Setting Up Network Endpoint Groups in Load Balancing

Configuring network endpoint groups and adding endpoints

This section contains instructions for configuring network endpoint groups (NEGs)and network endpoints using the gcloud command-line tool. Before you configure NEGs, read Network Endpoint Groups in Load Balancing Concepts.

Creating network endpoint groups

Console


To create network endpoint groups:

  1. Go to the Network Endpoint Groups page in the Google Cloud Platform Console.
    Go to the Network Endpoint Groups page
  2. Click CREATE NETWORK ENDPOINT GROUP.
  3. Enter the Name of the network endpoint group.
  4. Select the VPC Network location.
  5. Select the VPC network.
  6. Select the Subnet.
  7. Select the Zone.
  8. Select the Network endpoint type.
  9. Enter the Network endpoint default port.
  10. Click Create

gcloud


To create network endpoint groups, use the following gcloud command:

gcloud beta compute network-endpoint-groups create [NEG_NAME] \
    --zone=[ZONE] \
    --network=[NETWORK] \
    [--subnet=[SUBNET]
    [--default-port=[DEFAULT_PORT]

In this command, the flags are defined as follows:

  • [NEG_NAME] is the name of the new network endpoint group. The name must be unique within the zone.
  • [ZONE] is the name of the zone in which the NEG is created.
  • [NETWORK] is the name of the network in which the NEG is created. If omitted, GCP uses a network named default.
  • [SUBNET] is the name of the subnet to which all network endpoints belong. This flag is optional if the network is an auto mode network. If it omitted, the NEG is created in the automatically-created subnet of the region that contains the zone you selected. The flag is required if the network is a custom mode network or if you need to specify a manually-created subnet.
  • [DEFAULT_PORT] is the default port associated with the NEG. This flag is optional. If omitted, all endpoints must be specified by IP:port. If included, the "port" portion may be omitted from the endpoint specification and the default port assumed.

For example:

gcloud beta compute network-endpoint-groups create my-lb-neg \
    --network=my-network \
    --subnet=my-subnet \
    --default-port=80  \
    --zone=asia-southeast1-a

Adding endpoints to a network endpoint group

Console


To add endpoints to a network endpoint group:

  1. Go to the Network Endpoint Groups page in the Google Cloud Platform Console.
    Go to the Network Endpoint Groups page
  2. Click the Name of the network endpoint group to which you want to add endpoints. You see the Network endpoint group detail page.
  3. In the Network endpoints in this group section, click Add network endpoint. You see the Add network endpoint page.
  4. Select a VM instance to add its internal IP addresses as network endpoints and click Add. You see the Network interface, zone, and subnet of the VM.
  5. Enter the IP address or range of the new network endpoint.
  6. Select the Port type.
    1. If you select Default, the endpoint uses the default port for all enpoints in the network endpoint group.
    2. If you select Custom, enter the Port number for the endpoint to use.
  7. To add more endpoints, click Add network endpoint and repeat steps 5 and 6.
  8. After you add all the endpoints that you need, click Add.

gcloud


To add endpoints to a network endpoint group:

gcloud beta compute network-endpoint-groups update [NEG_NAME] \
    [--zone=[ZONE]] \
    --add-endpoint 'instance=[INSTANCE_NAME],[ip=[IP_ADDRESS]],[port=[PORT]]' \
    [--add-endpoint ...]

In the above command:

  • [NEG_NAME] is the name of the NEG.
  • [ZONE] is the name of the zone in which the NEG was created.
  • [INSTANCE_NAME] is the name of the VM instance to which the IP address belongs.
  • [IP_ADDRESS] is the IP address for the network endpoint being added.
  • [PORT] is the port of the network endpoint being added. The port is optional if default port is specified in the NEG.

For example:

gcloud beta compute network-endpoint-groups update my-lb-neg \
    --zone=asia-southeast1-a
    --add-endpoint 'instance=my-vm1,ip=10.1.1.1,port=80' \

Adding a network endpoint group to a backend service

Console


To add a network endpoint group to a backend service:

  1. Go to the Load balancing page in the Google Cloud Platform Console.
    Go to the Load balancing page
  2. Click the name of the load balancer whose backend service you want to edit.
  3. On the Load balancer details page, click the EDIT pencil.
  4. On the Edit load balancer page, click Backend configuration.
  5. On the Backend configuration page, click the edit pencil.
  6. Click +Add backend.
  7. Select a Network endpoint group and click Done.
  8. Click Update.

gcloud


To add a NEG to a backend service:

gcloud beta compute backend-services add-backend [BACKEND_SERVICE] \
    [--network-endpoint-group=[NETWORK_ENDPOINT_GROUP] \
    [--network-endpoint-group-zone=[ZONE]

