Network endpoint groups overview

A network endpoint group (NEG) is a configuration object that specifies a group of backend endpoints or services. A common use case for this configuration is deploying services in containers. You can also distribute traffic in a granular fashion to applications running on your backend instances.

You can use NEGs as backends for some load balancers and with Traffic Director.

Zonal and internet NEGs define how endpoints should be reached, whether they are reachable, and where they are located. Unlike these NEG types, serverless NEGs don't contain endpoints.

A zonal NEG contains one or more endpoints that can be Compute Engine VMs or services running on the VMs. Each endpoint is specified either by an IP address or an IP:port combination.

An internet NEG contains a single endpoint that is hosted outside of Google Cloud. This endpoint is specified by hostname FQDN:port or IP:port.

A serverless NEG points to Cloud Run, App Engine, Cloud Functions services residing in the same region as the NEG.

A hybrid connectivity NEG points to Traffic Director services running outside Google Cloud.

	Zonal NEG	Internet NEG	Serverless NEG	Hybrid connectivity NEG
Purpose	One or more internal IP address endpoints that resolve to either Compute Engine VM instances or GKE Pods.	A single internet-routable endpoint that is hosted outside of Google Cloud.	A single endpoint within Google's network that resolves to an App Engine, Cloud Functions, or Cloud Run (fully managed) service.	One or more endpoints that resolve to on-premises services, server applications in another cloud, and other internet-reachable services outside Google Cloud.
NetworkEndpointType API name	GCE_VM_IP IP only - Resolves to the primary internal IP address of a Compute Engine VM's NIC OR GCE_VM_IP_PORT IP:Port - Resolves to either the primary internal IP address of a Google Cloud VM's NIC or an alias IP address on a NIC; for example, Pod IP addresses in VPC-native clusters.	INTERNET_IP_PORT IP:Port where IP must not be a RFC 1918 address. OR INTERNET_FQDN_PORT FQDN:Port	SERVERLESS FQDN belonging to an App Engine, Cloud Functions, or Cloud Run (fully managed) service.	NON_GCP_PRIVATE_IP_PORT IP:Port belonging to a VM that is not in Compute Engine and that must be routable using hybrid connectivity.
Number of endpoints	1 or more	1	1	1 or more
Health checks for NEGs attached to backend services	Centralized health checking for NEGs with GCE_VM_IP_PORT endpoints only. Not applicable to NEGs with GCE_VM_IP endpoints.	Not applicable	Not applicable	Envoy distributed health checking
Scope	Zonal	Global	Regional	Zonal
Routing	VPC network	Internet	To Google APIs and Services	Internet
Google Cloud products that use this NEG	Internal HTTP(S) Load Balancing: GCE_VM_IP_PORT endpoints Internal TCP/UDP Load Balancing: GCE_VM_IP endpoints External HTTP(S) Load Balancing: GCE_VM_IP_PORT endpoints Traffic Director: GCE_VM_IP_PORT endpoints	Cloud CDN: INTERNET_IP_PORT or INTERNET_FQDN_PORT endpoint External HTTP(S) Load Balancing: INTERNET_IP_PORT or INTERNET_FQDN_PORT endpoint	External HTTP(S) Load Balancing: SERVERLESS endpoint	Traffic Director: NON_GCP_PRIVATE_IP_PORT endpoint

For more information about zonal, internet, and serverless NEGs, see:

• Zonal network endpoint groups overview
• Internet network endpoint groups overview
• Serverless network endpoint groups overview
• Hybrid connectivity network endpoint groups overview