Network Service Tiers overview

Network Service Tiers lets you optimize connectivity between systems on the internet and your Google Cloud instances. Premium Tier delivers traffic on Google's premium backbone, while Standard Tier uses regular ISP networks.

Use Premium Tier to optimize for performance, and use Standard Tier to optimize for cost.

Premium Tier Standard Tier
  • Highest performance: Traffic between the internet and VM instances in your VPC network is routed by keeping it within Google's network as much as possible.
  • For services that need global availability.
  • Unique to Google Cloud.
  • Premium Tier is the default unless you make configuration changes.
  • Cost optimized: Traffic between the internet and VM instances in your VPC network is routed over the internet in general.
  • For services hosted entirely within a region.
  • Performance is comparable to other cloud providers.

Egress pricing for each of the Network Service Tiers is different. For more information, see Network Service Tiers pricing.

This diagram illustrates recommended use cases for Standard Tier and Premium Tier.

Network Service Tiers use cases (click to enlarge)
Network Service Tiers use cases (click to enlarge)

Network Service Tiers and Google Cloud resources

The following table describes how Network Service Tiers applies to Google Cloud resources and what type of external IP address must be used. Google Cloud has two types of external IP addresses:

  • Global external IP addresses are only available for HTTP(S), TCP Proxy, and SSL Proxy Load Balancing. They are always Premium Tier. Global external IP addresses are publicly routable anycast IP addresses.

  • Regional external IP addresses are publicly routable IP addresses designated for use by Google Cloud resources that fit within a single Google Cloud region. Regional external IP addresses are Premium Tier by default. When they are used with eligible resources, a regional external IP address can be Standard Tier.

Regardless of which tier you use, the network is designed to keep traffic between virtual machine (VM) instances that are in the same region on Google's network, including when a load balancer is on the path. This is true whether the traffic uses publicly or privately routable IP addresses.

In the following table, a indicates that a resource is supported in a network tier, and indicates that it is not supported.

Google Cloud resource Premium Tier Standard Tier

HTTP(S) Load Balancing

SSL Proxy Load Balancing

TCP Proxy Load Balancing

Requires a global external IP address. Requires a regional external IP address.
Network Load Balancing Requires a regional external IP address. Requires a regional external IP address.
Internal HTTP(S) Load Balancing Always Internal IP addresses in a VPC network are always Premium Tier.
VM instances,
including GKE node VMs
Requires a regional external IP address. Requires a regional external IP address.
Cloud VPN gateways Requires a regional external IP address. Not supported.
Cloud NAT gateways Requires a regional external IP address. Not supported.

The following table illustrates how Network Service Tiers applies to Cloud Storage and Cloud CDN.

Google Cloud service Premium Tier Standard Tier
Cloud Storage By default, access to Cloud Storage buckets is considered Premium Tier, whether or not the bucket is used as a backend for an external HTTP(S) load balancer.

Standard Tier is an option only if you use a Cloud Storage bucket as a backend for an external HTTP(S) load balancer.

For more information, see Configuring Standard Tier.

Cloud CDN Cloud CDN is always Premium Tier. You cannot use Standard Tier with Cloud CDN.

Regions supporting Standard Tier

Standard Tier is available only to resources that use regional external IP addresses in the following Google Cloud regions. To use Standard Tier for Cloud Storage buckets acting as backends for HTTP(S) Load Balancing, the external HTTP(S) load balancer must use a regional external IP address and also select Standard Tier.

  • asia-east1
  • asia-east2
  • asia-northeast1
  • asia-northeast3
  • asia-south1
  • asia-southeast1
  • asia-southeast2
  • australia-southeast1
  • us-west1
  • us-west2
  • us-west3
  • us-west4
  • us-central1
  • us-east1
  • us-east4
  • northamerica-northeast1
  • southamerica-east1
  • europe-north1
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • europe-west6

Traffic routing

This table summarizes the differences in routing for each of the Network Service Tiers.