For example:

gcloud beta compute backend-services add-backend my-lb \
   --network-endpoint-group my-lb-neg \
   --network-endpoint-group-zone=asia-southeast1-a \
   --global \
   --balancing-mode=RATE \
   --max-rate-per-endpoint=5

Removing a network endpoint group from a backend service

Console


  1. Go to the Load balancing page in the Google Cloud Platform Console.
    Go to the Load balancing page
  2. Click the name of the load balancer whose backend service you want to edit.
  3. On the Load balancer details page, click the EDIT pencil.
  4. On the Edit load balancer page, click Backend configuration.
  5. On the Backend configuration page, click the edit pencil for the backend service from which you are removing the NEG.
  6. In the *Backend section, locate the NEG you want to remove and click the trash can icon for that NEG.
  7. Click Update.

gcloud


To remove a NEG from a backend service:

gcloud beta compute backend-services remove-backend [BACKEND_SERVICE] \
    --network-endpoint-group=NETWORK_ENDPOINT_GROUP \
    --network-endpoint-group-zone=NETWORK_ENDPOINT_GROUP_ZONE

For example:

gcloud beta compute backend-services remove-backend my-lb \
    --network-endpoint-group=my-lb-neg \
    --network-endpoint-group-zone=asia-southeast1-a

Removing endpoints from a network endpoint group

When a network endpoint is removed from a load balancing NEG, it triggers connection draining based on the drain parameters specified in the backend service. If multiple backend services refer to the same NEG, the maximum drain interval across all backend services is applied.

Console


To remove endpoints from a network endpoint group:

  1. Go to the Network Endpoint Groups page in the Google Cloud Platform Console.
    Go to the Network Endpoint Groups page
  2. Click the Name of the network endpoint group from which you want to delete endpoints. You see the Network endpoint group detail page.
  3. Select the network endpoints you want to delete and click Remove endpoint.

gcloud


To remove endpoints from a network endpoint group:

gcloud beta compute network-endpoint-groups update NEG_NAME \
[--zone=ZONE] \
--remove-endpoint 'instance=INSTANCE_NAME,[ip=IP],[port=PORT]' \
--remove-endpoint ...

For example:

gcloud beta compute network-endpoint-groups update my-lb-neg \
     --remove-endpoint 'instance=my-vm1,ip=10.1.1.1,port=80' \
     --zone=asia-southeast1-a

Listing network endpoint groups

Console


To view a list of network endpoint groups, go to the Network Endpoint Groups page in the Google Cloud Platform Console.
Go to the Network Endpoint Groups page

gcloud


To list network endpoint groups:

gcloud beta compute network-endpoint-groups list

Describing a specific network endpoint group

Console


To get the details of a specific network endpoint group:

  1. Go to the Network Endpoint Groups page in the Google Cloud Platform Console.
    Go to the Network Endpoint Groups page
  2. Click the name of the network endpoint group whose details you want to see.

gcloud


To get the details of a specific network endpoint group:

gcloud beta compute network-endpoint-groups describe [NEG_NAME] \
    [--zone=ZONE]

In the above, [NEG_NAME] is the name of the network endpoint group. [ZONE], which is optional, is the name of the zone where the NEG was created.

For example, the following gcloud command lists information about the network endpoint group my-lb-neg.

gcloud beta compute network-endpoint-groups describe my-lb-neg \
    --zone=asia-southeast1-a

The output of the command is the following:

    creationTimestamp: '2018-04-09T14:51:34.381-07:00'
    id: '5260475207627726473'
    kind: compute#networkEndpointGroup
    loadBalancer:
      defaultPort: 80
      network: https://www.googleapis.com/compute/beta/projects/[PROJECT_ID]/global/networks/default
      zone: https://www.googleapis.com/compute/beta/projects/[PROJECT_ID]/zones/asia-southeast1-a

Removing network endpoint groups

A network endpoint group cannot be deleted if it is attached to a backend service. Before you delete a NEG, ensure that it is detached from the backend service.

Deleting a VM immediately causes all network endpoints on the VM to be removed from the NEG, closing all connections. Deleting a NEG after deleting a backend service also removes all endpoints in that NEG without connection draining.

Console


To remove a network endpoint group from a backend service:

  1. Go to the Load balancing page in the Google Cloud Platform Console.
    Go to the Load balancing page
  2. Click the name of the load balancer whose backend service you want to edit.
  3. On the Load balancer details page, click the EDIT pencil.
  4. On the Edit load balancer page, click Backend configuration.
  5. On the Backend configuration page, click the edit pencil for the backend service from which you are removing the NEG.
  6. In the *Backend section, locate the NEG you want to remove and click the trash can icon for that NEG.
  7. Click Update.

