Traffic Director uses the forwarding rule to determine the target proxy to which traffic in the mesh is routed.
Each forwarding rule provides a single global IPv4 address for a service. You can use that address to create internal DNS records for your service (for example, using a Cloud DNS managed private zone). Metadata filters in the forwarding rule specify the criteria for which an xDS-compliant sidecar proxy receives the configuration.
For the Traffic Director control plane, the internal, self-managed, and global forwarding rule routes traffic by IP address, port, and protocol to a target proxy, which points to a URL map containing rules that determine the destination of the traffic. The URL map also specifies the default backend service, which specifies a health check and determines the appropriate backend, such as a managed instance group containing virtual machine instances or a network endpoint group containing GKE backend pods.
The diagram shows how a forwarding rule fits into the Traffic Director architecture.
Forwarding rule properties
A forwarding rule resource contains the following properties that apply to Traffic Director. Traffic that matches the destination IP address, protocol, and port number is handled by the forwarding rule.
0.0.0.0 IP address in a forwarding rule is one the options with
Traffic Director. A
0.0.0.0 IP address means any IP address.
- With a proxy deployment, this allows a proxy to match any incoming traffic if no other specific match is found.
- With a proxyless deployment, this provides a way to specify that an IP address
is not required. There are more details below about
0.0.0.0IP addresses with a target gRPC proxy.
- [Required] The name of the forwarding rule. The name must be unique in
this project, from 1-63 characters long and match the regular expression:
[a-z]([-a-z0-9]*[a-z0-9])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- [Required] Must be one of the following:
127.0.0.1, or any RFC 1918 address. IP addresses for Traffic Director forwarding rules do not need to correspond to IP address ranges of subnets in the VPC network. For a given VPC network, IP address, and port, you can have only one internal, self-managed forwarding rule. For example, in the same VPC network, you cannot create two forwarding rules that use the
0.0.0.0IP address and port
IPAddresswith a target gRPC proxy
- A forwarding rule that references a target gRPC proxy with the
validateForProxylessfield set to
TRUEmust have its IP address set to
0.0.0.0. A gRPC client using the
xdsscheme does not perform DNS lookup to resolve the hostname in the channel URI. Instead, such a client resolves the hostname[:port] in the target URI by sending an LDS request to Traffic Director. There is no DNS lookup involved and a DNS entry for the hostname is not required. As a result, Traffic Director uses the
0.0.0.0IP address and the port (default
80) specified in the URI to look up the forwarding rule. Then, Traffic Director looks for a matching host rule in the URL map of the target proxy referenced by the forwarding rule.
- [Required] The target proxy that this
forwarding rule directs traffic to. Traffic Director only supports
target-http-proxy. When you use the GCP Console to configure the forwarding rule, the target proxy is configured automatically. When you use
gcloudor the API, the target proxy must exist before you create your forwarding rule. You can use more than one forwarding rule with a given proxy.
- [Required] The type of protocol that this forwarding rule matches. The
only supported value is
- [Required] Specifies how the forwarding rule is used. The valid value for
Traffic Director is
[Required] A port or a port range joined by a dash. Packets of the specified protocol sent to these ports are forwarded to the appropriate backend. You can specify a single number of a range. For example,
80-8080. For a given VPC network, IP address, and port, you can have only one internal, self-managed forwarding rule. For example, in the same VPC network, you cannot create two forwarding rules that use the
0.0.0.0IP address and port
With proxyless gRPC services, the port in the forwarding rule is matched with the port specified in the URI that a gRPC application uses to connect to a service. If a port is not specified in the URI, then
80is the default port.
[Required] Specifies the VPC where the Google Cloud VMs running Envoy proxies are located. The Envoy proxies read the Traffic Director configuration that you define for the same network where the proxies are deployed. You can use the VPC network named
defaultor a custom network.
Traffic Director supports load balancing for clients only within the Google Cloud network, and you specify the network name in the forwarding rule. VPC Peering isn't supported.
Adding a global forwarding rule
To learn how to configure a forwarding rule within the overall Traffic Director setup, see:
- Setting Up Traffic Director for Compute Engine with VMs.
- Setting Up Traffic Director for Google Kubernetes Engine with pods
- For overview information about Traffic Director, see Traffic Director concepts.
- For information about using metadata filters to control which sidecar proxies receive the configuration attached to the forwarding rule, see Configuring advanced traffic management.
- For information on traffic routing, see Traffic Director routing rule maps overview