Network Service Tiers overview
Network Service Tiers lets you optimize connectivity between systems on the internet and your Google Cloud instances. Premium Tier delivers traffic on Google's premium backbone, while Standard Tier uses regular ISP networks.
Use Premium Tier to optimize for performance, and use Standard Tier to optimize for cost.
|Premium Tier||Standard Tier|
Egress pricing for each of the Network Service Tiers is different. For more information, see Network Service Tiers pricing.
This diagram illustrates recommended use cases for Standard Tier and Premium Tier.
Network Service Tiers and Google Cloud resources
Google Cloud has two types of external IP addresses: global and regional.
|External IP address type||Premium Tier||Standard Tier|
Global external IPv4 and IPv6 addresses
Publicly routable anycast IP addresses.
Regional external IPv4 addresses
Publicly routable IPv4 addresses designated for use by Google Cloud resources that fit within a single Google Cloud region
Supported when IP addresses are used with eligible resources.
Not supported for IP addresses imported to Google Cloud using bring your own IP (BYOIP).
Regional external IPv6 addresses
Publicly routable IPv6 addresses designated for use by Google Cloud resources that fit within a single Google Cloud region
Regardless of which tier you use, the network is designed to keep traffic between virtual machine (VM) instances that are in the same or different regions on Google's network, including when a load balancer is on the path. This is true whether the traffic uses publicly or privately routable IP addresses.
The following table describes how Network Service Tiers applies to Google Cloud resources and what type of external IP address must be used.
In the table, a indicates that a resource is supported in a network tier, and indicates that it is not supported.
|Google Cloud resource||Premium Tier||Standard Tier|
External HTTP(S) load balancer
External SSL proxy load balancer
External TCP proxy load balancer
|Requires a global external IP address.||Requires a regional external IP address.|
|Network load balancer||Requires a regional external IP address.||Requires a regional external IP address.|
including GKE node VMs
|Requires a regional external IP address.||Requires a regional external IP address.|
|Cloud VPN gateways||Requires a regional external IP address.||Not supported.|
|Cloud NAT gateways||Requires a regional external IP address.||Requires a regional external IP address.|
The following table illustrates how Network Service Tiers applies to Cloud Storage and Cloud CDN.
|Google Cloud service||Premium Tier||Standard Tier|
|Cloud Storage||By default, access to Cloud Storage buckets is considered Premium Tier, whether or not the bucket is used as a backend for an external HTTP(S) load balancer.||
Standard Tier is an option only if you use a Cloud Storage bucket as a backend for an external HTTP(S) load balancer.
For more information, see Configuring Standard Tier.
|Cloud CDN||Cloud CDN is always Premium Tier.||You cannot use Standard Tier with Cloud CDN.|
Regions supporting Standard Tier
Standard Tier is available only to resources that use regional external IP addresses in the following Google Cloud regions. To use Standard Tier for Cloud Storage buckets acting as backends for an external HTTP(S) load balancer, the load balancer must use a regional external IP address and also select Standard Tier.
This table summarizes the differences in routing for each of the Network Service Tiers.
|Traffic||Premium Tier||Standard Tier|
|Ingress to Google Cloud||Traffic from your users enters Google's network at a location nearest to them.||Traffic from your users enters Google's network through peering, ISP, or transit networks in the region where you have deployed your Google Cloud resources.|
|Egress from Google Cloud||
Egress traffic is sent on the BGP best path to your users. If multiple equal-cost paths exist, we select the route that is geographically closest to its source (for example, a Compute Engine VM instance) rather than to its destination.
Egress traffic is sent through the geographically closest peering or transit network from your Compute Engine instances even if that peering or transit network is not the BGP best path to your users. If there are multiple paths to your users in the geographically closest peering metro, the best among them is selected by using a round of BGP best path ranking, applied only to those geographically local paths.
Standard Tier traffic might be routed as Premium Tier in rare circumstances, such as when there are no peering or transit networks in the geographically closest peering metro with reachability to your users, or when there is insufficient steady traffic between your source cloud region and your users.
Premium Tier delivers traffic from external systems to Google Cloud resources by using Google's low latency, highly reliable global network. This network consists of an extensive private fiber network with over 100 points of presence (PoPs) around the globe. This network is designed to tolerate multiple failures and disruptions while still delivering traffic.
Premium Tier supports both regional external IP addresses and global external IP addresses for VM instances and load balancers. All global external IP addresses must use Premium Tier. Applications that require high performance and availability, such as those that use external HTTP(S) load balancers, external TCP proxy load balancers, and external SSL proxy load balancers with backends in more than one region, require Premium Tier. Premium Tier is ideal for customers with users in multiple locations worldwide who need the best network performance and reliability.
