Setting Up Network Load Balancing

This guide provides instructions for creating a basic Network Load Balancing configuration. The example assumes that you have multiple web servers on Google Compute Engine instances across which you want to balance the traffic. This scenario sets up a layer 3 load balancing configuration to distribute HTTP traffic across healthy instances. Basic HTTP health checks are configured to ensure that traffic is sent only to healthy instances.

This example load balances HTTP traffic, but you can use Network Load Balancing to load balance UDP, TCP, and SSL traffic. Before you start, read Network Load Balancing Concepts for conceptual information about Network Load Balancing.

Before you begin

Install the gcloud command-line tool. For a complete overview of the tool, see the gcloud Tool Guide. You can find commands related to load balancing in the gcloud compute command group.

You can also get detailed help for any gcloud command by using the --help flag:

gcloud compute http-health-checks create --help

If you haven't run the gcloud command-line tool previously, first run gcloud init to authenticate.

In addition, you must create a static external IP address for the load balancer. If you are using an image provided by Compute Engine, your virtual machine (VM) instances are automatically configured to handle this IP address. If you are using any other image, you will have to configure this address as an alias on eth0 or as a loopback on each instance.

This guide assumes that you are familiar with bash.

Configure Compute Engine instances

For this load balancing scenario, you will create three Compute Engine VM instances and install Apache on them. You will add a firewall rule that allows HTTP traffic to reach the instances.

Set up the instances

Console


  1. Go to the VM instances page in the Google Cloud Platform Console.
    Go to the VM instances page
  2. Click Create instance.
  3. Set Name to www1.
  4. Set the Region to us-central1.
  5. Set the Zone to us-central1-b.
  6. Under Boot disk, the default OS image of Google Drawfork Debian GNU/Linux 9 is already selected.
  7. Click Management, security, disks, networking, sole tenancy to to reveal advanced settings.
    1. Under Management, click Networking and populate the Tags field with network-lb-tag for network load balancing traffic.
    2. Insert the following script into the Automation, Startup script field.
       #! /bin/bash
       sudo apt-get update
       sudo apt-get install apache2 -y
       sudo service apache2 restart
       echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html
       EOF
    3. Leave the default values for rest of the fields.
    4. Click Create.
  8. Create an instance named www2 with the same settings, except with the following script inserted into the Automation, Startup script field.
     #! /bin/bash
     sudo apt-get update
     sudo apt-get install apache2 -y
     sudo service apache2 restart
     echo '<!doctype html><html><body><h1>www2</h1></body></html>' | tee /var/www/html/index.html
     EOF
  9. Create an instance named www3 with the same settings, except with the following script inserted into the Automation, Startup script field.
     #! /bin/bash
     sudo apt-get update
     sudo apt-get install apache2 -y
     sudo service apache2 restart
     echo '<!doctype html><html><body><h1>www3</h1></body></html>' | tee /var/www/html/index.html
     EOF

gcloud


The commands below are all run on your local system and assume a bash command prompt.

To see OS image names, attributes, and status use the gcloud compute images list command.

  1. Create three new virtual machines in a given zone and give them all the same tag. This example sets the zone to us-central1-b. Setting the tags field allows you to reference these instances all at once, such as with a firewall rule. These commands also install Apache on each instance and give each instance a unique home page.

    gcloud compute instances create www1 \
      --image-family debian-9 \
      --image-project debian-cloud \
      --zone us-central1-b \
      --tags network-lb-tag \
      --metadata startup-script="#! /bin/bash
        sudo apt-get update
        sudo apt-get install apache2 -y
        sudo service apache2 restart
        echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html
        EOF"

    gcloud compute instances create www2 \
      --image-family debian-9 \
      --image-project debian-cloud \
      --zone us-central1-b \
      --tags network-lb-tag \
      --metadata startup-script="#! /bin/bash
        sudo apt-get update
        sudo apt-get install apache2 -y
        sudo service apache2 restart
        echo '<!doctype html><html><body><h1>www2</h1></body></html>' | tee /var/www/html/index.html
        EOF"

    gcloud compute instances create www3 \
      --image-family debian-9 \
      --image-project debian-cloud \
      --zone us-central1-b \
      --tags network-lb-tag \
      --metadata startup-script="#! /bin/bash
        sudo apt-get update
        sudo apt-get install apache2 -y
        sudo service apache2 restart
        echo '<!doctype html><html><body><h1>www3</h1></body></html>' | tee /var/www/html/index.html
        EOF"

Create a firewall rule to allow external traffic to these VM instances

Console


  1. Go to the Firewalls page in the Google Cloud Platform Console.
    Go to the Firewalls page
  2. Click Create firewall rule.
  3. Enter a Name of www-firewall-network-lb.
  4. Select the Network that the firewall rule applies to.
  5. In the Target tags field, enter network-lb-tag.
  6. Set the Source IP ranges to 0.0.0.0/0, which allows traffic from any source.
  7. Set Specified protocols and ports to tcp:80.
  8. Click Create. It may take a moment for the Console to display the new firewall rule, or you might have to click Refresh to see the rule.

gcloud


gcloud compute firewall-rules create www-firewall-network-lb \
    --target-tags network-lb-tag --allow tcp:80

Get the external IP addresses of your instances and verify that they are running

Console


  1. Go to the VM instances page in the Google Cloud Platform Console.
    Go to the VM instances page
  2. View the addresses for your instances in the External IP column.
  3. Verify that your instances are running by looking for a green checkmark to the left of the instance name. If you don't see a green checkmark, refer to the General Troubleshooting page for instances.

gcloud


  1. List your instances to get their IP addresses from the EXTERNAL_IP column.

    gcloud compute instances list
    

  2. Verify that each instance is running.

    At the command line, run curl using the external IP address of each instance to confirm that all of the instances respond.

    curl http://[IP_ADDRESS]
    

Configure the load balancing service

Next, set up the load balancing service.

