Network Service Tiers overview
Network Service Tiers lets you optimize connectivity between systems on the internet and your Google Cloud instances. Premium Tier delivers traffic on Google's premium backbone, while Standard Tier uses regular ISP networks.
Use Premium Tier to optimize for performance, and use Standard Tier to optimize for cost.
Google Cloud | Premium Tier | Standard Tier |
---|---|---|
Routing | Traffic between the internet and your application travels within the Google Cloud network to reach users | Uses peering, ISP, or transit networks to reach users |
Security | Traffic is protected on Google Cloud's backbone until the "last mile" | Comparable to other public clouds |
Networking features | Supports all Google Cloud networking features | Supports a foundational feature set including Cloud NAT, Regional external Application Load Balancer, and External passthrough Network Load Balancer |
Pricing | Premium pricing at parity with other public cloud providers | Cost-effective and at parity with other cloud providers |
SLA | 99.99% uptime | 99.9% uptime |
Outbound data transfer pricing for each of the Network Service Tiers is different. For more information, see Network Service Tiers pricing.
This diagram illustrates recommended use cases for Standard Tier and Premium Tier.
Network Service Tiers and Google Cloud resources
Google Cloud has two types of external IP addresses: global and regional.
External IP address type | Premium Tier | Standard Tier |
---|---|---|
Global external IPv4 and IPv6 addresses Publicly routable anycast IP addresses. |
Supported | Not supported |
Regional external IPv4 addresses Publicly routable IPv4 addresses designated for use by Google Cloud resources that fit within a single Google Cloud region |
Supported | Supported when IP addresses are used with eligible resources. Not supported for IP addresses imported to Google Cloud using bring your own IP (BYOIP). |
Regional external IPv6 addresses Publicly routable IPv6 addresses designated for use by Google Cloud resources that fit within a single Google Cloud region |
Supported | Not supported |
Regardless of which tier you use, the network is designed to keep traffic between virtual machine (VM) instances that are in the same or different regions on Google's network, including when a load balancer is on the path. This is true whether the traffic uses publicly or privately routable IP addresses.
The following table describes how Network Service Tiers applies to Google Cloud resources and what type of external IP address must be used.
In the table, a indicates that a resource is supported in a network tier, and indicates that it is not supported.
Google Cloud resource | Premium Tier | Standard Tier |
---|---|---|
Global external Application Load Balancer Global external proxy Network Load Balancer Classic Application Load Balancer Classic proxy Network Load Balancer |
Requires a global external IP address. | Requires a regional external IP address. |
Regional external Application Load Balancer Regional external proxy Network Load Balancer External passthrough Network Load Balancer |
Requires a regional external IP address. | Requires a regional external IP address. |
VM instances, including GKE node VMs |
Requires a regional external IP address. | Requires a regional external IP address. |
Cloud VPN gateways | Requires a regional external IP address. | Not supported. |
Cloud NAT gateways | Requires a regional external IP address. | Requires a regional external IP address. |
The following table illustrates how Network Service Tiers applies to Cloud Storage and Cloud CDN.
Google Cloud service | Premium Tier | Standard Tier |
---|---|---|
Cloud Storage | By default, access to Cloud Storage buckets is considered Premium Tier, whether or not the bucket is used as a backend for an external Application Load Balancer. | Standard Tier is an option only if you use a Cloud Storage bucket as a backend for an external Application Load Balancer. For more information, see Using Standard Tier with Cloud Storage. |
Cloud CDN | Cloud CDN is always Premium Tier. | You cannot use Standard Tier with Cloud CDN. |
Regions supporting Standard Tier
Standard Tier is available only to resources that use regional external IP addresses in the following Google Cloud regions. To use Standard Tier for Cloud Storage buckets acting as backends for an external Application Load Balancer, the load balancer must use a regional external IP address and also select Standard Tier.
africa-south1
asia-east1
asia-east2
asia-northeast1
asia-northeast2
asia-northeast3
asia-south1
asia-south2
asia-southeast1
asia-southeast2
australia-southeast1
australia-southeast2
us-west1
us-west2
us-west3
us-west4
us-central1
us-east1
us-east4
us-east5
us-south1
northamerica-northeast1
northamerica-northeast2
southamerica-east1
southamerica-west1
europe-north1
europe-west1
europe-west2
europe-west3
europe-west4
europe-west6
europe-west8
europe-west9
europe-west10
europe-west12
europe-southwest1
europe-central2
me-west1
me-central1
me-central2
Traffic routing
This table summarizes the differences in routing for each of the Network Service Tiers.
