This document lists the quotas and limits that apply to Cloud Load Balancing.
To change a quota, see requesting additional quota.
A quota restricts how much of a particular shared Google Cloud resource your Cloud project can use, including hardware, software, and network components.
Quotas are part of a system that does the following:
- Monitors your use or consumption of Google Cloud products and services.
- Restricts your consumption of those resources for reasons including ensuring fairness and reducing spikes in usage.
- Maintains configurations that automatically enforce prescribed restrictions.
- Provides a means to make or request changes to the quota.
When a quota is exceeded, in most cases, the system immediately blocks access to the relevant Google resource, and the task that you're trying to perform fails. In most cases, quotas apply to each Cloud project and are shared across all applications and IP addresses that use that Cloud project.
Many products and services also have limits that are unrelated to the quota system. These are constraints, such as maximum file sizes or database schema limitations, which generally cannot be increased or decreased, unless otherwise stated.
Forwarding rules
| Item | Quotas and limits | Notes |
|---|---|---|
| Forwarding rules | Quota | This quota is only for forwarding rules for global external HTTP(S) load balancers, SSL proxy load balancers, TCP proxy load balancers, and Classic VPN gateways. For forwarding rule use cases other than these, see the following rows. |
| Regional external HTTP(S) load balancer forwarding rules | Quota | The maximum number of regional external HTTP(S) load balancer forwarding rules that you can create in each region in your project. Quota name: |
| External TCP/UDP Network Load Balancing forwarding rules | Quota | Forwarding rules for use by external TCP/UDP network load balancers (both backend service and target pool architectures). |
| External protocol forwarding rules | Quota | Forwarding rules for external protocol forwarding to target instances. |
| Traffic Director forwarding rules | Quota | Forwarding rules for Traffic Director. |
| Internal TCP/UDP Load Balancing forwarding rules per VPC network | Quota | The maximum number of forwarding rules for Internal TCP/UDP Load Balancing. This quota applies to the total number of forwarding rules for Internal TCP/UDP Load Balancing; it does not apply to each region individually. Quota name: For more information, see VPC per network quotas. |
| Forwarding rules for internal protocol forwarding | Quota | The maximum number of forwarding rules for internal protocol forwarding. This limit applies to the total number of forwarding rules for internal protocol forwarding; it does not apply to each region individually. Quota name: For more information, see VPC per network quotas. |
| Internal HTTP(S) Load Balancing forwarding rules per VPC network | Quota | The maximum number of forwarding rules for Internal HTTP(S) Load Balancing. This quota applies to the total number of forwarding rules for Internal HTTP(S) Load Balancing; it does not apply to each region individually. Quota name: For more information, see VPC per network quotas. |
| Maximum number of internal forwarding rules that can share a single internal IP address | 10 | This limit cannot be increased. |
| Ports per internal forwarding rule | 5, as a list or a range Unlimited with the ALL ports option
|
This limit cannot be increased. |
| Internal forwarding rules per internal backend service | No separate limit | Subject to other quotas and limits, multiple internal forwarding rules can reference the same internal backend service. |
Target pools and target proxies
| Item | Quotas and limits | Notes |
|---|---|---|
| Target pools | Quota | This quota is per project. |
| Target HTTP proxies | Quota | This quota is per project. |
| Target HTTPS proxies | Quota | This quota is per project. |
| Target SSL proxies | Quota | This quota is per project. |
| Target TCP proxies | Quota | This quota is per project. |
| SSL policies per target HTTPS or target SSL proxy | 1 | This limit cannot be increased. |
| SSL certificates per target HTTPS or target SSL proxy | 15 | This limit cannot be increased. |
Health checks
| Item | Quotas and limits | Notes |
|---|---|---|
| Health checks | Quota | This is a per-project quota covering all health check types (global, regional, and legacy). |
SSL certificates
| Item | Quotas and limits | Notes |
|---|---|---|
| SSL certificates | Quota | This quota is per project. |
| Supported key lengths for private keys | 2048 bit RSA (RSA-2048) 256 bit ECDSA (ECDSA P-256) |
These limits cannot be increased. |
| Multiple domains per Google-managed SSL certificate | 100 | This limit cannot be increased. |
| Domain name length for Google-managed certificates | 64 bytes | This limit cannot be increased. This length limit only applies to Google-managed SSL certificates. In those certificates, the 64-byte limit only applies to the first domain in the certificate. The length limit for the other domains in the certificate is 253 (which applies to any domain name on the internet, and isn't specific to Google-managed certificates. |
URL maps
The limits documented here cannot be increased.
