Network endpoint groups overview

Stay organized with collections Save and categorize content based on your preferences.

A network endpoint group (NEG) is a configuration object that specifies a group of backend endpoints or services. A common use case for this configuration is deploying services in containers. You can also distribute traffic in a granular fashion to applications running on your backend instances.

You can use NEGs as backends for some load balancers and with Traffic Director.

Types of NEGs

Use the following tables to decide which type of NEG you need for your deployment.

Zonal NEG

Features Details
Purpose

One or more internal IP address endpoints that resolve to either Compute Engine VM instances or GKE Pods.

For detailed information about this NEG and its use cases, see Zonal NEGs overview.

NetworkEndpointType API name
  • GCE_VM_IP
    IP only: resolves to the primary internal IP address of a Compute Engine VM's NIC

    OR

  • GCE_VM_IP_PORT
    IP:Port: resolves to either the primary internal IP address of a Google Cloud VM's NIC or an alias IP address on a NIC; for example, Pod IP addresses in VPC-native clusters.
Number of endpoints 1 or more
Health checks for NEGs attached to backend services Centralized health checks for NEGs with GCE_VM_IP_PORT and GCE_VM_IP endpoints.
Scope Zonal
Routing VPC network
Google Cloud products that use this NEG
  • Internal TCP/UDP Load Balancing (GCE_VM_IP endpoints):
  • Internal regional TCP proxy load balancer (GCE_VM_IP_PORT endpoints)
  • Internal HTTP(S) Load Balancing (GCE_VM_IP_PORT endpoints)
  • Global external HTTP(S) load balancer (GCE_VM_IP_PORT endpoints)
  • Global external HTTP(S) load balancer (classic) (GCE_VM_IP_PORT endpoints)
  • Regional external HTTP(S) load balancer (GCE_VM_IP_PORT endpoints)
  • External TCP Proxy Load Balancing (GCE_VM_IP_PORT endpoints)
  • External SSL Proxy Load Balancing (GCE_VM_IP_PORT endpoints)
  • Traffic Director (GCE_VM_IP_PORT endpoints)

Related documentation:

Internet NEG

Features Details
Purpose

A single internet-routable endpoint that is hosted outside of Google Cloud.

For detailed information about this NEG and its use cases, see Internet NEGs overview.

NetworkEndpointType API name
  • INTERNET_IP_PORT
    IP:Port, where IP must not be a RFC 1918 address.

    OR

  • INTERNET_FQDN_PORT
    FQDN:Port
Number of endpoints 1
Health checks for NEGs attached to backend services Not applicable
Scope Global
Routing Internet
Google Cloud products that use this NEG

Serverless NEG

Features Details
Purpose

A single endpoint within Google's network that resolves to an App Engine, Cloud Functions, API Gateway, or Cloud Run service.

For detailed information about this NEG and its use cases, see Serverless NEGs overview.

NetworkEndpointType API name SERVERLESS

FQDN belonging to an App Engine, Cloud Functions, API Gateway, or Cloud Run service.

Number of endpoints 1
Health checks for NEGs attached to backend services Not applicable
Scope Regional
Routing To Google APIs and Services
Google Cloud products that use this NEG

Hybrid connectivity NEG

Features Details
Purpose One or more endpoints that resolve to on-premises services, server applications in another cloud, and other internet-reachable services outside Google Cloud.
NetworkEndpointType API name NON_GCP_PRIVATE_IP_PORT

IP:Port belonging to a VM that is not in Compute Engine and that must be routable using hybrid connectivity.

Number of endpoints 1 or more
Health checks for NEGs attached to backend services
  • Centralized health checks when you use this NEG with a supported load balancing product.
  • Envoy distributed health checks for NEGs used with Traffic Director
Scope Zonal
Routing to an on-premises network or another Cloud provider network by way of Cloud Interconnect VLAN attachment, Cloud VPN tunnel, or Router appliance VM in a VPC network
Google Cloud products that use this NEG

Private Service Connect NEG

Features Details
Purpose A single endpoint that resolves to one of the following:
  • A Google-managed regional API endpoint
  • A managed service published using Private Service Connect
NetworkEndpointType API name PRIVATE_SERVICE_CONNECT
Number of endpoints 1
Health checks for NEGs attached to backend services Not applicable
Scope Regional
Routing
  • Internal HTTP(S) Load Balancing:
    • To Google APIs and services
  • External HTTP(S) Load Balancing:
    • VPC network
Google Cloud products that use this NEG