With Premium Tier, incoming traffic from systems on the internet enters Google's high-performance network at the PoP closest to the sending system. Within Google's network, traffic is routed from that PoP to the VM in your Virtual Private Cloud (VPC) network or closest Cloud Storage bucket. Outbound traffic is sent through Google's network, exiting at the PoP closest to its destination. This routing method minimizes congestion and maximizes performance by reducing the number of hops between end users and the PoPs closest to them.
Standard Tier delivers traffic from external systems to Google Cloud resources by routing it over the internet. It leverages the double redundancy of Google's network only up to the point where Google's data center connects to a peering PoP. Packets that leave Google's network are delivered using the public internet and are subject to the reliability of intervening transit providers and ISPs. Standard Tier provides network quality and reliability comparable to that of other cloud providers.
Regional external IP addresses can use either Premium Tier or Standard Tier.
Standard Tier is priced lower than Premium Tier because traffic from systems on the internet is routed over transit (ISP) networks before being sent to VMs in your VPC network or regional Cloud Storage buckets. Standard Tier outbound traffic normally exits Google's network from the same region used by the sending VM or Cloud Storage bucket, regardless of its destination. In rare cases, such as during a network event, traffic might not be able to travel out the closest exit and might be sent out another exit, perhaps in another region.
Standard Tier offers a lower-cost alternative for the following use cases:
- You have applications that are not latency or performance sensitive.
- You're deploying VM instances or using Cloud Storage that can all be within a single region.
Choosing a tier
It is important to choose the tier that meets your needs.
The following decision tree can help you decide which of the Network Service Tiers is right for your use case. Because you choose a tier at the resource level—such as the external IP address for a load balancer or VM—you can use Standard Tier for some resources and Premium Tier for others. If you are not sure which tier to use, choose Premium Tier, which is the default.
Project-level (default: Premium Tier)
- Specify tier at the project level
Resource-level (default: Premium Tier)
- Load balancing: Enable for a forwarding rule.
- Instance: Enable for a VM or instance template.
- Other resource-level knobs in the future.
The final tier for a resource is determined as follows:
If a tier is configured for either a resource or the project in which the resource resides, then that tier applies to the resource.
If tiers are configured for both the project and the resource, then the resource-level tier takes precedence for that resource.
Using Standard Tier with Cloud Storage
To use Standard Tier with Cloud Storage, you must configure your storage bucket as the backend of the Google Cloud load balancer. The Cloud Storage bucket must be in the same region as the forwarding rule. If they are in different regions, requests to the bucket produce an error. To use multi-regional Cloud Storage buckets as backends, you must use Premium Tier.
Upgrading a resource from Standard Tier to Premium Tier
Google Cloud designates separate pools of external IP addresses for Premium Tier and Standard Tier.
When an IP address is configured for an instance or load balancer, it is allocated from either of these two pools based on the network tier in effect for that resource.
Two separate pools for Premium Tier and Standard Tier entail the following:
- If you change the tier of an instance with an ephemeral IP address, the IP address of the instance changes as well.
- An IP address from one pool cannot be moved to the other pool.
- IP addresses in Standard Tier in one region cannot be moved to another region even if the tier remains the same.
Configuring Standard Tier for load balancing
Configuring Standard Tier for network load balancers
To configure a network load balancer to use Standard Tier, specify Standard Tier when creating the IP address and forwarding rule for the load balancer.
If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, or from Standard Tier to Premium Tier, you must delete the existing load balancer forwarding rule, and then create a new one that points to the existing target pool. You must also use a Standard Tier IP address with the Standard Tier forwarding rule.
Configuring Standard Tier for external HTTP(S) load balancers, external SSL proxy load balancers, and external TCP proxy load balancers
If you do not specify a network tier, your load balancer defaults to using Premium Tier. All load balancers that existed prior to the introduction of Network Service Tiers use Premium Tier. Premium Tier enables global load balancing, where a single IP address can point to backends in regions around the world. Standard Tier is a regional service only.
To use Standard Tier, your load balancer must meet the following criteria:
- It must use a Standard Tier regional IP address.
- It must use a Standard Tier regional forwarding rule.
- It can have backends in the region that contains the forwarding rule only.
Standard Tier with external HTTP(S) load balancers, external SSL proxy load balancers, and external TCP proxy load balancers
To use Standard Tier with an HTTP(S), SSL proxy, or external TCP proxy load balancer, you must decide upon a single Google Cloud region, and then use a regional external IP address and a regional forwarding rule, both configured for Standard Tier, to point to the appropriate target HTTP(S) proxy, target SSL proxy, or target TCP proxy.
