Using forwarding rules

A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. For a general understanding of forwarding rules, see Forwarding rule concepts.

Before you begin

Before adding a forwarding rule, reserve an IP address for your forwarding rule. This isn't a requirement, but it is a best practice.

For internal load balancers, reserve a static internal IP address.

For external load balancers, reserve a static external IP address.

Permissions

To follow this guide, you should have the necessary permissions.

For more information, see the following guides:

• Access control
• IAM Conditions

Creating a forwarding rule

You can create a forwarding rule when you're creating or updating a load balancer as shown in the following basic setup documentation:

• Set up a global external HTTP(S) load balancer
• Set up a global external HTTP(S) load balancer (classic)
• Set up a regional external HTTP(S) load balancer
• Set up an internal HTTP(S) load balancer
• Set up a TCP proxy load balancer
• Set up a SSL proxy load balancer
• Set up an external TCP/UDP network load balancer
• Set up an internal TCP/UDP load balancer

Deleting a forwarding rule

You might want to delete a forwarding rule for one of the following reasons:

• To replace it with a new forwarding rule
• To stop a load balancer for a limited time, without deleting the load balancer entirely.

These are two of the reasons you might need to stop a load balancer without deleting it:

• To temporarily suspend charges for the load balancer
• To temporarily pause incoming requests to your backends

If the forwarding rule points to a reserved IP address (as recommended), you can delete the forwarding rule to stop a load balancer. This stops traffic to the forwarding rule destination.

To delete a global forwarding rule:

gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \
    --global

To delete a regional forwarding rule:

gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \
    --region=REGION

To restart the load balancer, re-create the forwarding rule and keep the same IP address, as described in Adding a forwarding rule.

Configuring a forwarding rule with Service Directory

You can register load balancer forwarding rules with Service Directory.

When you configure your internal TCP/UDP load balancer, internal HTTP(S) load balancer, or network load balancer, you can register it as an endpoint in an existing Service Directory namespace and service of your choice. Client applications can then use Service Directory using HTTP, gRPC, and/or DNS (if you have created a Service Directory DNS zone) to resolve the address of the load balancer service and connect to it directly.

Registering an internal TCP/UDP load balancer

To register an internal TCP/UDP load balancer, run the gcloud compute forwarding-rules create command and set the service-directory-registration flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=INTERNAL \
    --network=NETWORK_NAME \
    --subnet=SUBNET_NAME \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=BACKEND_SERVICE_NAME \
    --backend-service-region=REGION \
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

• FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
• REGION: the region to create the forwarding rule in
• NETWORK_NAME: the network that this forwarding rule applies to
• SUBNET_NAME: the subnetwork that this forwarding rule applies to
• RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
• PROTOCOL_TYPE: the IP protocol that the rule will serve
• PORT_NUMBER: a list of comma-separated ports
• BACKEND_SERVICE_NAME: target backend service that receives the traffic
• SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

Registering an internal HTTP(S) load balancer

To register an internal HTTP(S) load balancer, run the gcloud compute forwarding-rules create command and set the service-directory-registration flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --network=NETWORK_NAME \
    --address=RESERVED_IP_ADDRESS \
    --target-https-proxy=PROXY_NAME \
    --target-https-proxy-region=PROXY_REGION \
    --ports=PORT_NUMBER \
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

• FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
• REGION: the region to create the forwarding rule in
• NETWORK_NAME: the network that this forwarding rule applies to
• RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
• PROXY_NAME: target proxy that receives the traffic
• PROXY_REGION: region of the proxy to operate on
• PORT_NUMBER: a list of comma-separated ports
• SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

Registering an external TCP/UDP network load balancer

To register a network load balancer, run the gcloud compute forwarding-rules create command and set the service-directory-registration flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=EXTERNAL \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=BACKEND_SERVICE_NAME \
    --backend-service-region=REGION \
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

• FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
• REGION: the region to create the forwarding rule in
• RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
• PROTOCOL_TYPE: the IP protocol that the rule will serve
• PORT_NUMBER: a list of comma-separated ports
• BACKEND_SERVICE_NAME: target backend service that receives the traffic
• SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

For detailed information about how to configure load balancers in Service Directory, see the following sections:

• Configure an internal load balancer in Service Directory
• Configure an external TCP/UDP load balancer in Service Directory

What's next

• For information on backend services, see Using Backend Services.
• For information on target proxies, see Using Target Proxies.
• For information on target pools, see Using Target Pools.
• For information on Network Service Tiers, see the Network Service Tiers documentation.