Quotas and limits

Stay organized with collections Save and categorize content based on your preferences.

This document lists the quotas and limits that apply to Cloud Load Balancing.

To change a quota, see requesting additional quota.

A quota restricts how much of a particular shared Google Cloud resource your Cloud project can use, including hardware, software, and network components.

Quotas are part of a system that does the following:

  • Monitors your use or consumption of Google Cloud products and services.
  • Restricts your consumption of those resources for reasons including ensuring fairness and reducing spikes in usage.
  • Maintains configurations that automatically enforce prescribed restrictions.
  • Provides a means to make or request changes to the quota.

When a quota is exceeded, in most cases, the system immediately blocks access to the relevant Google resource, and the task that you're trying to perform fails. In most cases, quotas apply to each Cloud project and are shared across all applications and IP addresses that use that Cloud project.

There are also limits on Cloud Load Balancing resources. These limits are unrelated to the quota system. Limits cannot be changed unless otherwise stated.

Forwarding rules

Item Quotas and limits Notes
Forwarding rules Quota

This quota is for forwarding rules for the global external HTTP(S) load balancer (classic), external SSL proxy load balancers, external TCP proxy load balancers, and Classic VPN gateways.

For forwarding rule use cases other than these, see the following rows.

Global external HTTP(S) load balancer forwarding rules Quota

The maximum number of Global external HTTP(S) load balancer forwarding rules that you can create in your project.

Quota name: GLOBAL_EXTERNAL_MANAGED_FORWARDING_RULES

Regional external HTTP(S) load balancer forwarding rules Quota

The maximum number of regional external HTTP(S) load balancer forwarding rules that you can create in each region in your project.

Quota name: EXTERNAL_MANAGED_FORWARDING_RULES

External TCP/UDP Network Load Balancing forwarding rules Quota Forwarding rules for use by external TCP/UDP network load balancers (both backend service and target pool architectures).
External protocol forwarding rules Quota Forwarding rules for external protocol forwarding to target instances.
Traffic Director forwarding rules Quota Forwarding rules for Traffic Director.
Internal TCP/UDP Load Balancing forwarding rules per VPC network Quota

The maximum number of forwarding rules for Internal TCP/UDP Load Balancing.

This quota applies to the total number of forwarding rules for Internal TCP/UDP Load Balancing; it does not apply to each region individually.

Quota name:
INTERNAL_FORWARDING_RULES_PER_NETWORK

For more information, see VPC per network quotas.

Forwarding rules for internal protocol forwarding Quota

The maximum number of forwarding rules for internal protocol forwarding.

This limit applies to the total number of forwarding rules for internal protocol forwarding; it does not apply to each region individually.

Quota name:
INTERNAL_FORWARDING_RULES_WITH_TARGET_INSTANCE_PER_NETWORK

For more information, see VPC per network quotas.

Forwarding rules per VPC network for internal HTTP(S) load balancers and internal regional TCP proxy load balancers Quota

The maximum number of forwarding rules for internal HTTP(S) load balancers and internal regional TCP proxy load balancers.

This quota applies to the total number of forwarding rules for internal HTTP(S) load balancers and internal regional TCP proxy load balancers; it does not apply to each region individually.

Quota name:
INTERNAL_MANAGED_FORWARDING_RULES_PER_NETWORK

For more information, see VPC per network quotas.

Maximum number of internal forwarding rules that can share a single internal IP address 10 This limit is only applicable to internal TCP/UDP load balancers. This limit cannot be increased.
Number of discrete ports per forwarding rule for internal TCP/UDP load balancers and backend service-based network load balancers 5

This limit cannot be increased; however, alternative port specification options are possible:

  • You can specify a single range of contiguous ports on forwarding rules for backend service-based network load balancers and target pool-based network load balancers. The range can include more than five ports.
  • You can specify all ports on forwarding rules for backend service-based network load balancers and internal TCP/UDP load balancers.
Number of forwarding rules that can reference the same backend service for a pass-through load balancer No separate limit Subject to other quotas and limits, multiple forwarding rules can reference the same backend service for a pass-through load balancer.
Number of pass-through load balancer backend services that can be referenced by a single forwarding rule 1 Forwarding rules for pass-through load balancers must reference exactly one backend service.

