The following sections describe quotas and limits for load balancers. To change a quota, request additional quota by using the Google Cloud Console. Limits generally cannot be increased unless specifically noted.
Quotas and limits
Forwarding rules
| Item | Quotas and limits | Notes |
|---|---|---|
| Forwarding rules per Google Cloud project | Quota | This quota represents the maximum number of forwarding rules in your project. The quota applies collectively to all forwarding rules, no matter how you're using them. This includes forwarding rules for protocol forwarding, Classic VPN gateways, and load balancing schemes (INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, and EXTERNAL). |
| Maximum number forwarding rules for: - Internal TCP/UDP Load Balancing - Internal HTTP(S) Load Balancing |
75 per network 175 per peering group |
For details about how these two limits apply, see VPC Network Peering limits. |
| Ports per internal forwarding rule | 5, as a list or a range Unlimited with the ALL ports option
|
This limit cannot be increased. |
| Internal forwarding rules per internal backend service | No separate limit | Subject to other quotas and limits, multiple internal forwarding rules can reference the same internal backend service. |
Target pools and target proxies
| Item | Quotas and limits | Notes |
|---|---|---|
| Target pools | Quota | This quota is per project. |
| Target HTTP proxies | Quota | This quota is per project. |
| Target HTTPS proxies | Quota | This quota is per project. |
| Target SSL proxies | Quota | This quota is per project. |
| Target TCP proxies | Quota | This quota is per project. |
| SSL policies per target HTTPS or target SSL proxy | 1 | This limit cannot be increased. |
| SSL certificates per target HTTPS or target SSL proxy | 15 | This limit cannot be increased. |
SSL certificates
| Item | Quotas and limits | Notes |
|---|---|---|
| SSL certificates | Quota | This quota is per project. |
| Supported key lengths for private keys | 2048 bit RSA (RSA-2048)256 bit ECDSA (ECDSA P-256) | These limits cannot be increased. |
| Multiple domains per Google-managed SSL certificate (BETA) | 100 | This limit cannot be increased. |
| Domain name length for Google-managed certificates | 64 bytes | This limit cannot be increased. This length limit only applies to Google-managed SSL certificates. In those certificates, the 64-byte limit only applies to the first domain in the certificate. The length limit for the other domains in the certificate is 253 (which applies to any domain name on the internet, and isn't specific to Google-managed certificates. |
URL maps
| Item | Quotas and limits | Notes |
|---|---|---|
| URL maps | Quota | This quota is per project. |
| Host rules per URL map | 50 | This limit cannot be increased. |
| Path matchers per URL map | 50 | This limit cannot be increased. |
| Path rules per path matcher | 50 | This limit cannot be increased. |
| Route rules per path matcher | 50 | This limit cannot be increased. |
| Match rules per route rule | 50 | This limit cannot be increased. |
| Header matches per match rule | 50 | This limit cannot be increased. |
| Query parameter matches per match rule | 50 | This limit cannot be increased. |
| Header actions per path matcher | 50 | This limit cannot be increased. |
| Backend services or backend buckets per path rule | 1 backend service or 1 backend bucket, not both | This limit cannot be increased. |
Backend buckets
| Item | Quotas and limits | Notes |
|---|---|---|
| Backend buckets | Quota | This quota is per project. |
Backend services
| Item | Quotas and limits | Notes |
|---|---|---|
| Backend services | Quota | This quota includes all backend services (INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, and EXTERNAL) in your project. |
| Backend services per TCP proxy load balancer, SSL proxy load balancer, or internal TCP/UDP load balancer | 1 | This limit cannot be increased. |
| Maximum number of VM instances per internal backend service Maximum number of VM instances in the active pool if you configured failover for an internal backend service |
250, regardless of how the VMs are allocated among instance groups | This limit cannot be increased. |
| Internal backend services per internal forwarding rule | 1 | This limit cannot be increased. |
| Named ports per external backend service | 1 | This limit cannot be increased. |
| Named ports per internal backend service | 0 | This limit cannot be increased. |
Backends
| Item | Quotas and limits | Notes |
|---|---|---|
| Instance groups | Quota | This quota is per project. |
| Instance group backends per internal backend service | 50 | This limit cannot be increased. Backend VMs for an internal TCP/UDP load balancer can be distributed among up to 50 instance groups if the total number of backend VMs is 250 or fewer. |
| Instance group backends per external backend service | 50 | This limit cannot be increased. |
| NEGs per project | 100 | Contact your Google Cloud sales team if you need to increase this limit. |
| NEG backends per external backend service | 50 | This limit cannot be increased. |
Endpoints per NEG
| Item | Quotas and limits | Notes |
|---|---|---|
| Endpoints per NEG | 10,000 | This limit cannot be increased. |
VMs per instance group
| Item | Quotas and limits | Notes |
|---|---|---|
| VMs per regional instance group backend for an external backend service | Depends on the number of ports specified in the named port for the
