Google Cloud Platform (GCP) Network Service Tiers allow you to optimize connectivity between systems on the Internet and the external IP addresses for GCP VM instances, including Google Kubernetes Engine nodes, and GCP load balancers.
Use Premium Tier to optimize for performance, and Standard Tier to optimize for cost:
|Premium Tier||Standard Tier|
Egress pricing for each of the Network Service Tiers is different. See Network Service Tiers Pricing for details.
This diagram illustrates recommended use cases for Standard Tier and Premium Tier.
Network Service Tiers and GCP resources
This table describes how Network Service Tiers apply to GCP resources and what type of external IP address must be used. GCP has two types of external IP addresses:
A global external IP address is only available for HTTP(S), TCP Proxy, and SSL Proxy Load Balancing, and it is Premium Tier by definition. Global external IP addresses are publicly routable anycast IP addresses.
A regional external IP address is also a publicly routable IP address, but it's designated for use by GCP resources that fit within a single GCP region. Regional external IP addresses are Premium Tier by default; when used with eligible resources, a regional external IP can be Standard Tier.
|GCP resource||Premium Tier||Standard Tier|
|HTTP(S) Load Balancing
SSL Proxy Load Balancing
TCP Proxy Load Balancing
|Yes, requires a global external IP||Yes, requires a regional external IP|
|Network Load Balancing||Yes, requires a regional external IP||Yes, requires a regional external IP|
|Internal Load Balancing||Yes, always||No, internal IP addresses in a VPC network are always Premium Tier.|
including GKE node VMs
|Yes, requires a regional external IP||Yes, requires a regional external IP|
|Cloud VPN gateways||Yes, requires a regional external IP||Partially: When a Standard Tier regional external IP is selected for a Cloud VPN gateway, Standard Tier only applies to ingress traffic. Egress traffic is currently always considered to be Premium Tier.|
The following table illustrates how Network Service Tiers apply to Cloud Storage and Cloud CDN:
|GCP service||Premium Tier||Standard Tier|
|Cloud Storage||By default, access to Cloud Storage buckets is considered Premium Tier, whether or not the bucket is used as a backend for a HTTP(S) load balancer.||Standard Tier is an option only if you use a Cloud Storage
bucket a backend for a HTTP(S) load balancer.
|Cloud CDN||Cloud CDN is always Premium Tier.||You cannot use Standard Tier with Cloud CDN.|
Regions supporting Standard Tier
Standard Tier is available only to resources that use regional external IP addresses in the following GCP regions. To use Standard Tier for Cloud Storage buckets acting as backends for HTTP(S) Load Balancing, the HTTP(S) load balancer must use a regional external IP address in one of these regions and also select Standard Tier.
asia-east1(allowlist access only)
This table summarizes the differences in routing for each of the Network Service Tiers:
|Traffic||Premium Tier||Standard Tier|
|Ingress to GCP||Traffic from your users enters Google's network at a location nearest to them.||Traffic from your users enters Google's network through peering, ISP, or transit networks in the region where you have deployed your GCP resources.|
|Egress from GCP||cold potato routing
Egress traffic is sent through Google's network backbone, leaving at a global edge POP closest to your users.
|hot potato routing
Egress traffic is sent to the Internet via a peering or transit network local to the GCP region from which it originates.
Premium Tier delivers traffic from external systems to GCP resources using Google's low latency, highly reliable global network. This network consists of the most extensive private fiber network with over 100 points of presence (POPs) around the globe. This network is designed to tolerate multiple failures and disruptions while still delivering traffic.
Premium Tier supports both regional external IPs and global external IPs for VM instances and load balancers. All global external IP addresses must use Premium Tier. Applications that require high performance and availability, such as those that use HTTP(S), TCP Proxy, and SSL Proxy load balancers with backends in more than one region, require Premium Tier. Premium Tier is ideal for customers with users in multiple locations worldwide who need the best network performance and reliability.
With Premium Tier, incoming traffic from systems on the Internet enters Google's high performance network at the POP closest to the sending system. Within Google's network, traffic is routed from that POP to the VM in your VPC network or closest Cloud Storage bucket. Outbound traffic is sent through Google's network, exiting at the POP closest to its destination. This routing method minimizes congestion and maximizes performance by reducing the number of hops between end users and the POPs closest to them.