Target pools and target proxies

Item Quotas and limits Notes
Target pools Quota This quota is per project.
Target HTTP proxies Quota This quota is per project.
Target HTTPS proxies Quota This quota is per project.
Target SSL proxies Quota This quota is per project.
Target TCP proxies Quota This quota is per project.
SSL policies per target HTTPS or target SSL proxy 1 This limit cannot be increased.
SSL certificates per target HTTPS or target SSL proxy 15 This limit cannot be increased.

Health checks

Item Quotas and limits Notes
Health checks Quota This is a per-project quota covering all health check types (global, regional, and legacy).

SSL certificates

Item Quotas and limits Notes
SSL certificates Quota This quota is per project.
Supported key lengths for private keys 2048 bit RSA (RSA-2048)
256 bit ECDSA (ECDSA P-256)
These limits cannot be increased.
Multiple domains per Google-managed SSL certificate 100 This limit cannot be increased.
Domain name length for Google-managed certificates 64 bytes This limit cannot be increased.

This length limit only applies to Google-managed SSL certificates. In those certificates, the 64-byte limit only applies to the first domain in the certificate. The length limit for the other domains in the certificate is 253 (which applies to any domain name on the internet, and isn't specific to Google-managed certificates.

URL maps

The limits documented here cannot be increased.

Item External HTTP(S) Load Balancing Internal HTTP(S) Load Balancing
URL maps Quota

This quota is per project.

Quota

This quota is per project.

Host rules, path matchers per URL map Limit: 1000 Limit: 2000
Path rules or route rules per path matcher Limit: 1000 Limit: 200
Hosts per host rule Limit: 1000 Limit: 1000
Predicates per path matcher Limit: 1000 Limit: 1000
Number of distinct backend services or backend buckets that can be referenced by a URL map Limit: 2500 Limit: 2500

Other limits relevant to cross-project service referencing:

  • A URL map can reference backend services in a maximum of 100 distinct projects.
  • URL maps from a maximum of 10 distinct projects can reference a particular backend service.
Size of URL maps Limit: 64 KB Limit: 128 KB
Number of URL map tests Limit: 10000 N/A

Internal HTTP(S) Load Balancing does not support URL map tests.

This is a limit on the count of match conditions across all rules in the path matcher. For path matchers with path rules, this is the total number of paths across all path rules. For path matchers with route rules, the prefix count is calculated by adding the following:

  • 1 for the path match condition (one of prefixMatch or fullPathMatch)
  • the sum of header matches in all route rules of the path matcher
  • the sum of query parameter matches in all route rules of the path matcher

For example, for a path matcher with the following route rules:

  • Route rule A having one prefixMatch and three header matches
  • Route rule B having one fullPathMatch and two query parameter matches

The total count of predicates for this path matcher would be 7. This is calculated as follows: 1 (for the prefixMatch) + 3 (for the number of header matches) + 1 (for the fullPathMatch) + 2 (for the number of query parameter matches).

Backend buckets

Item Quotas and limits Notes
Backend buckets Quota This quota is per project.

Backend services

Item Quotas and limits Notes
Backend services Quota This quota includes all backend services (INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, EXTERNAL, and EXTERNAL_MANAGED) in your project.
Backend services per external TCP proxy load balancer, external SSL proxy load balancer, internal TCP/UDP load balancer, and backend service-based network load balancer. 1 This limit cannot be increased.
Maximum number of VM instances for the backend service of an internal TCP/UDP load balancer

This maximum applies to the number of total instances in the active pool if you have configured failover.

Without backend subsetting: 250

With backend subsetting enabled: 2000

These limits cannot be increased.
They apply regardless of how the instances are grouped into instance groups or GCE_VM_IP NEGs. For example, if you add five instance groups, each with 60 VM instances, to the same internal TCP/UDP load balancer backend service, the load balancer will only distribute packets to 250 of the 300 (5 × 60) instances when backend subsetting is turned off.