instance group. It is the smaller of these two: A: 2,000 B: VMs * (number of ports in the named port that contains the most port numbers) <= 10,000 |
Contact your Google Cloud sales team if you need to increase this limit. |
| VMs per zonal instance group backend for an external backend service | Depends on the number of ports specified in the named port for the
instance group. It is the smaller of these two: A: 1,000 B: VMs * (number of ports in the named port that contains the most port numbers) <= 10,000 |
Contact your Google Cloud sales team if you need to increase this limit. |
| VMs per instance group when the instance group is a backend for an internal backend service | No separate limit | Backend VMs for an internal TCP/UDP load balancer can be distributed among up to 50 instance groups if the total number of backend VMs is 250 or fewer. |
Queries per second for HTTP(S) Load Balancing
| Item | Quotas and limits | Notes |
|---|---|---|
| Queries per second (QPS) per backend instance group or NEG for external HTTP(S) Load Balancing | Configurable when using RATE for the balancing mode. |
Limited by your backends. |
| Queries per second (QPS) per region per network for Internal HTTP(S) Load Balancing | For Internal HTTP(S) Load Balancing, the maximum QPS load depends on the size of the requests and the complexity of the configuration. If load exceeds capacity, latency increases and requests might be dropped. | Contact your Google Cloud sales team if you need to increase this limit. |
Header size for HTTP(S) Load Balancing
| Item | Quotas and limits | Notes |
|---|---|---|
| Maximum request header size for external HTTP(S) Load Balancing | about 15KB (kilobytes) | This limit cannot be increased. The combined size of the request URL and request header is limited to 16KB. |
| Maximum response header size for external HTTP(S) Load Balancing | about 128KB (kilobytes) | This limit cannot be increased. |
| Maximum request header size for Internal HTTP(S) Load Balancing | 60KB (kilobytes) | This limit cannot be increased. |
| Lowercase conversion for headers | always, for Internal HTTP(S) Load Balancing | Internal HTTP(S) Load Balancing follows HTTP/2 conventions for letter
case of request and response headers. Regardless of the protocol used, all
headers are converted to lower-case. As examples, Host
becomes host, and Keep-ALIVE becomes
keep-alive. External HTTP(S) Load Balancing does not change
the letter case of request and response headers. |
Proxy instances for Internal HTTP(S) Load Balancing
| Item | Quotas and limits | Notes |
|---|---|---|
| Proxy instances per network | 30 | This quota represents the maximum number of Envoy proxy instances that
are automatically allocated to your network. Contact your Google Cloud sales team if you need to increase this limit. |
Overview
Cloud Load Balancing enforces quotas on resource usage for a variety of reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.
All projects start with the same quotas, which you can change by requesting additional quota. Some quotas may increase automatically, based on your use of a product.
Permissions
To view quotas or request quota increases, IAM members need one of the following roles.
| Task | Required Role |
|---|---|
| Check quotas for a project | Project owner or editor or Quota Viewer |
| Modify quotas, request additional quota | Project
owner or editor,
Quota Admin,
or custom role with the serviceusage.quotas.update permission
|
Checking your quota
In the Cloud Console, go to the Quotas page.
Using the gcloud command-line tool, run the following command to
check your quotas. Replace [PROJECT_ID] with your own project ID.
gcloud compute project-info describe --project [PROJECT_ID]
To check your used quota in a region, run:
gcloud compute regions describe example-region
Errors when exceeding your quota
If you exceed a quota with a gcloud command,
gcloud outputs a quota exceeded error
message and returns with the exit code 1.
If you exceed a quota with an API request, Google Cloud returns the
following HTTP status code: HTTP 413 Request Entity Too Large.
Requesting additional quota
Request additional quota from the Quotas page in the Cloud Console. Quota requests take 24 to 48 hours to process.
- Go to the Quotas page.
- In the Quotas page, select the quotas you want to change.
- Click the Edit Quotas button at the top of the page.
- Fill out your name, email, and phone number and click Next.
- Fill in your quota request and click Next.
- Submit your request.
Resource availability
Each quota represents a maximum number for a particular type of resource that you can create,
provided that resource is available. It's important to note that quotas do not
guarantee resource availability. Even if you have available quota, you won't be able to create
a new resource if it is not available. For example, you might have sufficient quota to
create new regional, external IP address in the us-central1 region, but that would
not be possible if there were no available external IP addresses in that region. Zonal resource
availability can also affect your ability to create a new resource.
Situations where resources are unavailable in an entire region are rare; however, resources within a zone can be depleted from time to time, typically without impact to the SLA for the type of resource. For more information, review the relevant Service Level Agreement (SLA) for the resource.