Using forwarding rules

A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. For a general understanding of forwarding rules, see Forwarding rule concepts.

Before you begin

Before adding a forwarding rule, reserve an IP address for your forwarding rule. This isn't a requirement, but it is a best practice.

For internal load balancers, reserve a static internal IP address.

For external load balancers, reserve a static external IP address.

Permissions

To follow this guide, you should have the necessary permissions.

For more information, see the following guides:

Adding a forwarding rule

Console

Create the load balancer's forwarding rule

  1. Go to the Load balancing page in the Google Cloud Console.
    Go to the Load balancing page
  2. Click Create load balancer.
  3. Select a load balancer type, including the traffic type and whether the load balancer faces the Internet or is internal only.
  4. Click Continue.
  5. Click Frontend configuration. In the New Frontend IP and port section, make the following changes:

    1. Name: FORWARDING_RULE_NAME
    2. Subnetwork: SUBNET_OF_YOUR_RESERVED_IP_ADDRESS
    3. From Internal IP or from IP Address, select your pre-reserved IP address.

      Optionally, you can reserve an IP address now in this UI, or you can use an ephemeral IP address.

    4. Select the protocol, port numbers, and IP version.

      Only some load balancer types support IPv6.

    5. Verify that there is a blue check mark next to Frontend configuration before continuing. Review this step if not.

  6. Click Review and finalize. Double-check your settings.

  7. Click Create.

gcloud

Create a forwarding rule for the backend service. When you create the forwarding rule, specify your reserved IP address in the subnet.

gcloud compute forwarding-rules create FORWARDING_RULE_NAME \
    --global | --region=REGION \
    --load-balancing-scheme=SCHEME \
    --network=NETWORK_NAME \
    --subnet=SUBNET_NAME \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=NAME_OF_BACKEND_SERVICE \
    --backend-service-region=REGION_OF_BACKEND_SERVICE

api

For a regional load balancer, create a regional forwarding rule by making a POST request to the forwardingRules.insert method.

POST https://compute.googleapis.com/compute/v1/projects/[project ID]/regions/us-west1/forwardingRules
{
  "name": "[forwarding rule name]",
  "IPAddress": "[reserved IP address]",
  "IPProtocol": "[protocol type]",
  "ports": [
    "[port number]"
  ],
  "loadBalancingScheme": "[scheme]",
  "subnetwork": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/subnetworks/[subnet name]",
  "network": "https://www.googleapis.com/compute/v1/projects/[project ID]/global/networks/[network name]",
  "backendService": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/backendServices/[backend service name]",
  "networkTier": "PREMIUM | STANDARD"
}
</code></pre>

For a global load balancer, create a global forwarding rule by making a POST request to the globalForwardingRules.insert method.

POST https://compute.googleapis.com/compute/v1/projects/[project ID]/global/forwardingRules
{
  "name": "[forwarding rule name]",
  "IPAddress": "[reserved IP address]",
  "IPProtocol": "[protocol type]",
  "ports": [
    "[port number]"
  ],
  "loadBalancingScheme": "[scheme]",
  "subnetwork": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/subnetworks/[subnet name]
  "network": "https://www.googleapis.com/compute/v1/projects/[project ID]/global/networks/[network name]",
  "backendService": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/backendServices/[backend service name]
  "networkTier": "PREMIUM | STANDARD"
}

Deleting a forwarding rule

You might want to delete a forwarding rule for one of the following reasons:

  • To replace it with a new forwarding rule
  • To stop a load balancer for a limited time, without deleting the load balancer entirely.

These are two of the reasons you might need to stop a load balancer without deleting it:

  • To temporarily suspend charges for the load balancer
  • To temporarily pause incoming requests to your backends

If the forwarding rule points to a reserved IP address (as recommended), you can delete the forwarding rule to stop a load balancer. This stops traffic to the forwarding rule destination.

To delete a global forwarding rule:

gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \
    --global

To delete a regional forwarding rule:

gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \
    --region=REGION

To restart the load balancer, re-create the forwarding rule and keep the same IP address, as described in Adding a forwarding rule.

Configuring a forwarding rule with Service Directory

You can register internal load balancer forwarding rules with Service Directory.

When you configure your internal TCP/UDP load balancer or internal HTTP(S) load balancer, you can register it as an endpoint in an existing Service Directory namespace and service of your choice. Client applications can then use Service Directory using HTTP, gRPC, and/or DNS (if you have created a Service Directory DNS zone) to resolve the address of the internal load balancer service and connect to it directly.

Registering an internal TCP/UDP load balancer

To register an internal TCP/UDP load balancer, follow these steps.

gcloud

Run the gcloud compute forwarding-rules create command and set the service-directory-registrations flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=INTERNAL \
    --network=NETWORK_NAME \
    --subnet=SUBNET_NAME \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=BACKEND_SERVICE_NAME \
    --backend-service-region=REGION
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

  • FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
  • REGION: the region to create the forwarding rule in
  • NETWORK_NAME: the network that this forwarding rule applies to
  • SUBNET_NAME: the subnetwork that this forwarding rule applies to
  • RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
  • PROTOCOL_TYPE: the IP protocol that the rule will serve
  • PORT_NUMBER: a list of comma-separated ports
  • BACKEND_SERVICE_NAME: target backend service that receives the traffic
  • SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

Registering an internal HTTP(S) load balancer

To register an internal HTTP(S) load balancer, follow these steps.

gcloud

Run the gcloud compute forwarding-rules create command and set the service-directory-registrations flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --network=NETWORK_NAME \
    --address=RESERVED_IP_ADDRESS \
    --target-https-proxy=PROXY_NAME \
    --target-https-proxy-region=PROXY_REGION \
    --ports=PORT_NUMBER \
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

  • FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
  • REGION: the region to create the forwarding rule in
  • NETWORK_NAME: the network that this forwarding rule applies to
  • RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
  • PROXY_NAME: target proxy that receives the traffic
  • PROXY_REGION: region of the proxy to operate on
  • PORT_NUMBER: a list of comma-separated ports
  • SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

For detailed information about how to configure an internal load balancer with Service Directory, see Configuring an internal load balancer in Service Directory.

What's next