Named ports per backend service of a proxy load balancer 1 This limit cannot be increased.
Named ports per backend service of a pass-through load balancer 0 This limit cannot be increased. The portName field on the backend service is ignored for pass-through load balancers.
Maximum distinct projects containing URL maps that can reference a particular backend service (limit relevant to cross-project service referencing) 10 URL maps from a maximum of 10 distinct projects can reference a particular backend service. This limit cannot be increased. This limit applies independently to each backend service.

Backends

Item Quotas and limits Notes
Instance groups Quota This quota is per project.
NEGs per project Quota This quota is per project.
Maximum number of instance group backends, GCE_VM_IP_PORT NEG backends, or GCE_VM_IP NEG backends per backend service 50

This limit is not configurable.

Support for GCE_VM_IP_PORT and GCE_VM_IP NEG backends varies by load balancing product.

If you've configured failover for backend service-based network load balancers or if you've configured failover for internal TCP/UDP load balancers, you can configure up to 50 primary and 50 backup instance groups or GCE_VM_IP NEGs per backend service.

Internal TCP/UDP load balancers also have a limit on the number of individual VM instances or endpoints to which a backend service can distribute packets. For details, see backend services quotas.

Endpoints per NEG

Item Quotas and limits Notes
Endpoints per GCE_VM_IP_PORT zonal NEG 10,000 This limit cannot be increased.
Endpoints per GCE_VM_IP zonal NEG 10,000 This limit cannot be increased.
Endpoints per internet NEG 1 This limit cannot be increased.
Endpoints per serverless NEG 1 This limit cannot be increased.
Endpoints per hybrid connectivity NEG 10,000 This limit cannot be increased.

VMs per instance group

The number of backend VMs that can be serviced by a single load balancer might be less than the number of VMs that an instance group can support. The maximum number of load-balanced VMs per instance group depends on the number of ports specified in each named port that the instance group exports.

The upper limit of load-balanced VMs per instance group cannot exceed 2,000 for regional managed instance groups, and cannot exceed 1,000 for zonal managed or zonal unmanaged instance groups.

Item Quotas and limits Notes
Maximum number of VMs per regional managed instance group connected to a pass-through load balancer's backend service 2,000 Internal TCP/UDP load balancers also have a limit on the number of individual VM instances or endpoints to which a backend service can distribute packets. For details, see backend services quotas.
Maximum number of VMs per zonal managed instance group or per zonal unmanaged instance group connected to a pass-through load balancer's backend service 1,000 Internal TCP/UDP load balancers also have a limit on the number of individual VM instances or endpoints to which a backend service can distribute packets. For details, see backend services quotas.
Maximum number of VMs per regional managed instance group connected to a proxy load balancer's backend service Depends on the number of ports specified in the named port for the instance group. It is the smaller of these two:
A: 2,000
B: 10,000 / (number of ports in the named port that contains the most port numbers)
Contact your Google Cloud sales team if you need to increase this limit.
Maximum number of VMs per zonal managed instance group or per zonal unmanaged instance group connected to a proxy load balancer's backend service Depends on the number of ports specified in the named port for the instance group. It is the smaller of these two:
A: 1,000
B: 10,000 / (number of ports in the named port that contains the most port numbers)
Contact your Google Cloud sales team if you need to increase this limit.

To calculate the maximum number of load-balanced VMs in an instance group backend:

  1. Determine maximum number of ports per named port.

    For example, if an instance group has the following named ports: http:80, api-gateway:8080, and api-gateway:8090, then there is one port number for the http name and two port numbers for the api-gateway name. Therefore, in this example the maximum number of ports per named port is two.

  2. Divide 10,000 by the maximum number of ports per named port and discard the remainder. For example, 10,000 / 2 = 5,000.

  3. Compare the number calculated in the previous step with the upper limit of load-balanced VMs per instance group: 2,000 for regional groups, 1,000 for zonal groups.

    If the number calculated in the previous step is less than or equal to the upper limit, then the maximum number of load-balanced VMs per instance group is the number you calculated in the previous step. Otherwise, the maximum number of load-balanced VMs per instance group is the upper limit (2,000 for regional groups or 1,000 for zonal groups).