Standard Tier delivers traffic from external systems to GCP resources by routing it over the Internet. It leverages the double redundancy of Google's network only up to the point where Google's data center connects to a peering metro. Packets that leave Google’s network are delivered using a transit provider, and are subject to the reliability of that ISP. Standard Tier provides network quality and reliability comparable to that of other Cloud providers.
Regional external IP addresses can use either Premium Tier or Standard Tier.
Standard tier is priced lower than Premium Tier because traffic from systems on the Internet is routed over transit (ISP) networks before being sent to VMs in your VPC network or regional Cloud Storage buckets. Standard tier outbound traffic normally exits Google's network from the same region used by the sending VM or Cloud Storage bucket, regardless of its destination. In rare cases, such as during a network event, traffic may not be able to travel out the closest exit and may be sent out another exit, perhaps in another region.
Standard Tier offers a lower cost alternative for these use cases:
- You have applications that are not latency or performance sensitive
- You're deploying VM instances or using Cloud Storage that can all be within a single region
Choosing a tier
It is important to use the right tier to meet your needs.
The following decision tree can help you decide which of the Network Service Tiers is right for your use case. Because you choose a tier at the resource level — such as the external IP address for a load balancer or VM — you can use Standard Tier for some resources and Premium Tier for others. If you are not sure what tier to use, choose Premium Tier, which is the default.
Project-level (Default: Premium Tier)
- Specify tier at the project level
Resource-level (Default: Premium Tier)
- Load Balancing: Enable for a forwarding rule
- Instance: Enable for a VM or instance template
- Other resource-level knobs in the future
The final tier for a resource is determined as follows:
If a tier is configured for either a resource or the project in which the resource resides, then that tier applies to the resource.
If tiers are configured for both the project and the resource, then the resource-level tier takes precedence for that resource.
Enabling Standard Tier for Google Cloud Storage
For the Network Service Tiers beta release, you must configure your storage bucket as the backend of the cloud load balancer to enable Standard Tier for it. The cloud storage bucket must be in the same region as the forwarding rule. If they are in different regions, requests to the bucket produce an error. Multi-regional cloud storage buckets are not supported with Standard Tier.
Upgrading resource from Standard to Premium Tier
We designate separate pools of public, external IP addresses for Premium and Standard Tier. Each pool is a separate contiguous range of IPs.
When an IP address is configured for an instance or load balancer, it is allocated from either of these two pools based on the Network Service Tier in effect for that resource.
Two separate pools for Premium and Network Service Tiers entail the following:
- If you change the tier of an instance with an ephemeral IP address, the IP address of the instance changes as well.
- An IP from one pool cannot be moved to the other pool.
- IP addresses in the Standard Tier in one region can not be moved to another region even if the tier remains the same.
Configuring Standard Tier for load balancing
Configuring Standard Tier for TCP/UDP Network Load Balancing
If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, or vice versa, you must delete the existing load balancer forwarding rule, then create a new one that points to the existing target pool. You must also use a Standard Tier address with the Standard Tier forwarding rule.
Configuring Standard Tier for HTTP(S) LB and TCP/SSL Proxy
If you do not specify a network tier, your load balancer defaults to using the Premium Tier. All load balancers which existed prior to the introduction of Network Service Tiers use the Premium Tier. The Premium Tier enables global load balancing, where a single IP address can point to backends in regions around the world. The Standard Tier is a regional service only. In order to use the Standard Tier, your load balancer must meet the following criteria:
- it must use a Standard Tier regional IP address
- it must use a Standard Tier regional forwarding rule
- it can have backends in the region that contains the forwarding rule only.
Standard Tier HTTP(S), SSL Proxy, and TCP Proxy Load Balancing
To use Standard Tier with a HTTP(S), SSL Proxy, or TCP Proxy load balancer, you must decide upon a single GCP region, then use a regional external IP address and a regional forwarding rule, both configured for Standard Tier, to point to the appropriate target HTTP(S) proxy, target SSL proxy, or target TCP proxy.
The IP address of the load balancer is still external, so clients from anywhere on the Internet can send traffic to it, but all of your backends must be located in the region you chose.
