A load balancer distributes user traffic across multiple instances of your applications. By spreading the load, load balancing reduces the risk that your applications experience performance issues. Google's Cloud Load Balancing is built on reliable, high-performing technologies such as Maglev, Andromeda, Google Front Ends, and Envoy—the same technologies that power Google's own products.
Cloud Load Balancing offers a comprehensive portfolio of application and network load balancers. Use our global proxy load balancers to distribute millions of requests per second among backends in multiple regions with our Google Front End fleet in over 80 distinct locations worldwide—all with a single, anycast IP address. Implement strong jurisdictional control with our regional proxy load balancers, keeping your backends and proxies in a region of your choice without worrying about TLS/SSL offload. Use our passthrough load balancers to quickly route multiple protocols to backends with the high performance of direct server return (DSR).
Cloud Load Balancing offers the following load balancer features:
Single anycast IP address. With Cloud Load Balancing, a single anycast IP address is the frontend for all of your backend instances in regions around the world. It provides cross-region load balancing, including automatic multi-region failover, which moves traffic to failover backends if your primary backends become unhealthy. Cloud Load Balancing reacts instantaneously to changes in users, traffic, network, backend health, and other related conditions.
Software-defined load balancing. Cloud Load Balancing is a fully distributed, software-defined, managed service for all your traffic. It is not an instance-based or device-based solution, so you won't be locked into a physical load-balancing infrastructure or face the high availability, scale, and management challenges inherent in instance-based load balancers.
Seamless autoscaling. Cloud Load Balancing can scale as your users and traffic grow, including easily handling huge, unexpected, and instantaneous spikes by diverting traffic to other regions in the world that can take traffic. Autoscaling does not require pre-warming: you can scale from zero to full traffic in a matter of seconds.
Layer 4 and Layer 7 load balancing. Use Layer 4-based load balancing to direct traffic based on data from network and transport layer protocols such as TCP, UDP, ESP, GRE, ICMP, and ICMPv6 . Use Layer 7-based load balancing to add request routing decisions based on attributes, such as the HTTP header and the uniform resource identifier.
External and internal load balancing. You can use external load balancing when your users reach your applications from the internet. You can use internal load balancing when your clients are inside of Google Cloud.
Global and regional load balancing. You can distribute your load-balanced resources in single or multiple regions to terminate connections close to your users and to meet your high availability requirements.
Advanced feature support. Cloud Load Balancing supports features such as IPv6 global load balancing, source IP-based traffic steering, weighted load balancing, WebSockets, user-defined request headers, and protocol forwarding for private virtual IP addresses (VIPs).
It also includes the following integrations:
- Integration with Cloud CDN for cached content delivery. Cloud CDN is supported with the global external Application Load Balancer and the classic Application Load Balancer.
- Integration with Google Cloud Armor to protect your infrastructure from distributed denial-of-service (DDoS) attacks and other targeted application attacks. Always-on DDoS protection is available for the global external Application Load Balancer, the classic Application Load Balancer, the external proxy Network Load Balancer, and the external passthrough Network Load Balancer. Additionally, Google Cloud Armor supports advanced network DDoS protection only for external passthrough Network Load Balancers. For more information, see Configure advanced network DDoS protection.
Types of load balancers
Cloud Load Balancing offers two types of load balancers: Application Load Balancers and Network Load Balancers. You'd choose an Application Load Balancer when you need a Layer 7 load balancer for your applications with HTTP(S) traffic. You'd choose a Network Load Balancer when you need a Layer 4 load balancer that supports TLS offloading (with a proxy load balancer) or you need support for IP protocols such as UDP, ESP, ICMP, and so on (with a passthrough load balancer).
Application Load Balancers
Application Load Balancers are proxy-based Layer 7 load balancers that enable you to run and scale your services behind a single IP address. The Application Load Balancer distributes HTTP and HTTPS traffic to backends hosted on a variety of Google Cloud platforms—such as Compute Engine, Google Kubernetes Engine (GKE), and Cloud Run—as well as external backends outside Google Cloud.