Queries per second for HTTP(S) Load Balancing

Item Quotas and limits Notes
Queries per second (QPS) per backend instance group or NEG for external HTTP(S) Load Balancing Configurable when using RATE for the balancing mode. Limited by your backends.
Queries per second (QPS) per region per network for Internal HTTP(S) Load Balancing For Internal HTTP(S) Load Balancing, the maximum QPS load depends on the size of the requests and the complexity of the configuration. If load exceeds capacity, latency increases and requests might be dropped. Contact your Google Cloud sales team if you need to increase this limit.

Header size for HTTP(S) Load Balancing

Item Quotas and limits Notes
Maximum client request header size for external HTTP(S) Load Balancing 64 KB (kilobytes) This limit cannot be increased.
The combined size of the request URL and request header must be less than or equal to 64 KB.
Maximum backend response header size for external HTTP(S) Load Balancing About 128 KB (kilobytes) This limit cannot be increased.
Maximum backend request header size for Internal HTTP(S) Load Balancing 60 KB (kilobytes) This limit cannot be increased.
Lowercase conversion of HTTP request and response headers Always, except for Global external HTTP(S) load balancer (classic) when using HTTP/1.1 As examples, Host becomes host, and Keep-ALIVE becomes keep-alive.
Maximum number of configured custom request headers for each backend service 16 This limit cannot be increased.
Maximum number of configured custom response headers for each backend service 16 This limit cannot be increased.
Total size of all custom request headers per backend service (name and value combined, before variable expansion) 8 KB This limit cannot be increased.
Total size of all custom response headers per backend service (name and value combined, before variable expansion) 8 KB This limit cannot be increased.

Managing quotas

Cloud Load Balancing enforces quotas on resource usage for various reasons. For example, quotas protect the community of Google Cloud users by preventing unforeseen spikes in usage. Quotas also help users who are exploring Google Cloud with the free tier to stay within their trial.

All projects start with the same quotas, which you can change by requesting additional quota. Some quotas may increase automatically based on your use of a product.

Permissions

To view quotas or request quota increases, Identity and Access Management (IAM) principals need one of the following roles.

Task Required role
Check quotas for a project One of the following:
Modify quotas, request additional quota One of the following:

Checking your quota

Console

  1. In the Google Cloud console, go to the Quotas page.

    Go to Quotas

  2. To search for the quota that you want to update, use the Filter table. If you don't know the name of the quota, use the links on this page instead.

gcloud

Using the Google Cloud CLI, run the following command to check your quotas. Replace PROJECT_ID with your own project ID.

      gcloud compute project-info describe --project PROJECT_ID
    

To check your used quota in a region, run the following command:

      gcloud compute regions describe example-region
    

Errors when exceeding your quota

If you exceed a quota with a gcloud command, gcloud outputs a quota exceeded error message and returns with the exit code 1.

If you exceed a quota with an API request, Google Cloud returns the following HTTP status code: HTTP 413 Request Entity Too Large.

Requesting additional quota

To increase or decrease most quotas, use the Google Cloud console. For more information, see Requesting a higher quota.

Console

  1. In the Google Cloud console, go to the Quotas page.

    Go to Quotas

  2. On the Quotas page, select the quotas that you want to change.
  3. At the top of the page, click Edit quotas.
  4. Fill out your name, email, and phone number, and then click Next.
  5. Fill in your quota request, and then click Done.
  6. Submit your request. Quota requests take 24 to 48 hours to process.

Resource availability

Each quota represents a maximum number for a particular type of resource that you can create, if that resource is available. It's important to note that quotas do not guarantee resource availability. Even if you have available quota, you can't create a new resource if it is not available.

For example, you might have sufficient quota to create a new regional, external IP address in the us-central1 region. However, that is not possible if there are no available external IP addresses in that region. Zonal resource availability can also affect your ability to create a new resource.

Situations where resources are unavailable in an entire region are rare. However, resources within a zone can be depleted from time to time, typically without impact to the service level agreement (SLA) for the type of resource. For more information, review the relevant SLA for the resource.