Forwarding rule concepts

A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud Platform load balancer.

Each forwarding rule references an IP address and port(s) on which the load balancer accepts traffic. Some GCP load balancers limit you to a predefined set of ports, and others allow you to specify arbitrary ports. The forwarding rule also specifies an IP protocol. For GCP load balancers, the IP protocol is always either TCP or UDP. Depending on the load balancer type, the forwarding rule specifies a backend service, target proxy, or target pool.

Depending on the load balancer type, a forwarding rule and its IP address are internal or external. Also, depending on the load balancer and its tier, a forwarding rule is either global or regional.

Internal forwarding rules

Internal forwarding rules forward traffic that originates inside a GCP network. The clients can be in the same VPC network as the backends, or the clients can be in a connected network.

Internal TCP/UDP load balancer

With an internal TCP/UDP load balancer, the supported traffic type is IPv4, and the supported protocol is either TCP or UDP (not both).

Each internal TCP/UDP load balancer has at least one regional internal forwarding rule. The regional internal forwarding rule points to the load balancer's regional internal backend service. It's also possible to have multiple internal forwarding rules pointing to the load balancer's backend service. The following diagram shows how a forwarding rule fits into the Internal TCP/UDP Load Balancing architecture.

Internal TCP/UDP Forwarding Rule(click to enlarge)
Internal TCP/UDP Forwarding Rule(click to enlarge)

The following diagram shows how the load balancer components fit within a subnet and region.

The internal forwarding rule must be in a region and a subnet, and the backend service only needs to be in the region.

High-level internal TCP/UDP load balancer example (click to enlarge)
High-level internal TCP/UDP load balancer example (click to enlarge)

For more information about internal TCP/UDP load balancers, see Internal TCP/UDP Load Balancing Concepts. For information about configuring internal TCP/UDP load balancers, see Setting Up Internal TCP/UDP Load Balancing.

External forwarding rules

External forwarding rules forward traffic that originates from the Internet, outside of your VPC network.

External forwarding rules are used by a variety of GCP load balancers:

  • HTTP(S) load balancers
  • SSL proxy load balancers
  • TCP proxy load balancers
  • Network load balancers

HTTP(S) load balancers

HTTP(S) load balancers support both Premium and Standard tier. The forwarding rule and IP address both depend on the tier you select for the load balancer.

In an HTTP(S) load balancer, a forwarding rule points to a target proxy.

In Premium Tier, an HTTP(S) load balancer uses a global external IP address, which can be either IPv4 or IPv6, and a global external forwarding rule. You can provide a globally accessible application, directing end users to backend VMs in the closest region, distributing traffic among multiple regions. Because a global external forwarding rule uses a single external IP address, you don't have to maintain separate DNS records in different regions or wait for DNS changes to propagate.

It is possible to have two different global external IP addresses pointing to the same HTTP(S) load balancer. For example, in Premium Tier, the global external IP address for one forwarding rule can be IPv4, and the global external IP address for a second forwarding rule can be IPv6. Both forwarding rules can point to the same target proxy. In this way, you can provide both an IPv4 and an IPv6 address for the same HTTP(S) load balancer. See the IPv6 Termination documentation for more information.

In Standard Tier, an HTTP(S) load balancer uses a regional external IP address, which must be IPv4, and a regional external forwarding rule. An HTTP(S) load balancer in Standard Tier can only distribute traffic to backend VMs within a single region.

The following diagram shows how a forwarding rule fits into the HTTP(S) Load Balancing architecture.

HTTP(S) Forwarding Rule(click to enlarge)
HTTP(S) Forwarding Rule(click to enlarge)

For more information about HTTP(S) load balancers, see HTTP(S) Load Balancing Concepts. For information about configuring an HTTP(S) load balancers, see Setting Up HTTP(S) Load Balancing.

SSL proxy load balancers

An SSL proxy load balancer is similar to an HTTPS load balancer because it can terminate SSL (TLS) sessions. SSL proxy load balancers do not support path-based redirection like HTTPS load balancers, so they're best suited for handling SSL for protocols other than HTTPS, such as IMAP or Websockets over SSL. See the SSL FAQ for more information.

In an SSL proxy load balancer, a forwarding rule points to a target proxy.

SSL proxy load balancers support both Premium and Standard tier. The forwarding rule and IP address both depend on the tier you select for the load balancer.

In Premium Tier, an SSL proxy load balancer uses a global external IP address, which can be either IPv4 or IPv6, and a global external forwarding rule. You can provide a globally accessible application, directing end users to backend VMs in the closest region, distributing traffic among multiple regions. Because a global external forwarding rule uses a single external IP address, you don't have to maintain separate DNS records in different regions or wait for DNS changes to propagate.

