Google Cloud Load Balancer

From Luis Gallego Hurtado - Not Another IT guy
Jump to: navigation, search


  • Ability to distribute load-balanced compute resources in single or multiple high availability regions
  • Scalable software defined - it is not instance or device based, so you do not need to manage a physical load balancing infrastructure.
  • It can put your resources behind a single anycast IP address and to scale your resources up or down with intelligent Autoscaling.
  • It supports almost all protocols.
  • Ability to serve content as close as possible to your users, on a system that can respond to over 1 million queries per second
  • Cloud Load Balancing is fully integrated with Cloud CDN for optimal content delivery.
  • Load distribution algoritm within backend instances (param balancingMode) based on Requests per second (RPS) or CPU utilization.

Types of Cloud Load Balancing

GCP-Cloud-Balancers 1197x791.png

Global and regional load balancing

  • Health Checks
  • Autoscaling

Global load balancing

You should use it when you need access to the same applications and content or need IPv6.

  • Users and instances are globally distributed
  • Single anycast IP address
  • IP address and cookie-based affinity
  • IPv6 and IPv4 client termination
  • Connection draining (process that ensures that existing, in-progress requests are given time to complete when a VM is removed from an instance group or when an endpoint is removed from a zonal NEG).
  • Monitoring and logging
  • Load balancing for cloud storage
  • Cross-region overflow and failover
  • It requires Premium Tier of Network Service Tiers.

Regional load balancing

Regional load balancing is used when users and instances are concentrated in one region and you only require IPv4 termination.

  • Internal HTTP/HTTPS, TCP/UDP Load Balancing
  • External UDP or TCP traffic
  • Instances in one region
  • Single IP address per region
  • Session affinity
  • IPv4 only
  • Standard Tier of Network Service Tiers

External and Internal load balancing

External Load Balancer

External load balancers distribute traffic coming from the internet to your Virtual Private Cloud (VPC).

  • Based on incoming IP protocol data: address, port and protocol type.

Internal Load Balancer

Internal load balancers distribute traffic within your Virtual Private Cloud (VPC).

  • There is not hops, but just routing, so latency is improved.
  • It cannot hop to IP of manually configured route.
  • It cannot send traffic through VPN tunnel to load balancer IP.
  • A maximum number o 50 internal load balancer forwarding rules is allowed per network.
  • A maximum number of 250 backends is allowed per internal load balancer forwarding rule.
  • Selection algorithm: by default, algorithm uses a 5-tuple hash (client IP, client port, destination IP i.e. load balancing IP, destination port, protocol).
  • Controlling how traffic directs to backend can be done with session affinity, based on 3-tuple (client IP, destination IP, protocol) or 2-tuple (client IP, destination IP).

Traffic type

  • External Global Load Balancer: HTTP/HTTPS, TCP, SSL non HTTP.
  • External Regional Load Balancer: TCP, UDP.
  • Internal Regional Load Balancer: HTTP/HTTPS, TCP, UDP.

HTTP(S) Load Balancing

It balances HTTP and HTTPS traffic (layer 7) across multiple backend instances and across multiple regions using a single global IP address, which simplifies DNS setup

  • Global Forwarding Rule route traffic by IP address, port, and protocol to a load balancing target proxy
  • Target Proxies route incoming requests to a URL map
  • URL Map allows traffic to be directed to different matched backend instances or storage buckets.
  • Backend Services are VM instances groups (defined in GCE) configured to deliver files
  • Health Checks determine whether VM instances respond properly to traffic
  • Session affinity based on either client IP or generated cookie.
  • Firewall rules in the operating system will be configured automatically to allow load balanced traffic on using public operating system images supplied by Google Compute Engine. Custom images require to manually setup system firewall.
  • HTTP(S) load balancer does not support sending an HTTP DELETE with a body to the load balancer.
  • HTTPS load balancer uses a target HTTPS proxy and requires a SSL certificate.
  • Websocket protocol is natively supported. Longer-lived connections are supported by increasing timeout value (timeoutSec parameter in API).
  • Default response timeout of 30 seconds. TCP session timeout is 600 seconds (10 minutes) by default.
  • It retries failed GET requests, but not failed POST requests.
  • Supports logging with Stackdriver, on setting up the backend services.

Scaling based on HTTP(S) load

Within the backend service, you can define the load balancing serving capacity of the instance groups associated with the backend.

When you attach an autoscaler to an HTTP(S) load balancer, the autoscaler will scale the managed instance group to maintain a fraction of the load balancing serving capacity.

Autoscaling only works with maximum CPU utilization and maximum requests per second/instance because the value of these settings can be controlled by adding or removing instances.

Illegal Requests Handling: blocks

  • It cannot parse first line of request.
  • A header is missing the ":" delimiter.
  • Headers or first line contain invalid characters.
  • Content length is not a valid number, or there are multiple content length headers.
  • There are multiple transfer encoding keys, or there are unrecognized transfer encoding values.
  • There's a non-chunked body and no content length is specified.
  • Body chunks are un-parseable.
  • Combination of request URL and headers is longer than about 15KB.
  • Request method does not allow a body, but request has one.
  • Request contains an upgrade header.
  • HTTP version is unknown.

TCP Load Balancing

It is a layer 4 load balancer.

Only specific sets of ports are supported for SSL proxy and TCP proxy: 25, 43, 110 143, 195, 443 465, 587, 700, 993, 1883, 5222.

SSL Proxy Load Balancing

It allows you to enable encryption between your clients and the load balancing layer for non-HTTP(S) traffic.

  • With SSL Proxy Load Balancing, SSL connections are terminated at the load balancing layer then proxied to the closest available instance group.
  • SSL Proxy Load Balancing can handle HTTPS traffic, but should be used for other protocols that use SSL, such as Websockets and IMAP over SSL.
  • SSL proxy can be deployed globally with instances in multiple regions, and the load balancer automatically directs traffic to the closest region that has capacity.
  • It allows for end-to-end encryption for your SSL proxy deployment when you configure your backend service to accept traffic over SSL

TCP Proxy Load Balancing =

Global load balancing service for non-HTTP traffic that automatically routes to the instances that are closest to the user.

Network TCP Load Balancing

It is a regional, non-proxied (pass through), external or internal load balancer that helps load balance traffic on your systems based on incoming IP protocol data, including address, port, protocol type.

Network UDP Load Balancing

It is a layer 4 load balancer.

It is a regional, non-proxied (pass through), external or internal load balancer that helps load balance traffic on your systems based on incoming IP protocol data, including address, port, protocol type.