You can select the appropriate load balancer based on your application needs.
In the following tables, a checkmark indicates that a feature is supported. For more information about a feature, click the info link.
Type of load balancer
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Proxy | info | info | info | SSL Proxy info TCP Proxy info |
||
| Pass-through | info | info | ||||
Protocols from the load balancer to the backends
For links to reference information, see Backend services.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
||
|---|---|---|---|---|---|---|---|
| Global | Regional | ||||||
|
One of: HTTP (HTTP/1.1) HTTPS (HTTP/1.1) HTTP/2 (requires TLS), including gRPC |
|||||||
|
One of: TCP or UDP |
|||||||
| One of: SSL (TLS) or TCP |
|||||||
| ESP or ICMP |
info
(Preview) |
||||||
| WebSockets | info | info | info | ||||
Protocols from the clients to the load balancer
For links to reference information, see Forwarding rules.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
||
|---|---|---|---|---|---|---|---|
| Global | Regional | ||||||
|
One of: HTTP/1.1, HTTP/2, or HTTPS |
(no QUIC support) |
(includes QUIC) |
(no QUIC support) |
||||
| HTTP/3 (based on IETF QUIC) | |||||||
|
One of: TCP or UDP |
|||||||
| SSL or TCP | |||||||
| ESP or ICMP |
info
(Preview) |
||||||
| WebSockets | info | info | info | ||||
Backends
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Backends must be in one region | (Standard Tier) |
(Standard Tier) |
||||
| Backends can be in multiple regions | (Premium Tier) |
(Premium Tier) |
||||
| Load balancer can have multiple backend services and a URL map | ||||||
| Virtual machine backends on Compute Engine | ||||||
| Zonal NEGs | Using GCE_VM_IP_PORT type endpoints with GKE:
|
Using GCE_VM_IP_PORT type endpoints with GKE:
|
Using GCE_VM_IP type endpoints with GKE:
|
Use standalone zonal NEGs | ||
| Self-managed Kubernetes and GKE | ||||||
| External endpoints in internet NEGs | info (Premium Tier) |
|||||
| Private external endpoints in hybrid NEG backends | info | info | info | |||
| Cloud Storage in backend buckets | info | |||||
Serverless backends:
|
info | |||||
| Private Service Connect NEGs | info | |||||
Health checks
For links to reference information, see Health checks.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| gRPC health checks | 1 | |||||
| HTTP health checks | 1 | |||||
| HTTPS health checks | 1 | |||||
| HTTP/2 health checks | 1 | |||||
| SSL health checks | 1 | |||||
| TCP health checks | 1 | |||||
Configurable health checks:
|
||||||
| Configurable request path (HTTP, HTTPS, HTTP/2) | 1 | |||||
| Configurable request string or path (TCP or SSL) | 1 | |||||
| Configurable expected response string | 1 | |||||
1 This table documents health checks supported by backend
service-based network load balancers. Target pool-based
network load balancers only support legacy HTTP health checks.
IP addresses
For links to reference information, see Addresses.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Internal IP address, accessible in your Virtual Private Cloud (VPC) network | ||||||
| External IP address (global anycast) | (Premium Tier) |
(Premium Tier) |
||||
| External IP address (regional) | (Standard Tier) |
(Standard Tier) |
||||
| External IP address from Bring your own IP (BYOIP) | ||||||
| Multiple forwarding rules with the same IP address, each having a unique protocol and port combination | ||||||
| Internet accessible (including by clients that are in Google Cloud and have internet access) |
||||||
| Privately accessible |
|
|
||||
| Client source IP address preservation | X-Forwarded-For header | X-Forwarded-For header | X-Forwarded-For header | In TCP Proxy header | ||
| IPv6 termination | ||||||
Network topologies
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Relationships between VPC networks and load balancer backends | ||||||
| Backends must be in the same VPC network | ||||||
| Backends can be located in multiple VPC networks in
the same project (the networks do not have to be connected) |
||||||
| Backends can use a Shared VPC network | ||||||
| Client access to load balancers | ||||||
| Google Cloud or on-premises clients must access the load balancer privately by being either in the same VPC network, in a peered VPC network, or in another network connected using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs) | ||||||
| Google Cloud client VMs require external IP addresses or a
NAT solution like Cloud NAT to access the load balancer |
||||||
| On-premises client VMs require internet access to access the load balancer | ||||||
| Google Cloud client VMs can be located in any region | (Premium Tier) | If global access is enabled |
||||
| Google Cloud client VMs can be located in any project (subject to other requirements in this table) |
||||||
Failover
This table documents failover as supported by backend service-based network load balancers.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Automatic failover to healthy backends within same region | ||||||
| Automatic failover to healthy backends in other regions | (Premium Tier) |
(Premium Tier) |
||||
| Behavior when all backends are unhealthy | Returns HTTP 503 | Returns HTTP 502 | Returns HTTP 503 | info
(configurable) |
info
(configurable1) |
Traffic dropped |
| Configurable standby backends | info
(configurable) |
info
(configurable2) |
||||
| Connection draining on failover and failback | info
(configurable) |
info
(configurable3) |
||||
1 When all the backends of a target pool-based network load balancer
are unhealthy, traffic is distributed among all backends.