With Standard Tier, traffic sent to the load balancer traverses the Internet until it reaches a transit peering point at the GCP region you have chosen for the load balancer. A GFE acts as the proxy, terminating HTTP(S), SSL, or TCP, then contacting backends in your chosen region. Because all of your backend VMs are located in one region, the traffic from the original client to the GFE is subject to additional hops and potential latency.
The following diagram illustrates the regional nature of HTTP(S), SSL Proxy, or TCP Proxy load balancers when configured using Standard Tier. Three separate load balancers are manage traffic for backends each in a single region. Each load balancer has its own regional external IP address. The region used for that IP address and forwarding rule matches the region where the backend VMs are located.
When creating a regional address resource in the Standard Tier, you must specify the network tier of the regional external IP as Standard. Once the network tier is set to Standard, it cannot be updated to Premium. To change a load balancer to Premium Tier, you must reserve a new Premium Tier address.
If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, you must do the following:
- Remove any backends that are in regions other than the one that will contain your forwarding rule the existing load balancer
- Delete the existing forwarding rule and address, then create new Standard Tier regional ones that points to the existing target proxy.
Upgrading large volumes of traffic from Standard to Premium tier
It is important to correctly identify and use the tier that best suits your requirements.
Here are two important restrictions you should factor into your selection:
- You cannot use Premium networking as a backup for Standard. If, during an outage for Standard networking (e.g., due to a fiber cut), you reclassify your traffic as Premium, it will be treated as Standard for the duration of the outage.
- If you plan on moving significant amounts of traffic (>5Gbps) from Standard to Premium independent of an outage, you will need to contact your account manager.
Premium and Standard Tiers Recap
|Use Case||Performance optimized
Global Network Services
Regional Network Services
|Network||Routing||Inbound: Traffic across the globe enters Google's Global network at a location near your user.
Outbound: cold potato
Your traffic rides Google's high quality global backbone network to egress at Google's global edge POP closest to your user.
|Inbound: Traffic enters Google's network via peering or transit only in the region you have deployed the destination GCP resources in.
Outbound: hot potato
Traffic is sent to the internet via peering or transit that is local to the Cloud region where the traffic originates.
|Network Services||HTTP(S) Load Balancing||
|TCP Proxy and SSL Proxy||
|Network Load Balancing (TCP/UDP)||Regional Network Load Balancing + Premium Tier||Regional Network Load Balancing + Standard Tier (new)|
|Internal TCP/UDP Load Balancing||Regional||Standard Tier is not available for internal TCP/UDP load balancers.|
|CDN||Only Premium Tier||Standard Tier is not available for Cloud CDN.|
|Pricing||$/GB based on usage
Premium costs more than Standard
| $/GB based on usage
Standard is priced lower than Premium
Q. Which Network Tier does Google recommend using for my network services on GCP?
We recommend the Premium Tier so you can deliver your services on Google's high-quality network and leverage premium cloud network services such as Global Load Balancing and Cloud CDN. If you do not explicitly select a Network Tier, you will use Premium Tier by default.
Q. How can I switch from Standard Tier back to Premium Tier for my load balancer?
You should first create a new Load Balancer forwarding rule using a Premium Tier IP. You can then use DNS to slowly migrate traffic from your current Standard Tier IP(s) to the new Premium Tier IP. Once the migration is complete, you can release the Standard Tier IP(s) and the regional Load Balancer(s) associated with them. You do not need to change your backends since you can have multiple Load Balancers pointing to the same backends.
Q. What are the relative costs of using Premium Tier vs. Standard Tier?
Standard tier is priced lower than Premium Tier for $/GB. Review pricing details here.
Q. Will there be additional tiers in the future?
GCP currently offers two tiers, and this documentation will be updated if we decide to launch additional tiers.
Q. I want to test the performance of Premium and Standard. Which configuration do you recommend testing with?
You can test performance with either tier, depending on your needs.
Q. Can I apply Standard Tier to internal (RFC 1918) traffic within a VPC network?
You can enable Standard Tier for Internet-facing traffic on external (public) IP addresses. Standard Tier doesn't support traffic within a GCP VPC network. VM instances that communicate using internal IP addresses within VPC networks always use Premium Tier.
- See Using Network Service Tiers for instructions on using Network Service Tiers.