| Item | External HTTP(S) Load Balancing | Internal HTTP(S) Load Balancing |
|---|---|---|
| URL maps | Quota
This quota is per project. |
Quota
This quota is per project. |
| Host rules, path matchers per URL map | Limit: 1000 | Limit: 2000 |
| Path rules or route rules per path matcher | Limit: 1000 | Limit: 200 |
| Hosts per host rule | Limit: 1000 | Limit: 1000 |
| Predicates per path matcher † | Limit: 1000 | Limit: 1000 |
| Number of distinct backend services or backend buckets referenced by the URL map | Limit: 2500 | Limit: 2500 |
| Size of URL maps | Limit: 64 KB | Limit: 128 KB |
| Number of URL map tests | Limit: 10000 | N/A
Internal HTTP(S) Load Balancing does not support URL map tests. |
† This is a limit on the count of match conditions across all rules in the path matcher. For path matchers with path rules, this is the total number of paths across all path rules. For path matchers with route rules, the prefix count is calculated by adding the following:
- 1 for the path match condition (one of prefixMatch or fullPathMatch)
- the sum of header matches in all route rules of the path matcher
- the sum of query parameter matches in all route rules of the path matcher
For example, for a path matcher with the following route rules:
- Route rule A having one prefixMatch and three header matches
- Route rule B having one fullPathMatch and two query parameter matches
The total count of predicates for this path matcher would be 7. This is calculated as follows: 1 (for the prefixMatch) + 3 (for the number of header matches) + 1 (for the fullPathMatch) + 2 (for the number of query parameter matches).
Backend buckets
| Item | Quotas and limits | Notes |
|---|---|---|
| Backend buckets | Quota | This quota is per project. |
Backend services
| Item | Quotas and limits | Notes |
|---|---|---|
| Backend services | Quota | This quota includes all backend services (INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, EXTERNAL, and EXTERNAL_MANAGED) in your project. |
| Backend services per TCP proxy load balancer, SSL proxy load balancer, or internal TCP/UDP load balancer | 1 | This limit cannot be increased. |
| Maximum number of VM instances per internal backend service Maximum number of VM instances in the active pool if you configured failover for an internal backend service |
Without subsetting enabled: 250, regardless of how the VMs are allocated among backends With subsetting enabled for instance groups: 2000 |
These limits cannot be increased. |
| Internal backend services per internal forwarding rule | 1 | This limit cannot be increased. |
| Named ports per external backend service | 1 | This limit cannot be increased. |
| Named ports per internal backend service | 0 | This limit cannot be increased. |
Backends
| Item | Quotas and limits | Notes |
|---|---|---|
| Instance groups | Quota | This quota is per project. |
| Instance group backends per internal backend service | 50 | This limit cannot be increased. Backend VMs for an internal TCP/UDP load balancer can be distributed among up to 50 instance groups if the total number of backend VMs is 250 or fewer. When using Failover for Internal TCP/UDP Load Balancing, you can configure up to 50 primary and 50 failover backends. |
| Instance group backends per external backend service | 50 | This limit cannot be increased. When using Failover for Network Load Balancing, you can configure up to 50 primary and 50 failover backends. |
| NEGs per project | Quota | Contact your Google Cloud sales team if you need to increase this limit. |
| NEG backends per external backend service | 50 | This limit cannot be increased. |
| NEG backends per internal backend service | 50 | This limit cannot be increased. |
Endpoints per NEG
| Item | Quotas and limits | Notes |
|---|---|---|
Endpoints per GCE_VM_IP_PORT zonal NEG |
10,000 | This limit cannot be increased. |
Endpoints per GCE_VM_IP zonal NEG |
10,000 | This limit cannot be increased. |
| Endpoints per internet NEG | 1 | This limit cannot be increased. |
| Endpoints per serverless NEG | 1 | This limit cannot be increased. |
| Endpoints per hybrid connectivity NEG | 10,000 | This limit cannot be increased. |
VMs per instance group
The number of backend VMs that can be serviced by a single load balancer might be less than the number of VMs that an instance group can support. The maximum number of load-balanced VMs per instance group depends on the number of ports specified in each named port that the instance group exports.
The upper limit of load-balanced VMs per instance group cannot exceed 2,000 for regional managed instance groups, and cannot exceed 1,000 for zonal managed or unmanaged instance groups.
| Item | Quotas and limits | Notes |
|---|---|---|
| VMs per regional managed instance group backend for an external backend service | Depends on the number of ports specified in the named port for the
instance group. It is the smaller of these two: A: 2,000 B: 10,000 / (number of ports in the named port that contains the most port numbers)† |
Contact your Google Cloud sales team if you need to increase this limit. |
| VMs per zonal (managed or unmanaged) instance group backend for an external backend service | Depends on the number of ports specified in the named port for the
instance group. It is the smaller of these two: A: 1,000 B: 10,000 / (number of ports in the named port that contains the most port numbers)† |
Contact your Google Cloud sales team if you need to increase this limit. |
| VMs per instance group backend for an internal backend service | No separate limit | Backend VMs for an internal TCP/UDP load balancer can be distributed among up to 50 instance groups if the total number of backend VMs is 250 or fewer. |
† To calculate the maximum number of load-balanced VMs in an instance group backend:
Determine maximum number of ports per named port.