To delete a network endpoint group:

  1. Go to the Network Endpoint Groups page in the Google Cloud Platform Console.
    Go to the Network Endpoint Groups page
  2. Locate the network endpoint group you want to delete.
  3. Click the trash can icon in that row.

gcloud


To remove a network endpoint group from a backend service:

gcloud beta compute backend-services remove-backend [BACKEND_SERVICE] \
    [--network-endpoint-group=[NETWORK_ENDPOINT_GROUP] \
    [--network-endpoint-group-zone=[ZONE]

To delete a network endpoint group:

gcloud beta compute network-endpoint-groups delete [NEG_NAME] \
    --zone=[ZONE]

For example:

gcloud beta compute backend-services remove-backend my-neg-backend \
    --network-endpoint-group=my-lb-neg \
    --network-endpoint-group-zone=southeast1-a

gcloud beta compute network-endpoint-groups delete my-lb-neg \
    --zone=asia-southeast1-a

Listing endpoints in a network endpoint group

Console


To view a list of endpoints in a network endpoint group:

  1. Go to the Network Endpoint Groups page in the Google Cloud Platform Console.
    Go to the Network Endpoint Groups page
  2. Click the Name of the network endpoint group from which you want to delete endpoints. You see the Network endpoint group detail page, on which the endpoints for the endpoint group are listed.

gcloud


To list all of the network endpoints in a network endpoint group:

gcloud beta compute network-endpoint-groups list-network-endpoints NEG_NAME \
    [--zone=ZONE]

Health checking network endpoints

To configure a health check for the endpoints in a network endpoint group, use the command gcloud beta compute health check create with the flag --use-serving-port.

You cannot use a legacy health check with a backend that is a network endpoint group. For more information, see Health Check Concepts.

Load balancing network endpoint group example

The following example creates a load balancing network endpoint group, attaches three network endpoints to the NEG, and lists the endpoints. It assumes you already have three VMs with services running on ports.

  1. Create a subnet, alias IP addresses, and two VMs.

    gcloud beta compute networks subnets create subnet-a \
        --network network-a \
        --range 10.128.0.0/16 \
        --secondary-range container-range=192.168.0.0/16
    

    gcloud beta compute instances create vm1 --zone asia-southeast1-a \
        --network-interface \
        "subnet=subnet-a,aliases=r1:192.168.0.0/24;secondaryRange1:192.168.1.0/24"
    

    gcloud beta compute instances create vm2 --zone asia-southeast1-a \
        --network-interface \
        "subnet=subnet-a,aliases=r1:192.168.2.0/24"
    

  2. Create the NEG. Note that you can have multiple NEGs in the same zone.

    gcloud beta compute network-endpoint-groups create neg1 \
         --zone=asia-southeast1-a \
         --network=network-a --subnet=subnet-a \
         --network-endpoint-type=GCE_VM_IP_PORT
         --default-port=80
    

        Created [https://www.googleapis.com/compute/beta/projects/project/zones/asia-southeast1-a/networkEndpointGroups/my-lb-neg].
        NAME       LOCATION       TYPE            ENDPOINT_TYPE   DEFAULT_PORT ENDPOINTS
        neg1  asia-southeast1-a  LOAD_BALANCING  80           0
    

  3. Add endpoints to the NEG.

    gcloud beta compute network-endpoint-groups update neg1 \
       -- zone=asia-southeast1-a
       --add-endpoint ‘instance=vm1,ip=192.168.0.1’ \
       --add-endpoint ‘instance=vm1,ip=192.168.0.1,port=8080’ \
       --add-endpoint ‘instance=vm1,ip=192.168.1.2,port=8088’ \
       --add-endpoint ‘instance=vm1,ip=192.168.1.2,port=8080’ \
       --add-endpoint ‘instance=vm2,ip=192.168.2.1,port=8088’ \
       --add-endpoint ‘instance=vm2,ip=192.168.2.2,port=8080’
    

  4. Create a health check.

    gcloud compute health-checks create http healthcheck1 --use-serving-port
    

  5. Create the backend service.

    gcloud compute backend-services create backendService1 --global --health-checks healthcheck1
    

  6. Add a backend to the backend service.

    gcloud beta compute backend-services add-backend backendService1 --global \
       --network-endpoint-group=neg1 \
       --network-endpoint-group-zone=asia-southeast1-a \
       --balancing-mode=RATE --max-rate-per-endpoint=5
    

  7. Create a URL map.

    gcloud compute url-maps create urlMap1 --default-service backendService1
    

  8. Create the target proxy.

    gcloud compute target-http-proxies create httpProxy1 --url-map urlMap1
    

  9. Create the forwarding rule.

    gcloud compute forwarding-rules create forwardingRule1 \
        --ip-protocol http --ports=80 --global --target-http-proxy httpProxy1
    

  10. Create the firewall rules.

    gcloud compute firewall-rules create allow-load-balancer \
        --network network-a \
        --source-ranges 130.211.0.0/22,35.191.0.0/16 \
        --target-tags lb \
        --allow tcp
    

Was this page helpful? Let us know how we did:

Send feedback about...

Load Balancing