Application Load Balancers can be deployed externally or internally depending on whether your application is internet-facing or internal:
- External Application Load Balancers are implemented as
managed services either on Google Front Ends
(GFEs) or
Envoy proxies. Clients can
connect to these load balancers from anywhere on the internet. Note the
following:
- These load balancers can be global or regional.
- For global external Application Load Balancers, only the Premium Tier is supported.
- For regional external Application Load Balancers, only the Standard Tier is supported.
- Application Load Balancers use the open source Envoy proxy to enable advanced traffic management capabilities.
- Internal Application Load Balancers are built on the
Andromeda network virtualization stack and the open source Envoy proxy. This
load balancer provides internal proxy-based load balancing of Layer 7
application data. You specify how traffic is routed with URL maps. The load
balancer uses an internal IP address that is
accessible only to clients in the same VPC network or
clients connected to your VPC network. Note the
following:
- These load balancers can be regional or cross-region.
- Regional internal Application Load Balancers support only regional backends.
- Cross-region internal Application Load Balancers (Preview) support global backends and are always globally accessible. Clients from any Google Cloud region can send traffic to the load balancer.
The following diagram shows a sample Application Load Balancer architecture.
Network Load Balancers
Network Load Balancers are Layer 4 load balancers that can handle TCP, UDP, or other IP protocol traffic. These load balancers are available as either proxy load balancers or passthrough load balancers. You can pick a load balancer depending on the needs of your application and the type of traffic that it needs to handle. Choose a proxy Network Load Balancer if you want to configure a reverse proxy load balancer with support for advanced traffic controls and backends on-premises and in other cloud environments. Choose a passthrough Network Load Balancer if you want to preserve the source IP address of the client packets, you prefer direct server return for responses, or you want to handle a variety of IP protocols such as TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .
Proxy Network Load Balancers
Proxy Network Load Balancers are Layer 4 reverse proxy load balancers that distribute TCP traffic to virtual machine (VM) instances in your Google Cloud VPC network. Traffic is terminated at the load balancing layer and then forwarded to the closest available backend by using TCP. These load balancers are implemented on GFEs that are distributed globally.
These load balancers are deployed in two modes, depending on whether your application is internet facing or internal:
External proxy Network Load Balancers are Layer 4 load balancers that distribute traffic that comes from the internet to backends in your Google Cloud VPC network, on-premises, or in other cloud environments. These load balancers can be deployed in one of the following modes: global or regional.
- For classic proxy Network Load Balancers, the load balancer is a global load balancer in Premium Tier but can be configured to be effectively regional in Standard Tier.
- For global external proxy Network Load Balancers (Preview), only Premium Tier is supported.
- For regional external proxy Network Load Balancers, only Standard Tier is supported.
Internal proxy Network Load Balancers are Envoy proxy-based regional Layer 4 load balancers that enable you to run and scale your TCP service traffic behind an internal IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network. These load balancers can be deployed in one of the following modes: regional or cross-region.
- Regional internal proxy Network Load Balancers support only regional backends.
- Cross-region internal proxy Network Load Balancers (Preview) support global backends and are always globally accessible. Clients from any Google Cloud region can send traffic to the load balancer.
The following diagram shows a sample proxy Network Load Balancer architecture.
Passthrough Network Load Balancers
Passthrough Network Load Balancers are Layer 4 regional, passthrough load balancers. These load balancers distribute traffic among backends in the same region as the load balancer. They are implemented by using Andromeda virtual networking and Google Maglev.
As the name suggests, these load balancers are not proxies. Load-balanced packets are received by backend VMs with the packet's source and destination IP addresses, protocol, and, if the protocol is port-based, the source and destination ports unchanged. Load-balanced connections are terminated at the backends. Responses from the backend VMs go directly to the clients, not back through the load balancer. The industry term for this is direct server return (DSR).
These load balancers are deployed in two modes, depending on whether the load balancer is internet-facing or internal:
- External passthrough Network Load Balancers are built on Maglev. Clients can connect to these load balancers from anywhere on the internet regardless of whether the IP address of the load balancer is in the Premium Tier or the Standard Tier. The load balancer can also receive traffic from Google Cloud VMs with external IP addresses or from Google Cloud VMs that have internet access through Cloud NAT or instance-based NAT.
