Using forwarding rules

A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. For a general understanding of forwarding rules, see Forwarding rule concepts.

Before you begin

Before adding a forwarding rule, reserve an IP address for your forwarding rule. This isn't a requirement, but it is a best practice.

For internal load balancers, reserve a static internal IP address.

For external load balancers, reserve a static external IP address.

Permissions

To follow this guide, you should have the necessary permissions.

For more information, see the following guides:

Adding a forwarding rule

Console

Create the load balancer's forwarding rule

Go to the Load balancing page in the Google Cloud Console.
Go to the Load balancing page
Click Create load balancer.
Select a load balancer type, including the traffic type and whether the load balancer faces the Internet or is internal only.
Click Continue.
Click Frontend configuration. In the New Frontend IP and port section, make the following changes:
1. Name: FORWARDING_RULE_NAME
2. Subnetwork: SUBNET_OF_YOUR_RESERVED_IP_ADDRESS
3. From Internal IP or from IP Address, select your pre-reserved IP address.
  
  Optionally, you can reserve an IP address now in this UI, or you can use an ephemeral IP address.
4. Select the protocol, port numbers, and IP version.
  
  Only some load balancer types support IPv6.
5. Verify that there is a blue check mark next to Frontend configuration before continuing. Review this step if not.
Click Review and finalize. Double-check your settings.
Click Create.

gcloud

Create a forwarding rule for the backend service. When you create the forwarding rule, specify your reserved IP address in the subnet.

gcloud compute forwarding-rules create FORWARDING_RULE_NAME \
    --global | --region=REGION \
    --load-balancing-scheme=SCHEME \
    --network=NETWORK_NAME \
    --subnet=SUBNET_NAME \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=NAME_OF_BACKEND_SERVICE \
    --backend-service-region=REGION_OF_BACKEND_SERVICE

api

For a regional load balancer, create a regional forwarding rule by making a POST request to the forwardingRules.insert method.

POST https://compute.googleapis.com/compute/v1/projects/[project ID]/regions/us-west1/forwardingRules
{
  "name": "[forwarding rule name]",
  "IPAddress": "[reserved IP address]",
  "IPProtocol": "[protocol type]",
  "ports": [
    "[port number]"
  ],
  "loadBalancingScheme": "[scheme]",
  "subnetwork": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/subnetworks/[subnet name]",
  "network": "https://www.googleapis.com/compute/v1/projects/[project ID]/global/networks/[network name]",
  "backendService": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/backendServices/[backend service name]",
  "networkTier": "PREMIUM | STANDARD"
}
</code></pre>

For a global load balancer, create a global forwarding rule by making a POST request to the globalForwardingRules.insert method.

POST https://compute.googleapis.com/compute/v1/projects/[project ID]/global/forwardingRules
{
  "name": "[forwarding rule name]",
  "IPAddress": "[reserved IP address]",
  "IPProtocol": "[protocol type]",
  "ports": [
    "[port number]"
  ],
  "loadBalancingScheme": "[scheme]",
  "subnetwork": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/subnetworks/[subnet name]
  "network": "https://www.googleapis.com/compute/v1/projects/[project ID]/global/networks/[network name]",
  "backendService": "https://www.googleapis.com/compute/v1/projects/[project ID]/regions/[region]/backendServices/[backend service name]
  "networkTier": "PREMIUM | STANDARD"
}

Deleting a forwarding rule

You might want to delete a forwarding rule for one of the following reasons:

To replace it with a new forwarding rule
To stop a load balancer for a limited time, without deleting the load balancer entirely.

These are two of the reasons you might need to stop a load balancer without deleting it:

To temporarily suspend charges for the load balancer
To temporarily pause incoming requests to your backends

If the forwarding rule points to a reserved IP address (as recommended), you can delete the forwarding rule to stop a load balancer. This stops traffic to the forwarding rule destination.

To delete a global forwarding rule:

gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \
    --global

To delete a regional forwarding rule:

gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \
    --region=REGION

To restart the load balancer, re-create the forwarding rule and keep the same IP address, as described in Adding a forwarding rule.

Configuring a forwarding rule with Service Directory

You can register load balancer forwarding rules with Service Directory.

When you configure your internal TCP/UDP load balancer, internal HTTP(S) load balancer, or network load balancer, you can register it as an endpoint in an existing Service Directory namespace and service of your choice. Client applications can then use Service Directory using HTTP, gRPC, and/or DNS (if you have created a Service Directory DNS zone) to resolve the address of the load balancer service and connect to it directly.

Registering an internal TCP/UDP load balancer

To register a network load balancer, run the gcloud compute forwarding-rules create command and set the service-directory-registration flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=EXTERNAL \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=BACKEND_SERVICE_NAME \
    --backend-service-region=REGION
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
REGION: the region to create the forwarding rule in
RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
PROTOCOL_TYPE: the IP protocol that the rule will serve
PORT_NUMBER: a list of comma-separated ports
BACKEND_SERVICE_NAME: target backend service that receives the traffic
SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

Registering an internal HTTP(S) load balancer

To register an internal HTTP(S) load balancer, run the gcloud compute forwarding-rules create command and set the service-directory-registration flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --network=NETWORK_NAME \
    --address=RESERVED_IP_ADDRESS \
    --target-https-proxy=PROXY_NAME \
    --target-https-proxy-region=PROXY_REGION \
    --ports=PORT_NUMBER \
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
REGION: the region to create the forwarding rule in
NETWORK_NAME: the network that this forwarding rule applies to
RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
PROXY_NAME: target proxy that receives the traffic
PROXY_REGION: region of the proxy to operate on
PORT_NUMBER: a list of comma-separated ports
SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

Registering an external TCP/UDP network load balancer

To register a network load balancer, run the gcloud compute forwarding-rules create command and set the service-directory-registration flag:

gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \
    --region=REGION \
    --load-balancing-scheme=EXTERNAL \
    --address=RESERVED_IP_ADDRESS \
    --ip-protocol=PROTOCOL_TYPE \
    --ports=PORT_NUMBER \
    --backend-service=BACKEND_SERVICE_NAME \
    --backend-service-region=REGION
    --service-directory-registration=SD_SERVICE_NAME

Replace the following:

FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
REGION: the region to create the forwarding rule in
RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
PROTOCOL_TYPE: the IP protocol that the rule will serve
PORT_NUMBER: a list of comma-separated ports
BACKEND_SERVICE_NAME: target backend service that receives the traffic
SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.

For detailed information about how to configure load balancers in Service Directory, see the following sections:

What's next

For information on backend services, see Using Backend Services.
For information on target proxies, see Using Target Proxies.
For information on target pools, see Using Target Pools.
For information on Network Service Tiers, see the Network Service Tiers documentation.