‑Forwarded‑For header | X‑Forwarded‑For header | PROXY protocol | PROXY protocol | ||
IPv6 support | IPv6 termination (Only global and classic* mode) |
IPv6 termination (Only global and classic* mode) |
info |
info* |
* Supported for Premium Tier.
† Supported for Standard Tier.
‡ External IP addresses from BYOIPv6 are not supported for target pool backends.
# Internet access is also available for clients that are in Google Cloud.
+ Private access is available in the same VPC network and from any region with global access. In cross-region mode, global access is enabled by default.
Network topologies
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Network Service Tiers support | Premium Tier | Global mode: Premium Tier Classic and regional mode: Premium or Standard Tier |
Premium Tier | Global mode: Premium Tier Classic and regional mode: Premium or Standard Tier |
Premium Tier | Premium or Standard Tier |
Relationships between VPC networks, load balancers, and their backends | ||||||
Load balancer and backends in different VPC networks | info |
info |
info |
info |
||
Backends can use a Shared VPC network | ||||||
Cross-project service referencing | info |
info (Only global and regional mode) |
||||
Client access to load balancers | ||||||
Google Cloud or on-premises clients must access the load balancer privately1 | ||||||
Google Cloud client VMs require external IP addresses or a NAT solution like Cloud NAT to access the load balancer | ||||||
On-premises client VMs require internet access to access the load balancer | ||||||
Google Cloud client VMs can be located in any region | info |
(Only global and classic2 modes) |
info |
info |
||
Google Cloud client VMs can be located in any project |
1 Google Cloud or on-premises clients must access the load balancer privately by being either in the same VPC network, in a peered VPC network, or in another network connected using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs)
2 Supported for Premium Tier
Failover and availability
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Load balancer is resilient to zonal outages Automatic failover to healthy backends within same region |
||||||
Load balancer is resilient to regional outages Automatic failover to healthy backends in other regions |
(Only cross-region mode) |
(Only global and classic# modes) |
(Only cross-region mode) |
(Only global and classic# modes) |
||
Support for active-active high availability configuration | info |
(Only in regional mode) |
||||
Support for active-passive failover configuration | Only in global mode |
|||||
Behavior when all backends are unhealthy | info |
info |
info |
info |
info (configurable) |
info (configurable*) |
Configurable standby backends | info (configurable) |
info (configurable†) |
||||
Connection draining on failover and failback | info (configurable) |
info (configurable‡) |
* When all the backends of a target pool-based external passthrough Network Load Balancers are unhealthy, traffic is distributed among all backends.
† Target pool-based external passthrough Network Load Balancers use backup pools to support failover.
‡ Target pool-based external passthrough Network Load Balancers don't support configuration of connection draining on failover.
# Supported for Premium Tier.
Monitoring
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Byte count metrics | info |
info |
info |
info |
info |
info |
Packet count metrics | info |
info |
||||
Round trip time (RTT) metrics | info |
info |
||||
Request latency metrics | info |
info |
info |
|||
Connection count metrics | info |
info |
||||
HTTP request count metrics | info |
info |
Logging
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Log type | ||||||
HTTP request and response attribute logs | info |
info |
||||
Connection attribute logs | info |
info |
info |
info |
||
Log fields | ||||||
HTTP request | info |
global, classic regional |
||||
String that explains the proxy response | proxyStatus | statusDetails proxyStatus |
||||
TLS metadata between client and load balancer | info |
(Only regional mode) |
||||
Connection attributes: 5-tuple, bytes/packets sent and received | info |
info |
info |
|||
VM instance details and GKE details | info |
(Only regional mode) |
info |
info |
||
Client VPC or location details | info |
info |
||||
Network tier details | info |
|||||
Labels describing the load balancer resource | info |
global, classic regional |
info |
info |
info |
info |
Session affinity
For detailed information, see Session affinity.
For links to reference information, see Backend services.
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Headers | (Only global and regional mode) |
|||||
HTTP cookie | (Only global and regional) |
|||||
Generated cookie | ||||||
Stateful cookie | (Only global and regional) |
|||||
Client IP, no destination (1-tuple)CLIENT_IP_NO_DESTINATION
|
info |
|||||
Client IP, Destination IP (2-tuple)CLIENT_IP |
1 | 1 | ||||
Client IP, Destination IP, Protocol (3-tuple)CLIENT_IP_PROTO |
1 | 1 | ||||
Client IP, Client Port, Destination IP, Destination Port, Protocol
(5-tuple)CLIENT_IP_PORT_PROTO |
1,2 | 1,2 | ||||
None (5-tuple)NONE |
3 | 3 |
1 Setting session affinity is only meaningful if the protocol uses sessions—for example, TCP.
2 If the protocol does not have a concept of ports or if the packet does not carry port information (subsequent UDP fragments, for example), then a 3-tuple hash of the Client IP, Destination IP, and protocol is used instead.
3 If the protocol has a concept of ports and the packet carries port
information, then None
is a 5-tuple hash. If the protocol does not have a
concept of ports or if the packet does not carry port information (for example,
subsequent UDP fragments), then None
is a 3-tuple hash of the Client IP,
Destination IP, and protocol.