Traffic | Premium Tier | Standard Tier |
---|---|---|
Inbound data transfer to Google Cloud | Traffic from your users enters Google's network at a location nearest to them. | Traffic from your users enters Google's network through peering, ISP, or transit networks in the region where you have deployed your Google Cloud resources. |
Outbound data transfer from Google Cloud | Outbound traffic is sent on the BGP best path to your users. If multiple equal-cost paths exist, we select the route that is geographically closest to its source (for example, a Compute Engine VM instance) rather than to its destination. |
Outbound traffic is sent through the geographically closest peering or transit network from your Compute Engine instances even if that peering or transit network is not the BGP best path to your users. If there are multiple paths to your users in the geographically closest peering metro, the best among them is selected by using a round of BGP best path ranking, applied only to those geographically local paths. Standard Tier traffic might be routed as Premium Tier in rare circumstances, such as when there are no peering or transit networks in the geographically closest peering metro with reachability to your users, or when there is insufficient steady traffic between your source cloud region and your users. |
Premium Tier
Premium Tier delivers traffic from external systems to Google Cloud resources by using Google's low latency, highly reliable global network. This network consists of an extensive private fiber network with over 100 points of presence (PoPs) around the globe. This network is designed to tolerate multiple failures and disruptions while still delivering traffic.
Premium Tier supports both regional external IP addresses and global external IP addresses for VM instances and load balancers. All global external IP addresses must use Premium Tier. Applications that require high performance and availability, such as those that use external Application Load Balancers and external proxy Network Load Balancers, with backends in more than one region, require Premium Tier. Premium Tier is ideal for customers with users in multiple locations worldwide who need the best network performance and reliability.
With Premium Tier, incoming traffic from systems on the internet enters Google's high-performance network at the PoP closest to the sending system. Within Google's network, traffic is routed from that PoP to the VM in your Virtual Private Cloud (VPC) network or closest Cloud Storage bucket. Outbound traffic is sent through Google's network, exiting at the PoP closest to its destination. This routing method minimizes congestion and maximizes performance by reducing the number of hops between end users and the PoPs closest to them.
We offer a 99.99% uptime Service Level Agreement (SLA) for Premium Tier VMs. As defined in the Compute Engine Service Level Agreement, a VM that loses external connectivity for more than a minute is considered to be in downtime (100% packet loss).
Standard Tier
Standard Tier delivers traffic from external systems to Google Cloud resources by routing it over the internet. It leverages the double redundancy of Google's network only up to the point where Google's data center connects to a peering PoP. Packets that leave Google's network are delivered using the public internet and are subject to the reliability of intervening transit providers and ISPs. Standard Tier provides network quality and reliability comparable to that of other cloud providers.
Regional external IP addresses can use either Premium Tier or Standard Tier.
Standard Tier is priced lower than Premium Tier because traffic from systems on the internet is routed over transit (ISP) networks before being sent to VMs in your VPC network or regional Cloud Storage buckets. Standard Tier outbound traffic normally exits Google's network from the same region used by the sending VM or Cloud Storage bucket, regardless of its destination. In rare cases, such as during a network event, traffic might not be able to travel out the closest exit and might be sent out another exit, perhaps in another region.
Standard Tier offers a lower-cost alternative for the following use cases:
- You have applications that are not latency or performance sensitive.
- You're deploying VM instances or using Cloud Storage that can all be within a single region.
We offer a 99.9% uptime Service Level Agreement (SLA) for Standard Tier VMs. As defined in the Compute Engine Service Level Agreement, a VM that loses external connectivity for more than a minute is considered to be in downtime (100% packet loss).
Free tier
Standard Tier includes a Free Tier, providing 200 GB of free Standard Tier usage per month in each region that you use across all of your projects, on a per SKU basis. You don't need to take any action to use the Free Tier, but we recommend that you check all projects in your billing account to ensure that their combined usage in each region does not exceed the 200 GB limit.