It is possible to have two different global external IP addresses pointing to the same SSL proxy load balancer. For example, in Premium Tier, the global external IP address for one forwarding rule can be IPv4, and the global external IP address for a second forwarding rule can be IPv6. Both forwarding rules can point to the same target proxy. In this way, you can provide both an IPv4 and an IPv6 address for the same SSL proxy load balancer. See the IPv6 Termination documentation for more information.

In Standard Tier, an SSL proxy load balancer uses a regional external IP address, which must be IPv4, and a regional external forwarding rule. An SSL proxy load balancer in Standard Tier can only distribute traffic to backend VMs within a single region.

The following diagram shows how a forwarding rule fits into the SSL Proxy Load Balancing architecture.

SSL Proxy Forwarding Rule(click to enlarge)
SSL Proxy Forwarding Rule(click to enlarge)

For more information about SSL proxy load balancers, see SSL Proxy Load Balancing Concepts. To configure an SSL proxy load balancer, see Setting Up SSL Proxy Load Balancing.

TCP proxy load balancers

A TCP proxy load balancer offers global TCP proxying capability, without SSL offload. TCP proxy load balancers support both Premium and Standard tier. The forwarding rule and IP address both depend on the tier you select for the load balancer.

In a TCP proxy load balancer, a forwarding rule points to a target proxy.

In Premium Tier, a TCP proxy load balancer uses a global external IP address, which can be either IPv4 or IPv6, and a global external forwarding rule. You can provide a globally accessible application, directing end users to backend VMs in the closest region, distributing traffic among multiple regions. Because a global external forwarding rule uses a single external IP address, you don't have to maintain separate DNS records in different regions or wait for DNS changes to propagate.

It is possible to have two different global external IP addresses pointing to the same TCP proxy load balancer. For example, in Premium Tier, the global external IP address for one forwarding rule can be IPv4, and the global external IP address for a second forwarding rule can be IPv6. Both forwarding rules can point to the same target proxy. In this way, you can provide both an IPv4 and an IPv6 address for the same TCP proxy load balancer. See the IPv6 Termination documentation for more information.

In Standard Tier, a TCP proxy load balancer uses a regional external IP address, which must be IPv4, and a regional external forwarding rule. A TCP proxy load balancer in Standard Tier can only distribute traffic to backend VMs within a single region.

The following diagram shows how a forwarding rule fits into the TCP Proxy Load Balancing architecture.

TCP Proxy Forwarding Rule(click to enlarge)
TCP Proxy Forwarding Rule(click to enlarge)

For more information about TCP proxy load balancers, see TCP Proxy Load Balancing Concepts. To configure a TCP proxy load balancer, see Setting Up TCP Proxy Load Balancing.

Network load balancers

Network load balancers distribute either TCP or UDP traffic among backend VMs in a single region, and they support both Premium and Standard tiers. A network load balancer uses a regional external forwarding rule and a regional external IPv4 address (regardless of Network Service tier). The regional external IP address can be accessed anywhere on the Internet.

A regional external forwarding rule points to the load balancer's target pool.

Network Forwarding Rule(click to enlarge)
Network Forwarding Rule(click to enlarge)

To use Network Load Balancing in different regions, you must create a network load balancer in each region. This is the case regardless of tier. The following figure shows Network Load Balancing with three load balancers for three different regions. Each load balancer has its own regional external forwarding rule with its own regional external IPv4 address.

Three regional backends and three forwarding rules (click to enlarge)
Network Load Balancing Example (click to enlarge)

For more information about network load balancers, see Network Load Balancing Concepts. To configure a network load balancer, see Setting Up Network Load Balancing.

How Network Tiers affect load balancers

The following table summarizes how Network Service Tiers and GCP load balancers interact:

Load Balancing Scheme Products Regional or Global Network Tiers
EXTERNAL Network LB Regional Standard, Premium
EXTERNAL TCP Proxy, SSL Proxy, HTTP(S) LB Regional Standard
EXTERNAL TCP Proxy, SSL Proxy, HTTP(S) LB Global Premium
INTERNAL Internal TCP/UDP LB Regional Premium

Network Load Balancing is always regional, regardless of Network Tier.

With Premium Tier, HTTP(S), TCP Proxy, and SSL Proxy load balancers are global. Their forwarding rules, IP addresses, and backend services are global. In Standard Tier, these load balancers are effectively regional. Their backend services remain global, but their forwarding rules and IP addresses are regional.

Internal TCP/UDP Load Balancing is always regional and always Premium Tier.

API and gcloud reference

For descriptions of the properties and methods available to you when working with forwarding rules through the REST API, see:

For the gcloud command-line tool, see:

What's next

이 페이지가 도움이 되었나요? 평가를 부탁드립니다.

다음에 대한 의견 보내기...