Load balancing methods
For detailed information, see the Backend services overview.
For links to reference information, see Backend services.
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Balancing mode: connection | ||||||
Balancing mode: rate (requests per second) | * | * | ||||
Balancing mode: backend utilization (instance group backends only) |
* | * | ||||
Configurable maximum capacity per backend instance group or NEG | * | * | ||||
Circuit breaking | * | (Only regional mode) |
(Only regional mode) |
|||
Prefers region closest to client on the internet† | (Only global and classic‡ modes) |
(Only global and classic‡ modes) |
||||
Prefers region closest to the load balancer† | (Only global and classic‡ modes) |
(Only classic‡ modes) |
||||
Weight-based load balancing | (Only global and regional modes) |
# | ||||
Within zone/region load balancing policy | info |
info |
info |
info |
info |
info |
* This feature is not supported with load balancers that use serverless NEG backends.
† When the closest region is at capacity or isn't healthy, the load balancer prefers next closest region.
‡ Supported for classic load balancers in Premium Tier only.
# This feature is not supported with target pool-based external passthrough Network Load Balancers.
Routing and traffic management
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
HTTP or layer 7 request routing | info |
info |
||||
Fault injection | info |
(Only global and regional modes) |
||||
Configurable timeouts | info |
info |
info |
info |
||
Retries | info |
info |
||||
Redirects | info |
global classic regional |
||||
URL rewrites | info |
global classic regional |
||||
Request and response header transformations (configured on the URL map) |
info |
(Only global and regional modes) |
||||
Traffic splitting | info |
(Only global and regional modes) |
||||
Traffic mirroring | info1 |
(Only global and regional modes) |
(Only regional mode) |
|||
Outlier detection | info |
(Only global and regional modes) |
||||
Retry failed requests | info |
(Only global and regional modes) |
||||
Custom error responses | (Only global mode) |
|||||
Service load balancing policy | (Only cross-region mode) |
(Only global mode) |
(Only cross-region mode) |
(Only global mode) |
1 This feature is not supported with load balancers that use serverless NEG backends.
For traffic management features available with Cloud Service Mesh, see Cloud Service Mesh features: Routing and traffic management.
Autoscaling and autohealing
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Managed instance group autoscaling based on load balancer serving capacity | (Only global and classic modes) | |||||
Autohealing (native to managed instance groups and GKE) | ||||||
Connection draining | 1 |
Security
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Google-managed SSL certificates | info |
info3 |
(Only global and classic mode)1 |
|||
CORS | info |
(Only global and regional modes) |
||||
Identity-Aware Proxy (IAP) | 2 | |||||
Google Cloud Armor | (Preview) info |
info |
(Only global and classic mode) |
info |
info |
|
SSL offload | (Only global and classic modes)1 |
|||||
SSL policies (TLS version and cipher suites) |
info |
info |
info (Only global and classic modes)1 |
|||
Frontend mutual TLS | info |
info |
1 Supported only if the load balancer is configured with a target SSL proxy.
2 IAP is incompatible with Cloud CDN.
3 Global external Application Load Balancers and classic Application Load Balancers support both Compute Engine and Certificate Manager Google-managed SSL certificates, whereas regional external Application Load Balancers support only Certificate Manager Google-managed certificates.
Special features
Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
---|---|---|---|---|---|---|
Internal | External | Internal | External | Internal | External | |
Cloud CDN | (Only global and classic2 modes) |
|||||
External endpoints in internet NEGs as external backends for Cloud CDN | (Only global and classic2 modes) |
|||||
Service Extensions plugins and callouts | info |
info |
||||
Internal DNS names | (Only regional mode) |
|||||
Load balancer as next hop | info |
|||||
Specify network interface of a backend VM | (Only regional3 and cross-region4 modes) |
5 | 3 | 5 | 6 | |
Multi-NIC load balancing | info | info | ||||
Custom request and response headers (configured on the backend service) |
(Only global and regional modes) |
|||||
Automatic Service Directory registration (Preview) | info |
info |
||||
Connection tracking policy | info |
info1 |
||||
Source IP-based traffic steering | info1 |
|||||
App Hub integration | info |
info |
info |
info |
info |
info |
1 These features are supported by backend service-based external passthrough Network Load Balancers. Target pool-based load balancers don't support these features.
2 Supported for Premium Tier
3 The backend VM's nic0
must be in the same network
and region used by the forwarding rule.
4 The backend VM's nic0
must be in the same network
used by the forwarding rule.
5 The load balancer only sends traffic to the first network interface
(nic0
), whichever VPC network that
nic0
is in.
6 The load balancer only sends traffic to the first network
interface (nic0
) of the backend VM.
What's next
For detailed information about each load balancer, see the following:
- External Application Load Balancer overview (global, classic, and regional)
- Internal Application Load Balancer overview (regional and cross-region)
- External proxy Network Load Balancer overview (global, classic, and regional)
- Internal proxy Network Load Balancer overview (regional and cross-region)
- External passthrough Network Load Balancer overview
- Internal passthrough Network Load Balancer overview