Traffic Premium Tier Standard Tier
Ingress to Google Cloud Traffic from your users enters Google's network at a location nearest to them. Traffic from your users enters Google's network through peering, ISP, or transit networks in the region where you have deployed your Google Cloud resources.
Egress from Google Cloud

cold potato routing

Egress traffic is sent through Google's network backbone, leaving at a global edge point of presence (PoP) closest to your users.

hot potato routing

Egress traffic is sent to the internet through a peering or transit network local to the Google Cloud region from which it originates.

Premium Tier

Premium Tier delivers traffic from external systems to Google Cloud resources by using Google's low latency, highly reliable global network. This network consists of an extensive private fiber network with over 100 points of presence (PoPs) around the globe. This network is designed to tolerate multiple failures and disruptions while still delivering traffic.

Premium Tier supports both regional external IP addresses and global external IP addresses for VM instances and load balancers. All global external IP addresses must use Premium Tier. Applications that require high performance and availability, such as those that use HTTP(S), TCP proxy, and SSL proxy load balancers with backends in more than one region, require Premium Tier. Premium Tier is ideal for customers with users in multiple locations worldwide who need the best network performance and reliability.

Routing path for Premium Tier (click to enlarge).
Routing path for Premium Tier (click to enlarge)

With Premium Tier, incoming traffic from systems on the internet enters Google's high-performance network at the PoP closest to the sending system. Within Google's network, traffic is routed from that PoP to the VM in your Virtual Private Cloud (VPC) network or closest Cloud Storage bucket. Outbound traffic is sent through Google's network, exiting at the PoP closest to its destination. This routing method minimizes congestion and maximizes performance by reducing the number of hops between end users and the PoPs closest to them.

Standard Tier

Standard Tier delivers traffic from external systems to Google Cloud resources by routing it over the internet. It leverages the double redundancy of Google's network only up to the point where Google's data center connects to a peering PoP. Packets that leave Google's network are delivered using the public internet and are subject to the reliability of intervening transit providers and ISPs. Standard Tier provides network quality and reliability comparable to that of other cloud providers.

Regional external IP addresses can use either Premium Tier or Standard Tier.

Routing path for Standard Tier (click to enlarge).
Routing path for Standard Tier (click to enlarge)

Standard Tier is priced lower than Premium Tier because traffic from systems on the internet is routed over transit (ISP) networks before being sent to VMs in your VPC network or regional Cloud Storage buckets. Standard Tier outbound traffic normally exits Google's network from the same region used by the sending VM or Cloud Storage bucket, regardless of its destination. In rare cases, such as during a network event, traffic might not be able to travel out the closest exit and might be sent out another exit, perhaps in another region.

Standard Tier offers a lower-cost alternative for the following use cases:

  • You have applications that are not latency or performance sensitive.
  • You're deploying VM instances or using Cloud Storage that can all be within a single region.

Choosing a tier

It is important to choose the tier that meets your needs.

The following decision tree can help you decide which of the Network Service Tiers is right for your use case. Because you choose a tier at the resource level—such as the external IP address for a load balancer or VM—you can use Standard Tier for some resources and Premium Tier for others. If you are not sure which tier to use, choose Premium Tier, which is the default.

Network Service Tiers decision tree (click to enlarge).
Network Service Tiers decision tree (click to enlarge)

Project-level (default: Premium Tier)

  • Specify tier at the project level

Resource-level (default: Premium Tier)

  • Load balancing: Enable for a forwarding rule.
  • Instance: Enable for a VM or instance template.
  • Other resource-level knobs in the future.

The final tier for a resource is determined as follows:

  • If a tier is configured for either a resource or the project in which the resource resides, then that tier applies to the resource.

  • If tiers are configured for both the project and the resource, then the resource-level tier takes precedence for that resource.