Choosing a tier
It is important to choose the tier that meets your needs.
The following decision tree can help you decide which of the Network Service Tiers is right for your use case. Because you choose a tier at the resource level—such as the external IP address for a load balancer or VM—you can use Standard Tier for some resources and Premium Tier for others. If you are not sure which tier to use, choose Premium Tier, which is the default.
Project-level (default: Premium Tier)
- Specify tier at the project level
Resource-level (default: Premium Tier)
- Load balancing: Enable for a forwarding rule.
- Instance: Enable for a VM or instance template.
- Other resource-level knobs in the future.
The final tier for a resource is determined as follows:
If a tier is configured for either a resource or the project in which the resource resides, then that tier applies to the resource.
If tiers are configured for both the project and the resource, then the resource-level tier takes precedence for that resource.
Using Standard Tier with Cloud Storage
To use Standard Tier with Cloud Storage, you must configure your storage bucket as the backend of the Google Cloud load balancer. The Cloud Storage bucket must be in the same region as the forwarding rule. If they are in different regions, requests to the bucket produce an error. To use multi-regional Cloud Storage buckets as backends, you must use Premium Tier.
Upgrading a resource from Standard Tier to Premium Tier
Google Cloud designates separate pools of external IP addresses for Premium Tier and Standard Tier.
When an IP address is configured for an instance or load balancer, it is allocated from either of these two pools based on the network tier in effect for that resource.
Two separate pools for Premium Tier and Standard Tier entail the following:
- If you change the tier of an instance with an ephemeral IP address, the IP address of the instance changes as well.
- An IP address from one pool cannot be moved to the other pool.
- IP addresses in Standard Tier in one region cannot be moved to another region even if the tier remains the same.
Configure Standard Tier for load balancing
Use the following instructions to configure Standard Tier for a variety of load balancers.
Configuring Standard Tier for external passthrough Network Load Balancers
To configure an external passthrough Network Load Balancer to use Standard Tier, specify Standard Tier when creating the IP address and forwarding rule for the load balancer.
If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, or from Standard Tier to Premium Tier, you must delete the existing load balancer forwarding rule, and then create a new one that points to the existing target pool. You must also use a Standard Tier IP address with the Standard Tier forwarding rule.
Configure Standard Tier for classic Application Load Balancers and classic proxy Network Load Balancers
If you don't specify a network tier, your load balancer defaults to using Premium Tier. All load balancers that existed prior to the introduction of Network Service Tiers use Premium Tier. Premium Tier enables global load balancing, where a single IP address can point to backends in regions around the world. Standard Tier is a regional service only.
To use Standard Tier, your load balancer must meet the following criteria:
- It must use a Standard Tier regional IP address.
- It must use a Standard Tier regional forwarding rule.
- It can have backends in the region that contains the forwarding rule only.
The following diagram illustrates the global nature of classic Application Load Balancers and classic proxy Network Load Balancers when they are configured to use Premium Tier.
To use Standard Tier with a classic Application Load Balancer or a classic proxy Network Load Balancer, you must decide upon a single Google Cloud region, and then use a regional external IP address and a regional forwarding rule, both configured for Standard Tier, to point to the appropriate target HTTP(S) proxy, target SSL proxy, or target TCP proxy.
The IP address of the load balancer is still external, so clients from anywhere on the internet can send traffic to it, but all of your backends must be located in the region that you chose.
With Standard Tier, traffic sent to the load balancer traverses the internet until it reaches a transit peering point at the Google Cloud region that you have chosen for the load balancer. A Google Front End (GFE) acts as the proxy, terminating HTTP(S), SSL, or TCP, and then contacting backends in your chosen region. Because all of your backend VMs are located in one region, the traffic from the original client to the GFE is subject to additional hops and potential latency.
Standard Tier changes the behavior of classic Application Load Balancers and classic proxy Network Load Balancers so that they operate like those of other cloud providers. Standard Tier eliminates the ability for these types of load balancers to operate in multiple Google Cloud regions.
The following diagram illustrates the regional nature of classic Application Load Balancers and classic proxy Network Load Balancers when they are configured to use Standard Tier. If you want to operate a Standard Tier-based load balancing deployment in multiple regions, you'll need to create a separate load balancer in each region where you want to receive traffic. Each load balancer has its own regional external IP address. The region used for that IP address and forwarding rule matches the region where the backend VMs are located.
