Google Cloud Load Balancer
Features
- Ability to distribute load-balanced compute resources in single or multiple high availability regions
- Scalable software defined - it is not instance or device based, so you do not need to manage a physical load balancing infrastructure.
- It can put your resources behind a single anycast IP address and to scale your resources up or down with intelligent Autoscaling.
- It supports almost all protocols.
- Ability to serve content as close as possible to your users, on a system that can respond to over 1 million queries per second
- Cloud Load Balancing is fully integrated with Cloud CDN for optimal content delivery.
- Load distribution algoritm within backend instances (param balancingMode) based on Requests per second (RPS) or CPU utilization.
Types of Cloud Load Balancing
Global and regional load balancing
- Health Checks
- Autoscaling
Global load balancing
You should use it when you need access to the same applications and content or need IPv6.
- Users and instances are globally distributed
- Single anycast IP address
- HTTP/HTTPS, or TCP/SSL
- IP address and cookie-based affinity
- IPv6 and IPv4 client termination
- Connection draining (process that ensures that existing, in-progress requests are given time to complete when a VM is removed from an instance group or when an endpoint is removed from a zonal NEG).
- Monitoring and logging
- Load balancing for cloud storage
- Cross-region overflow and failover
- It requires Premium Tier of Network Service Tiers.
Regional load balancing
Regional load balancing is used when users and instances are concentrated in one region and you only require IPv4 termination.
- Internal HTTP/HTTPS, TCP/UDP Load Balancing
- External UDP or TCP traffic
- Instances in one region
- Single IP address per region
- Session affinity
- IPv4 only
- Standard Tier of Network Service Tiers
External and Internal load balancing
External Load Balancer
External load balancers distribute traffic coming from the internet to your Virtual Private Cloud (VPC).
- Based on incoming IP protocol data: address, port and protocol type.
Internal Load Balancer
Internal load balancers distribute traffic within your Virtual Private Cloud (VPC).
- There is not hops, but just routing, so latency is improved.
- It cannot hop to IP of manually configured route.
- It cannot send traffic through VPN tunnel to load balancer IP.
- A maximum number o 50 internal load balancer forwarding rules is allowed per network.
- A maximum number of 250 backends is allowed per internal load balancer forwarding rule.
- Selection algorithm: by default, algorithm uses a 5-tuple hash (client IP, client port, destination IP i.e. load balancing IP, destination port, protocol).
- Controlling how traffic directs to backend can be done with session affinity, based on 3-tuple (client IP, destination IP, protocol) or 2-tuple (client IP, destination IP).
Traffic type
- External Global Load Balancer: HTTP/HTTPS, TCP, SSL non HTTP.
- External Regional Load Balancer: TCP, UDP.
- Internal Regional Load Balancer: HTTP/HTTPS, TCP, UDP.
HTTP(S) Load Balancing
It balances HTTP and HTTPS traffic (layer 7) across multiple backend instances and across multiple regions using a single global IP address, which simplifies DNS setup
- Global Forwarding Rule route traffic by IP address, port, and protocol to a load balancing target proxy
- Target Proxies route incoming requests to a URL map
- URL Map allows traffic to be directed to different matched backend instances or storage buckets.
- Backend Services are VM instances groups (defined in GCE) configured to deliver files
- Health Checks determine whether VM instances respond properly to traffic
- Session affinity based on either client IP or generated cookie.
- Firewall rules in the operating system will be configured automatically to allow load balanced traffic on using public operating system images supplied by Google Compute Engine. Custom images require to manually setup system firewall.
- HTTP(S) load balancer does not support sending an HTTP DELETE with a body to the load balancer.
- HTTPS load balancer uses a target HTTPS proxy and requires a SSL certificate.
- Websocket protocol is natively supported. Longer-lived connections are supported by increasing timeout value (timeoutSec parameter in API).
- Default response timeout of 30 seconds. TCP session timeout is 600 seconds (10 minutes) by default.
- It retries failed GET requests, but not failed POST requests.
- Supports logging with Stackdriver, on setting up the backend services.
Scaling based on HTTP(S) load
Within the backend service, you can define the load balancing serving capacity of the instance groups associated with the backend.
When you attach an autoscaler to an HTTP(S) load balancer, the autoscaler will scale the managed instance group to maintain a fraction of the load balancing serving capacity.
Autoscaling only works with maximum CPU utilization and maximum requests per second/instance because the value of these settings can be controlled by adding or removing instances.
Illegal Requests Handling: blocks
- It cannot parse first line of request.
- A header is missing the ":" delimiter.
- Headers or first line contain invalid characters.
- Content length is not a valid number, or there are multiple content length headers.
- There are multiple transfer encoding keys, or there are unrecognized transfer encoding values.
- There's a non-chunked body and no content length is specified.
- Body chunks are un-parseable.
- Combination of request URL and headers is longer than about 15KB.
- Request method does not allow a body, but request has one.
- Request contains an upgrade header.
- HTTP version is unknown.
TCP Load Balancing
It is a layer 4 load balancer.
Only specific sets of ports are supported for SSL proxy and TCP proxy: 25, 43, 110 143, 195, 443 465, 587, 700, 993, 1883, 5222.
SSL Proxy Load Balancing
It allows you to enable encryption between your clients and the load balancing layer for non-HTTP(S) traffic.
- With SSL Proxy Load Balancing, SSL connections are terminated at the load balancing layer then proxied to the closest available instance group.
- SSL Proxy Load Balancing can handle HTTPS traffic, but should be used for other protocols that use SSL, such as Websockets and IMAP over SSL.
- SSL proxy can be deployed globally with instances in multiple regions, and the load balancer automatically directs traffic to the closest region that has capacity.
- It allows for end-to-end encryption for your SSL proxy deployment when you configure your backend service to accept traffic over SSL
TCP Proxy Load Balancing =
Global load balancing service for non-HTTP traffic that automatically routes to the instances that are closest to the user.
Network TCP Load Balancing
It is a regional, non-proxied (pass through), external or internal load balancer that helps load balance traffic on your systems based on incoming IP protocol data, including address, port, protocol type.
Network UDP Load Balancing
It is a layer 4 load balancer.
It is a regional, non-proxied (pass through), external or internal load balancer that helps load balance traffic on your systems based on incoming IP protocol data, including address, port, protocol type.