When you configure the load balancing service, your virtual machine instances will receive packets that are destined for the static external IP address you configure. If you are using an image provided by Compute Engine, your instances are automatically configured to handle this IP address. If you are using any other image, you will have to configure this address as an alias on eth0 or as a loopback on each instance

Console


  1. Go to the Create a load balancer page in the Google Cloud Platform Console.
    Go to the Create a load balancer page
  2. Under TCP load balancing, click the Start configuration button. You can also configure UDP load balancing instead of TCP load balancing by selecting UDP load balancing on the Create a load balancer screen. You then complete similar steps to set up the load balancer.
    1. For Internet facing or internal only, select From Internet to my VMs.
    2. For Multiple regions or single region, select Single region only.
    3. For Connection termination, select No (TCP).
    4. Click the Continue button.
  3. On the New TCP load balancer screen, enter a Name of www-network-lb for the new load balancer.
  4. Click Backend configuration
  5. In the Backend configuration screen:
    1. The load balancer Name you entered previous appears, but is not modifiable.
    2. For Region select us-central1.
    3. Under Backends, click the Select existing instances tab and click Add an instance. Enter instance www1. Repeat this step for instances www2 and www3.
    4. Under Health check, click Create a new health check or Create another health check:
      1. Enter basic-check as the Name of the health check.
      2. Skip the rest of the default settings.
      3. Click the Save and continue button.
    5. A blue circle with a checkmark to the left of Backend configuration indicates a correct set-up.
  6. Click Frontend configuration.
    1. Enter a Name of www-rule.
    2. Under IP, click the drop-down menu and select Create IP address.
      1. On the Reserve static IP address screen, assign a Name of lb-ip-1.
      2. Click Reserve.
    3. Enter a Port of 80.
    4. Click the Done button.
    5. A blue circle with a checkmark to the left of Frontend configuration indicates a correct set-up.
  7. Click the Review and finalize button to check all of your configuration settings for the load balancer.
  8. If the settings are correct, click Create. It takes a few minutes for the load balancer to be created.
  9. On the load balancing screen, under the Backend column for your new load balancer, you should see a green checkmark showing that the new load balancer is healthy.

gcloud


  1. Create a static external IP address for your load balancer

    gcloud compute addresses create network-lb-ip-1 \
        --region us-central1
    

  2. Add a legacy HTTP health check resource

    This example uses the default settings for the health check mechanism, but you can also customize this on your own.

    gcloud compute http-health-checks create basic-check
    

  3. Add a target pool

    Add a target pool in the same region as your virtual machine instances. Use the health check created in the prior step for this target pool. Target pools require a health check service in order to function.

    gcloud compute target-pools create www-pool \
        --region us-central1 --http-health-check basic-check
    

  4. Add your instances to the target pool

    gcloud compute target-pools add-instances www-pool \
        --instances www1,www2,www3 \
        --instances-zone us-central1-b
    

    Instances within a target pool must belong to the same region but can be spread out across different zones in the same region. For example, you can have instances in zone us-central1-f and instances in zone us-central1-b in one target pool because they are in the same region, us-central1.

  5. Add a forwarding rule

    Add a forwarding rule serving on behalf of an external IP and port range that points to your target pool. For the --address field, use either the numeric IP address or its fully qualified name.

    gcloud compute forwarding-rules create www-rule \
        --region us-central1 \
        --ports 80 \
        --address network-lb-ip-1 \
        --target-pool www-pool
    

Send traffic to your instances

Now that the load balancing service is configured, you can start sending traffic to the forwarding rule and watch the traffic be dispersed to different instances.

Look up the forwarding rule's external IP address

Console

  1. Go to the Forwarding Rules tab on the Advanced load balancing page in the Google Cloud Platform Console.
    Go to the Forwarding Rules tab
  2. Locate www-rule, the forwarding rule used by the load balancer.
  3. In the IP Address column for www-rule, note the external IP address listed.

gcloud

Enter the following command to view the external IP address www-rule, the forwarding rule used by the load balancer.

gcloud compute forwarding-rules describe www-rule --region us-central1

Use the curl command to access the external IP address

The response from the curl command will alternate randomly among the three instances. If your response is initially unsuccessful, you might need to wait approximately 30 seconds for the configuration to be fully loaded and for your instances to be marked healthy before trying again:

$ while true; do curl -m1 [IP_ADDRESS]; done

What's next

See Network Load Balancing Concepts for information on how Network Load Balancing works.

Was this page helpful? Let us know how we did:

Send feedback about...

Load Balancing