When creating a regional external IP address resource in Standard Tier, you must specify the network tier of the regional external IP address as Standard. After the network tier is set to Standard, it cannot be updated to Premium. To change a load balancer to Premium Tier, you must reserve a new Premium Tier IP address.
If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, you must do the following:
Remove any backends that are in regions other than the one that contains your forwarding rule for the existing load balancer.
Delete the existing forwarding rule and IP address, and then create a new Standard Tier regional forwarding rule and an IP address that point to the existing target proxy.
Upgrading large volumes of traffic from Standard Tier to Premium Tier
It is important to correctly identify and use the tier that best suits your requirements.
When you make your selection, take into account these two important restrictions:
You cannot use Premium Tier networking as a backup for Standard Tier. If, during an outage for Standard Tier networking (for example, because of a fiber cut), you reclassify your traffic as Premium Tier, it is treated as Standard Tier for the duration of the outage.
If you plan to move more than 5 Gbps of traffic from Standard Tier to Premium Tier independent of an outage, you must contact your account manager.
Premium Tier and Standard Tier summary
Premium | Standard | ||
---|---|---|---|
Use case | Performance optimized Global network Global network services |
Cost optimized Regional network Regional network services |
|
Network | Routing | Inbound: Traffic across the globe enters Google's global network at a location near your user. Outbound: Your outbound traffic rides Google's high-quality global backbone network to at Google global edge PoP closest to your user. |
Inbound: Traffic enters Google's network by peering or transit only in the region in which you have deployed the destination Google Cloud resources. Outbound: Traffic is sent to the internet by peering or transit that is local to the Google Cloud region where the traffic originates. |
Network services | External Application Load Balancer |
|
|
Internal Application Load Balancer | Cross-region or regional | Standard Tier is not available for internal Application Load Balancers. | |
External proxy Network Load Balancer |
|
|
|
Internal proxy Network Load Balancer | Regional | Standard Tier is not available for internal proxy Network Load Balancers. | |
External passthrough Network Load Balancer | Regional external passthrough Network Load Balancer is supported in Premium Tier | Regional external passthrough Network Load Balancer is supported in Standard Tier | |
Internal passthrough Network Load Balancer | Regional | Standard Tier is not available for internal passthrough Network Load Balancers. | |
Cloud CDN | Only Premium Tier | Standard Tier is not available for Cloud CDN. | |
Pricing | $/GB based on usage Premium costs more than Standard. |
$/GB based on usage Standard is priced lower than Premium. |
|
SLA | 99.99% uptime | 99.9% uptime |
Frequently asked questions
Which network tier does Google recommend using for my network services on Google Cloud?
We recommend using Premium Tier so that you can deliver your services on Google's high-quality network and take advantage of premium cloud network services such as global load balancing and Cloud CDN. If you don't explicitly select a network tier, you use Premium Tier by default.
How can I switch my load balancer from Standard Tier back to Premium Tier?
To switch your load balancer, follow these steps:
- Create a new load balancer forwarding rule that uses a Premium Tier IP address.
- Use DNS to slowly migrate traffic from your current Standard Tier IP address to the new Premium Tier IP address.
- After the migration is complete, you can release the Standard Tier IP addresses and the regional load balancers associated with them. You don't need to change your backends because you can have multiple load balancers pointing to the same backends.
What are the relative costs of using Premium Tier versus Standard Tier?
Standard Tier is priced lower than Premium Tier for $/GB. For more information, see Network Service Tiers pricing.
I want to test the performance of Premium Tier and Standard Tier. Which configuration do you recommend testing with?
You can test the performance of Premium Tier and Standard Tier with any configuration that is representative of your requirements.
Can I apply Standard Tier to internal traffic within a VPC network?
You can enable Standard Tier for internet-facing traffic on external IP addresses only. VM instances that use internal IP addresses within VPC networks to communicate always use Google Cloud's Premium Tier networking infrastructure, but with standard VM-VM outbound data transfer pricing.
What's next
- To specify a network tier for your workloads, see Using Network Service Tiers.