- Internal passthrough Network Load Balancers are built on the Andromeda network virtualization stack. An internal passthrough Network Load Balancer enables you to load balance TCP/UDP traffic behind an internal load-balancing IP address that is accessible only to systems in the same VPC network or systems connected to your VPC network. This load balancer can only be configured in Premium Tier.
The following diagram shows a sample passthrough Network Load Balancer architecture.
Choose a load balancer
To determine which Cloud Load Balancing product to use, you must first determine what traffic type your load balancers must handle. As a general rule, you'd choose an Application Load Balancer when you need a flexible feature set for your applications with HTTP(S) traffic. And you'd choose a Network Load Balancer when you need TLS offloading at scale or support for UDP, or if you need to expose client IP addresses to your applications.
You can further narrow down your choices depending on your application's requirements: whether your application is external (internet-facing) or internal, and whether you need backends deployed globally or regionally.
The following diagram shows all of the available deployment modes for Cloud Load Balancing.
1 Global external Application Load Balancers support two modes of operation: global and classic.
2 Global external proxy Network Load Balancers support two modes of operation: global (Preview) and classic.
3 Passthrough Network Load Balancers preserve client source IP addresses. Passthrough Network Load Balancers also support additional protocols like UDP, ESP, and ICMP.
Summary of types of Google Cloud load balancers
The following table provides more specific information about each load balancer.
| Load balancer | Deployment mode | Traffic type | Network service tier | Load-balancing scheme † |
|---|---|---|---|---|
| Application Load Balancers | Global external | HTTP or HTTPS | Premium | EXTERNAL_MANAGED |
| Regional external | HTTP or HTTPS | Standard | EXTERNAL_MANAGED | |
| Classic | HTTP or HTTPS | Global in Premium Tier Regional in Standard Tier |
EXTERNAL | |
Regional internal |
HTTP or HTTPS | Premium | INTERNAL_MANAGED | |
Cross-region internal |
HTTP or HTTPS | Premium | INTERNAL_MANAGED | |
| Proxy Network Load Balancers | Global external | TCP with optional SSL offload | Premium Tier |
EXTERNAL_MANAGED |
| Classic | TCP with optional SSL offload | Global in Premium Tier Regional in Standard Tier |
EXTERNAL | |
| Regional external | TCP | Standard only | EXTERNAL_MANAGED | |
Regional internal Always regional |
TCP without SSL offload | Premium only | INTERNAL_MANAGED | |
Cross-region internal multi-regional |
TCP without SSL offload | Premium only | INTERNAL_MANAGED | |
| Passthrough Network Load Balancers | External Always regional |
TCP, UDP, ESP, GRE, ICMP, and ICMPv6 | Premium or Standard | EXTERNAL |
Internal Always regional |
TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE | Premium only | INTERNAL |
† The load-balancing scheme is an attribute on the forwarding rule and the backend service of a load balancer and indicates whether the load balancer can be used for internal or external traffic.
The term *_MANAGED in the load-balancing scheme indicates that
the load balancer is implemented as a managed service either on Google Front Ends
(GFEs) or on the open source Envoy proxy. In a
load-balancing scheme that is *_MANAGED, requests are routed
either to the GFE or to the Envoy proxy.
Interfaces
You can configure and update your load balancers by using the following interfaces:
The Google Cloud CLI: A command-line tool included in the Google Cloud CLI; the documentation calls on this tool frequently to accomplish tasks. For a complete overview of the tool, see the gcloud CLI guide. You can find commands related to load balancing in the
gcloud computecommand group.You can also get detailed help for any
gcloudcommand by using the--helpflag.gcloud compute http-health-checks create --helpThe Google Cloud console: Load-balancing tasks can be accomplished by using the Google Cloud console.
The REST API: All load-balancing tasks can be accomplished by using the Cloud Load Balancing API. The API reference docs describe the resources and methods available to you.
Terraform: You can provision, update, and delete the Google Cloud load-balancing infrastructure by using an open source infrastructure-as-code tool such as Terraform.
What's next
- To help you determine which Google Cloud load balancer best meets your needs, see Choose a load balancer.
- To see a comparative overview of the load-balancing features offered by Cloud Load Balancing, see Load balancer feature comparison.