2 Target pool-based network load balancers use backup pools to support failover.
3 Target pool-based network load balancers do not support configuration of connection draining on failover/failback.
2 Target pool-based network load balancers use backup pools to support failover.
3 Target pool-based network load balancers do not support configuration of connection draining on failover/failback.
Logging and monitoring
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Byte count metrics | info | info | info | info | info | |
| Packet count metrics | info | info | info | |||
| Round trip time or latency metrics | info | info | info | info | info | |
| Connection count metrics | info | |||||
| HTTP request count metrics | info | info | ||||
| HTTP request and response attribute logs | info | info | ||||
Session affinity
For detailed information, see Session affinity.
For links to reference information, see Backend services.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Headers | ||||||
| HTTP cookie | ||||||
| Generated cookie | ||||||
| Client IP, Destination IP (2-tuple) | 1 | 1 | ||||
| Client IP, Destination IP, Protocol (3-tuple) | 1 | 1 | ||||
| Client IP, Client Port, Destination IP, Destination Port, Protocol (5-tuple) | 1,2 | 1,2 | ||||
| None (5-tuple) | 3 | 3 | ||||
1 Setting session affinity is only meaningful if the protocol uses sessions. For example, TCP.
2 If the protocol does not have a concept of ports or if the packet does not carry port information (subsequent UDP fragments, for example), then a 3-tuple hash of the Client IP, Destination IP, and protocol is used instead.
3 If the protocol has a concept of ports and the packet carries port
information, then None is a 5-tuple hash. If the protocol does not have a
concept of ports or if the packet does not carry port information (for example,
subsequent UDP fragments), then None is a 3-tuple hash of the Client IP,
Destination IP, and protocol.
Load balancing methods
For detailed information, see the Backend services overview.
For links to reference information, see Backend services.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Balancing mode: connection | ||||||
| Balancing mode: rate (requests per second) | ||||||
| Balancing mode: backend utilization (instance group backends only) |
||||||
| Configurable maximum capacity per backend instance group or NEG | ||||||
| Circuit breaking | ||||||
| Percent of traffic/weight-based | ||||||
|
Prefers region closest to client on the internet When the closest region is at capacity or isn't healthy, prefers next closest region |
(Premium Tier) |
(Premium Tier) |
||||
| Within zone/region load balancing policy | Load balancing locality policy |
Round robin in a zone |
Round robin in a zone and load balancing locality policy |
Hash-based distribution among all backends in the active pool when failover is configured, or among all backends in the region |
Hash-based distribution among all backends in the active pool when failover is configured, or among all backends in the region 1 |
Round robin in a zone |
1 This table documents load balancing methods supported by backend
service-based network load balancers. Target pool-based
network load balancers also perform hash-based distribution among all instances in
the target pool or backup pool.
Routing and traffic management
For internal HTTP(S) load balancers, see the following links:
- Traffic management overview for internal HTTP(S) load balancers
- Setting up traffic management for internal HTTP(S) load balancers
For external HTTP(S) load balancers, see the following link:
For traffic management features available with Traffic Director, see Traffic Director features: Routing and traffic management.
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| HTTP/Layer 7 request routing |
Suffix, prefix, and match on: |
Suffix, prefix, and match on: |
Suffix, prefix, and match on: |
|||
| Fault injection | info | |||||
| Configurable timeouts | info | info | info | info | ||
| Retries | info | info | info | |||
| Redirects | info | info | info | |||
| URI rewrites | info | info | info | |||
| Request/response header transformations | info | |||||
| Traffic splitting | info | |||||
| Traffic mirroring | info | |||||
| Outlier detection | info | |||||
| Retry failed requests | info | |||||
Autoscaling and autohealing
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Managed instance group autoscaling based on load balancer serving capacity | ||||||
| Autohealing (native to managed instance groups and GKE) | ||||||
| Connection draining | 1 | |||||
1 This table documents autoscaling and autohealing features supported
by backend service-based network load balancers. Target
pool-based network load balancers do not support connection draining.
Security
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Managed certificates | info | info
(SSL proxy only) |
||||
| CORS | info | |||||
| Identity-Aware Proxy (IAP) | info | |||||
| Google Cloud Armor | info | |||||
| SSL offload | (SSL proxy only) |
|||||
| SSL policies (TLS version and cipher suites) |
info | info (SSL proxy only) |
||||
Special features
| Feature | Internal HTTP(S) | External HTTP(S) | Internal TCP/UDP | External TCP/UDP Network | External SSL Proxy and TCP Proxy |
|
|---|---|---|---|---|---|---|
| Global | Regional | |||||
| Cloud CDN | info (Premium Tier) |
|||||
| External endpoints in internet NEGs as external backends for Cloud CDN | info (Premium Tier) |
|||||
| Internal DNS names | info | |||||
| Load balancer as next hop | info | |||||
| Specify network interface of a backend VM (Multi-NIC load balancing) |
The backend VM's nic0 must be in the same network
and region used by the forwarding rule. |
The load balancer only sends traffic to the first network interface
(nic0), whichever VPC network that
nic0 is in. |
info | The load balancer only sends traffic to the first network interface
(nic0), whichever VPC network that
nic0 is in. |
||
| Custom request and response headers | info
Geo-location information, Smoothed RTT, Client latency |
|||||
| Automatic Service Directory registration (Preview) | info | info | ||||
| Connection tracking policy (Preview) | ||||||
What's next
- To get an overview of the different load balancing solutions that are available in Google Cloud, see Load balancing overview.
- To help you determine which Google Cloud load balancer best meets your needs, see Choosing a load balancer.