Using Standard Tier with Cloud Storage

To use Standard Tier with Cloud Storage, you must configure your storage bucket as the backend of the Google Cloud load balancer. The Cloud Storage bucket must be in the same region as the forwarding rule. If they are in different regions, requests to the bucket produce an error. To use multi-regional Cloud Storage buckets as backends, you must use Premium Tier.

Cloud Storage and load balancing (click to enlarge).
Cloud Storage and load balancing (click to enlarge)

Upgrading a resource from Standard Tier to Premium Tier

Google Cloud designates separate pools of external IP addresses for Premium Tier and Standard Tier.

When an IP address is configured for an instance or load balancer, it is allocated from either of these two pools based on the network tier in effect for that resource.

Two separate pools for Premium Tier and Standard Tier entail the following:

  • If you change the tier of an instance with an ephemeral IP address, the IP address of the instance changes as well.
  • An IP address from one pool cannot be moved to the other pool.
  • IP addresses in Standard Tier in one region cannot be moved to another region even if the tier remains the same.

Configuring Standard Tier for load balancing

Configuring Standard Tier for TCP/UDP Network Load Balancing

To configure a network load balancer to use Standard Tier, specify Standard Tier when creating the IP address and forwarding rule for the load balancer.

If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, or from Standard Tier to Premium Tier, you must delete the existing load balancer forwarding rule, and then create a new one that points to the existing target pool. You must also use a Standard Tier IP address with the Standard Tier forwarding rule.

Configuring Standard Tier for HTTP(S) and TCP/SSL Proxy Load Balancing

If you do not specify a network tier, your load balancer defaults to using Premium Tier. All load balancers that existed prior to the introduction of Network Service Tiers use Premium Tier. Premium Tier enables global load balancing, where a single IP address can point to backends in regions around the world. Standard Tier is a regional service only.

To use Standard Tier, your load balancer must meet the following criteria:

  • It must use a Standard Tier regional IP address.
  • It must use a Standard Tier regional forwarding rule.
  • It can have backends in the region that contains the forwarding rule only.
Premium Tier global load balancer (click to enlarge).
Premium Tier global load balancer (click to enlarge)

Standard Tier HTTP(S), SSL Proxy, and TCP Proxy Load Balancing

To use Standard Tier with an HTTP(S), SSL proxy, or TCP proxy load balancer, you must decide upon a single Google Cloud region, and then use a regional external IP address and a regional forwarding rule, both configured for Standard Tier, to point to the appropriate target HTTP(S) proxy, target SSL proxy, or target TCP proxy.

The IP address of the load balancer is still external, so clients from anywhere on the internet can send traffic to it, but all of your backends must be located in the region that you chose.

With Standard Tier, traffic sent to the load balancer traverses the internet until it reaches a transit peering point at the Google Cloud region that you have chosen for the load balancer. A Google Front End (GFE) acts as the proxy, terminating HTTP(S), SSL, or TCP, and then contacting backends in your chosen region. Because all of your backend VMs are located in one region, the traffic from the original client to the GFE is subject to additional hops and potential latency.

Standard Tier TCP sessions (click to enlarge).
Standard Tier TCP sessions (click to enlarge)

The following diagram illustrates the regional nature of HTTP(S), SSL proxy, or TCP proxy load balancers when configured using Standard Tier. Three separate load balancers manage traffic for backends each in a single region. Each load balancer has its own regional external IP address. The region used for that IP address and forwarding rule matches the region where the backend VMs are located.

Standard Tier regional load balancer (click to enlarge).
Standard Tier regional load balancer (click to enlarge)

When creating a regional external IP address resource in Standard Tier, you must specify the network tier of the regional external IP address as Standard. After the network tier is set to Standard, it cannot be updated to Premium. To change a load balancer to Premium Tier, you must reserve a new Premium Tier IP address.

If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, you must do the following:

  1. Remove any backends that are in regions other than the one that contains your forwarding rule for the existing load balancer.

  2. Delete the existing forwarding rule and IP address, and then create a new Standard Tier regional forwarding rule and an IP address that point to the existing target proxy.