The IP address of the load balancer is still external, so clients from anywhere on the internet can send traffic to it, but all of your backends must be located in the region that you chose.
With Standard Tier, traffic sent to the load balancer traverses the internet until it reaches a transit peering point at the Google Cloud region that you have chosen for the load balancer. A Google Front End (GFE) acts as the proxy, terminating HTTP(S), SSL, or TCP, and then contacting backends in your chosen region. Because all of your backend VMs are located in one region, the traffic from the original client to the GFE is subject to additional hops and potential latency.
The following diagram illustrates the regional nature of HTTP(S), SSL proxy, or external TCP proxy load balancers when configured using Standard Tier. Three separate load balancers manage traffic for backends each in a single region. Each load balancer has its own regional external IP address. The region used for that IP address and forwarding rule matches the region where the backend VMs are located.
When creating a regional external IP address resource in Standard Tier, you must specify the network tier of the regional external IP address as Standard. After the network tier is set to Standard, it cannot be updated to Premium. To change a load balancer to Premium Tier, you must reserve a new Premium Tier IP address.
If you want to change an existing load balancer from Premium Tier (the default) to Standard Tier, you must do the following:
Remove any backends that are in regions other than the one that contains your forwarding rule for the existing load balancer.
Delete the existing forwarding rule and IP address, and then create a new Standard Tier regional forwarding rule and an IP address that point to the existing target proxy.
Upgrading large volumes of traffic from Standard Tier to Premium Tier
It is important to correctly identify and use the tier that best suits your requirements.
When you make your selection, take into account these two important restrictions:
You cannot use Premium Tier networking as a backup for Standard Tier. If, during an outage for Standard Tier networking (for example, because of a fiber cut), you reclassify your traffic as Premium Tier, it is treated as Standard Tier for the duration of the outage.
If you plan to move more than 5 Gbps of traffic from Standard Tier to Premium Tier independent of an outage, you must contact your account manager.
Premium Tier and Standard Tier summary
Global network services
Regional network services
Inbound: Traffic across the globe enters Google's global network at a location near your user.
Outbound: Your traffic rides Google's high-quality global backbone network to egress at the Google global edge PoP closest to your user.
Inbound: Traffic enters Google's network by peering or transit only in the region in which you have deployed the destination Google Cloud resources.
Outbound: Traffic is sent to the internet by peering or transit that is local to the Google Cloud region where the traffic originates.
|Network services||External HTTP(S) load balancer||
|External TCP proxy load balancer and external SSL proxy load balancer||
|Network load balancer||Regional network load balancer + Premium Tier||Regional network load balancer + Standard Tier (new)|
|internal TCP/UDP load balancer||Regional||Standard Tier is not available for internal TCP/UDP load balancers.|
|Cloud CDN||Only Premium Tier||Standard Tier is not available for Cloud CDN.|
$/GB based on usage
Premium costs more than Standard.
$/GB based on usage
Standard is priced lower than Premium.
Frequently asked questions
Which network tier does Google recommend using for my network services on Google Cloud?
We recommend using Premium Tier so that you can deliver your services on Google's high-quality network and leverage premium cloud network services such as global load balancing and Cloud CDN. If you do not explicitly select a network tier, you use Premium Tier by default.
How can I switch my load balancer from Standard Tier back to Premium Tier?
To switch your load balancer, follow these steps:
- Create a new load balancer forwarding rule that uses a Premium Tier IP address.
- Use DNS to slowly migrate traffic from your current Standard Tier IP address to the new Premium Tier IP address.
- After the migration is complete, you can release the Standard Tier IP addresses and the regional load balancers associated with them. You do not need to change your backends because you can have multiple load balancers pointing to the same backends.
What are the relative costs of using Premium Tier versus Standard Tier?
Standard Tier is priced lower than Premium Tier for $/GB. For more information, see Network Service Tiers pricing.
I want to test the performance of Premium Tier and Standard Tier. Which configuration do you recommend testing with?
You can test the performance of Premium Tier and Standard Tier with any configuration that is representative of your requirements.
Can I apply Standard Tier to internal traffic within a VPC network?
You can enable Standard Tier for internet-facing traffic on external IP addresses only. Standard Tier doesn't support traffic within a Google Cloud VPC network. VM instances that use internal IP addresses within VPC networks to communicate always use Premium Tier.
- To specify a network tier for your workloads, see Using Network Service Tiers.