For example, if an instance group has the following named ports:
http:80,api-gateway:8080, andapi-gateway:8090, then there is one port number for thehttpname and two port numbers for theapi-gatewayname. Therefore, in this example the maximum number of ports per named port is two.Divide 10,000 by the maximum number of ports per named port and discard the remainder. For example,
10,000 / 2 = 5,000.Compare the number calculated in the previous step with the upper limit of load-balanced VMs per instance group: 2,000 for regional groups, 1,000 for zonal groups.
If the number calculated in the previous step is less than or equal to the upper limit, then the maximum number of load-balanced VMs per instance group is the number you calculated in the previous step. Otherwise, the maximum number of load-balanced VMs per instance group is the upper limit (2,000 for regional groups or 1,000 for zonal groups).
Queries per second for HTTP(S) Load Balancing
| Item | Quotas and limits | Notes |
|---|---|---|
| Queries per second (QPS) per backend instance group or NEG for external HTTP(S) Load Balancing | Configurable when using RATE for the balancing mode. |
Limited by your backends. |
| Queries per second (QPS) per region per network for Internal HTTP(S) Load Balancing | For Internal HTTP(S) Load Balancing, the maximum QPS load depends on the size of the requests and the complexity of the configuration. If load exceeds capacity, latency increases and requests might be dropped. | Contact your Google Cloud sales team if you need to increase this limit. |
Header size for HTTP(S) Load Balancing
| Item | Quotas and limits | Notes |
|---|---|---|
| Maximum client request header size for external HTTP(S) Load Balancing | 64 KB (kilobytes) | This limit cannot be increased. The combined size of the request URL and request header must be less than or equal to 64 KB. |
| Maximum backend response header size for external HTTP(S) Load Balancing | about 128 KB (kilobytes) | This limit cannot be increased. |
| Maximum backend request header size for Internal HTTP(S) Load Balancing | 60 KB (kilobytes) | This limit cannot be increased. |
| Lowercase conversion for headers for external HTTP(S) Load Balancing | For HTTP/1.1, no For HTTP/2, yes | When HTTP/2 is used with external HTTP(S) Load Balancing,
all headers are converted to lower-case. As examples, Host
becomes host, and Keep-ALIVE becomes
keep-alive. |
| Lowercase conversion for headers for Internal HTTP(S) Load Balancing | For HTTP/1.1, yes For HTTP/2, yes | For Internal HTTP(S) Load Balancing, regardless of the protocol used
all headers are converted to lower-case. As examples, Host
becomes host, and Keep-ALIVE becomes
keep-alive. |
| Maximum number of configured custom request headers for each backend service | 16 | This limit cannot be increased. |
| Maximum number of configured custom response headers for each backend service | 16 | This limit cannot be increased. |
| Total size of all custom request headers per backend service (name and value combined, before variable expansion) | 8 KB | This limit cannot be increased. |
| Total size of all custom response headers per backend service (name and value combined, before variable expansion) | 8 KB | This limit cannot be increased. |
Managing quotas
Cloud Load Balancing enforces quotas on resource usage for various reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.
All projects start with the same quotas, which you can change by requesting additional quota. Some quotas may increase automatically based on your use of a product.
Permissions
To view quotas or request quota increases, Identity and Access Management (IAM) principals need one of the following roles.
| Task | Required role |
|---|---|
| Check quotas for a project | One of the following:
|
| Modify quotas, request additional quota | One of the following:
|
Checking your quota
Console
- In the Cloud Console, go to the Quotas page.
- To search for the quota that you want to update, use the Filter table. If you don't know the name of the quota, use the links on this page instead.
gcloud
Using the gcloud command-line tool, run the following command to
check your quotas. Replace PROJECT_ID with your own project ID.
gcloud compute project-info describe --project PROJECT_ID
To check your used quota in a region, run the following command:
gcloud compute regions describe example-region
Errors when exceeding your quota
If you exceed a quota with a gcloud command,
gcloud outputs a quota exceeded error
message and returns with the exit code 1.
If you exceed a quota with an API request, Google Cloud returns the
following HTTP status code: HTTP 413 Request Entity Too Large.
Requesting additional quota
To increase or decrease most quotas, use the Google Cloud Console. Some quotas can't be increased above their default values.
For more information, see the following sections of Working with quotas:
Console
- In the Cloud Console, go to the Quotas page.
- On the Quotas page, select the quotas that you want to change.
- At the top of the page, click Edit quotas.
- Fill out your name, email, and phone number, and then click Next.
- Fill in your quota request, and then click Done.
- Submit your request. Quota requests take 24 to 48 hours to process.
Resource availability
Each quota represents a maximum number for a particular type of resource that you can create, if that resource is available. It's important to note that quotas do not guarantee resource availability. Even if you have available quota, you can't create a new resource if it is not available.
For example, you might have sufficient quota to create a new regional, external IP address
in the us-central1 region. However, that is not possible if there are no
available external IP addresses in that region. Zonal resource
availability can also affect your ability to create a new resource.
Situations where resources are unavailable in an entire region are rare. However, resources within a zone can be depleted from time to time, typically without impact to the service level agreement (SLA) for the type of resource. For more information, review the relevant SLA for the resource.