Upgrading large volumes of traffic from Standard Tier to Premium Tier

It is important to correctly identify and use the tier that best suits your requirements.

When you make your selection, take into account these two important restrictions:

  • You cannot use Premium Tier networking as a backup for Standard Tier. If, during an outage for Standard Tier networking (for example, because of a fiber cut), you reclassify your traffic as Premium Tier, it is treated as Standard Tier for the duration of the outage.

  • If you plan to move more than 5 Gbps of traffic from Standard Tier to Premium Tier independent of an outage, you must contact your account manager.

Premium Tier and Standard Tier summary

Premium Standard
Use case

Performance optimized

Global network

Global network services

Cost optimized

Regional network

Regional network services

Network Routing

Inbound: Traffic across the globe enters Google's global network at a location near your user.

Outbound: cold potato
Your traffic rides Google's high-quality global backbone network to egress at Google's global edge PoP closest to your user.

Inbound: Traffic enters Google's network by peering or transit only in the region that you have deployed the destination Google Cloud resources in.

Outbound: hot potato
Traffic is sent to the internet by peering or transit that is local to the Google Cloud region where the traffic originates.

Network services HTTP(S) Load Balancing
  • Global
  • Supports backend VMs in any region
  • Global anycast: uses a single IP address worldwide
  • Terminates TCP as close to the user as possible, worldwide
  • Regional (new)
  • Supports backend VMs in a single region
  • To support multiple regions, requires DNS and multiple Google Cloud load balancers (one load balancer per region)
  • Terminates TCP in the destination region
TCP Proxy Load Balancing and SSL Proxy Load Balancing
  • Global
  • Supports backend VMs in any region
  • Global anycast: uses a single IP address worldwide
  • Terminates TCP as close to the user as possible, worldwide
  • Regional (new)
  • Supports backend VMs in a single region
  • To support multiple regions, requires DNS and multiple Google Cloud load balancers (one load balancer per region)
  • Terminates TCP in the destination region
TCP/UDP Network Load Balancing Regional Network Load Balancing + Premium Tier Regional Network Load Balancing + Standard Tier (new)
Internal TCP/UDP Load Balancing Regional Standard Tier is not available for internal TCP/UDP load balancers.
Cloud CDN Only Premium Tier Standard Tier is not available for Cloud CDN.
Pricing

$/GB based on usage

Premium costs more than Standard.

Pricing details

$/GB based on usage

Standard is priced lower than Premium.

Pricing details

Frequently asked questions

Which network tier does Google recommend using for my network services on Google Cloud?

We recommend using Premium Tier so that you can deliver your services on Google's high-quality network and leverage premium cloud network services such as global load balancing and Cloud CDN. If you do not explicitly select a network tier, you use Premium Tier by default.

How can I switch my load balancer from Standard Tier back to Premium Tier?

To switch your load balancer, follow these steps:

  1. Create a new load balancer forwarding rule that uses a Premium Tier IP address.
  2. Use DNS to slowly migrate traffic from your current Standard Tier IP address to the new Premium Tier IP address.
  3. After the migration is complete, you can release the Standard Tier IP addresses and the regional load balancers associated with them. You do not need to change your backends because you can have multiple load balancers pointing to the same backends.

What are the relative costs of using Premium Tier versus Standard Tier?

Standard Tier is priced lower than Premium Tier for $/GB. For more information, see Network Service Tiers pricing.

I want to test the performance of Premium Tier and Standard Tier. Which configuration do you recommend testing with?

You can test the performance of Premium Tier and Standard Tier with any configuration that is representative of your requirements.

Can I apply Standard Tier to internal traffic within a VPC network?

You can enable Standard Tier for internet-facing traffic on external IP addresses only. Standard Tier doesn't support traffic within a Google Cloud VPC network. VM instances that use internal IP addresses within VPC networks to communicate always use Premium Tier.

What's next