Internal TCP/UDP Load Balancing and forwarding rules with a common IP address

Google Cloud Internal TCP/UDP Load Balancing is a regional load balancer that enables you to run and scale your services behind an internal load balancing IP address that is accessible only to your internal virtual machine (VM) instances.

For general information about internal TCP/UDP load balancers, see the overview page.

This page discusses using multiple forwarding rules with the same IP address.

Overview

Internal forwarding rules that have a common internal IP address can:

  • Use the same or different protocols
  • Use the same or different specific set of ports or the --ports=ALL option
  • Reference a common backend service (a single load balancer) or multiple backend services (multiple load balancers, sharing the same IP address)

When your forwarding rules have different protocols, you must have two different backend services, as well. A single internal TCP/UDP load balancer works for either TCP or UDP traffic, not both, because it has a single backend service that uses only one of these protocols.

Decision matrices for forwarding rules

Use the following tables to design your deployment.

Single internal TCP/UDP load balancer

A single backend service supports TCP or UDP, not both.

When you need multiple forwarding rules, calculate the number of forwarding rules that you need by using the formula:

⌈total number of ports / 5⌉
where ⌈⌉ is the ceiling (least integer) function, meaning round up

For example, suppose you need 26 TCP ports on one IP address of your load balancer. If you don't want to create a single forwarding rule using --ports=ALL, you must create six forwarding rules because:

26 / 5 = 5 with a remainder of 1

Intended frontend configuration Number of forwarding rules required --purpose=SHARED_LOADBALANCER_VIP flag required for IP address Forwarding rule port specification
One IP address, traffic on all ports One forwarding rule No --ports=ALL
One IP address, traffic on specific ports
  • Five or fewer ports:
    one forwarding rule
  • Six or more specific ports:
    multiple forwarding rules
No, for five or fewer ports

Yes, for six or more ports
Set --ports to a set of up to five contiguous or non-contiguous port numbers
Multiple IP addresses, traffic on all ports One forwarding rule per IP address No --ports=ALL
Multiple IP addresses, traffic on specific ports One forwarding rule per IP address No, for five or fewer ports

Yes, for six or more ports
Set --ports to a set of up to five contiguous or non-contiguous port numbers

Two internal TCP/UDP load balancers

When you have two internal TCP/UDP load balancers, you can have two backend services, where one backend service is for TCP traffic, and the other backend service is for UDP traffic.

When you need multiple forwarding rules, calculate the number of forwarding rules that you need by using the formula:

⌈total number of TCP ports / 5⌉

⌈total number of UDP ports / 5⌉

where ⌈⌉ is the ceiling (least integer) function, meaning round up

For example, suppose you need 26 TCP ports and 12 UDP ports. You must create 9 forwarding rules because:

  • 26 / 5 = 5 with a remainder of 1, so you need six forwarding rules for your TCP ports.
  • 12 / 5 = 2 with a remainder of 2, so you need three forwarding rules for your UDP ports.
Intended frontend configuration Number of forwarding rules required --purpose=SHARED_LOADBALANCER_VIP flag required for IP address Forwarding rule port specification
One IP address, traffic on all ports Two forwarding rules (one for TCP, one for UDP) Yes, because the TCP forwarding rule and the UDP forwarding rule must share a single IP address --ports=ALL
One IP address, traffic on specific ports Five or fewer TCP ports and five or fewer UDP ports:
two forwarding rules (one for TCP, one for UDP)

For six or more TCP ports or UDP ports:
multiple forwarding rules, where each forwarding rule supports one protocol and five or fewer ports
Yes Set --ports to a set of up to five contiguous or non-contiguous port numbers
Multiple IP addresses, traffic on all ports, either TCP or UDP At least two forwarding rules (one for TCP using one IP address, the other for UDP using a different IP address)

You need three or more forwarding rules if you need three or more IP addresses
No --ports=ALL
Multiple IP addresses, traffic on specific ports, either TCP or UDP At least two forwarding rules (one for TCP using one IP address, the other for UDP using a different IP address)

You need more than two forwarding rules if you need:
  • More than two IP addresses, or...
  • More than five ports for TCP traffic on an IP address or more than five ports for UDP traffic on an IP address
No, for one IP address with five or fewer TCP ports and one IP address with five or fewer UDP ports

Yes, for six or more TCP ports or six or more UDP ports
Set --ports to a set of up to five contiguous or non-contiguous port numbers

Use cases

Many different types of deployments are possible. The following are just a few examples that use one IP address accepting traffic on specific ports for two load balancers.

  • Different forwarding rules with the following:

    • The same IP address
    • Different protocols
    • Pointing to separate backend services
    • Each backend service's protocol matches the protocol of the corresponding forwarding rule
    Different forwarding rules, same IP address, different protocols/ports (click to enlarge)
    Different forwarding rules, same IP address, different protocols/ports (click to enlarge)
  • Different forwarding rules with the following:

    • The same IP address
    • The same protocol
    • A different specific set of numbered ports on each forwarding rule

    This configuration option is an alternative to creating a single forwarding rule that specifies all ports.

    Different forwarding rules, same IP address, same protocol, more than five numbered ports (click to enlarge)
    Different forwarding rules, same IP address, same protocol, more than five numbered ports (click to enlarge)

Configuring

You can create multiple internal forwarding rules that have the same IP address if you do both of the following:

For an example setup, see Setting up forwarding rules with the same IP address.