This page gives you a comparative overview of the load balancing features offered by Cloud Load Balancing. If you haven't already done so, begin by reading the following:
- To get an overview of the different load balancing solutions that are available in Google Cloud, see Cloud Load Balancing overview .
- To determine which Google Cloud load balancer best meets your application's needs, see Choose a load balancer .
In the following tables, a checkmark indicates that a feature is supported. For more information about a feature, click the info link.
Type of load balancer
Protocols from the clients to the load balancer
This table lists the protocols supported for communication between clients and the different load balancers.
HTTP (HTTP/1.1)
HTTPS (HTTP/1.1)
No QUIC support
No QUIC support for regional mode.
HTTP/2 over TLS
HTTP/2 over TCP, also known as H2C
gRPC 1
(H2C support for global and regional modes only)
(Only global and classic modes)
TCP only
Regional mode: TCP only
Global and classic
mode: SSL or TCP
1 To support gRPC clients, create an Application Load Balancer that supports HTTP/2 end-to-end (with or without TLS) .
2
The L3_DEFAULT
setting enables support for the
following additional IP protocols:
- For internal passthrough Network Load Balancers,
L3_DEFAULTenables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE . - For external passthrough Network Load Balancers,
L3_DEFAULTenables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .
3 TLS early data is supported for HTTPS over TCP (HTTP/1.1, HTTP/2) and HTTP/3 over QUIC.
Protocols from the load balancer to the backends
This table lists the IP protocol settings supported with backend services for different load balancers. For more reference information, see Backend services .
This table does not apply to Application Load Balancers with serverless NEG backends. The backend service protocol setting is ignored for these load balancers.
HTTP (HTTP/1.1)
HTTPS (HTTP/1.1)
HTTP/2 over TLS, including gRPC
HTTP/2 over TCP, also known as H2C
(H2C support for global and regional modes only)
SSL (TLS) or TCP
TCP only
Regional mode: TCP only
Global and classic
mode: SSL or TCP
1
The UNSPECIFIED
setting enables support for the
following additional IP protocols:
- For internal passthrough Network Load Balancers,
UNSPECIFIEDenables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE . - For external passthrough Network Load Balancers,
UNSPECIFIEDenables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6 .
Backends
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Backends can be in multiple regions
|
(Only cross-region mode) |
(Only global and classic mode) |
(Only cross-region mode) |
(Only global and classic mode) |
||
|
Backends must be in one region
|
(Only regional mode) |
(Only regional and classic mode) |
(Only regional mode) |
(Only regional and classic mode) |
info |
info |
|
Cloud Storage in backend buckets
|
(Only cross-region mode) |
(Only global and classic mode) |
||||
|
External endpoints in internet NEGs
|
(Only regional mode) |
( Global , regional , and classic modes) |
(Only regional mode) |
(Only regional mode) |
||
|
Multiple backend services and a URL map
|
||||||
|
Virtual machine backends on Compute Engine
|
||||||
|
Self-managed Kubernetes and GKE
|
||||||
GCE_VM_IP_PORT
endpoints
|
GCE_VM_IP_PORT
endpoints
|
GCE_VM_IP_PORT
endpoints
|
GCE_VM_IP_PORT
endpoints
|
GCE_VM_IP
endpoints
|
GCE_VM_IP
endpoints
|
|
|
(Only global and regional mode) |
(Only global and regional mode) |
|||||
|
Private external endpoints in hybrid NEG backends
|
info |
info |
info |
info |
||
|
Serverless backends
|
info |
info |
||||
|
info |
(Only global and regional modes) |
info |
(Only global and regional modes) |
info |
info |
|
|
info |
info |
Health checks
For links to reference information, see Health checks .
Health checks are not supported for internal and external Application Load Balancers that use serverless NEG backends.
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
gRPC health checks (without TLS)
|
2 | 2 | 2 | 2 | 1 | |
|
gRPC health checks (with TLS)
|
2 | 2 | 2 | 2 | 1 | |
|
HTTP health checks
|
3 |
(Only classic and regional mode) |
1 | |||
|
HTTPS health checks
|
3 |
(Only classic and regional mode) |
1 | |||
|
HTTP/2 health checks
|
(Only classic and regional mode) |
1 | ||||
|
SSL health checks
|
1 | |||||
|
TCP health checks
|
1 | |||||
|
Configurable request path (HTTP, HTTPS, HTTP/2)
|
||||||
|
Configurable request string or path (TCP or SSL)
|
||||||
|
Configurable expected response string
|
1 | |||||
|
(Only regional mode) |
(Only regional mode) |
1 This table documents health checks used by backend service-based external passthrough Network Load Balancers. Target pool-based load balancers support only legacy HTTP health checks .
2 Envoy-based regional load balancers (regional internal and external Application Load Balancers and regional internal and external proxy Network Load Balancers) that use hybrid NEG backends don't support gRPC health checks. For more information, see the Hybrid NEGs overview .
3 Regional external Application Load Balancer does not support legacy health checks. The global external Application Load Balancer and the classic Application Load Balancer support legacy health checks only if both of the following are true:
- The backends are instance groups.
- The backend virtual machine (VM) instances serve traffic that uses the HTTP or HTTPS protocol.
IP addresses
For links to reference information, see Addresses .
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Internal IP address, accessible in your VPC
network
|
||||||
|
External IP address (global anycast)
|
(Only global and classic 1 mode) |
(Only global and classic 1 mode) |
||||
|
External IP address (regional)
|
(Only regional and classic 2 mode) |
(Only regional and classic 2 mode) |
||||
|
External IP address from Bring your own IP (BYOIP)
|
(Only global and classic mode) |
(Only classic mode) |
||||
|
External IP address from Bring your own IPv6 (BYOIPv6)
|
(Only external 3 mode) |
|||||
|
Multiple forwarding rules with the same IP address, each having a
unique protocol and port combination
|
||||||
|
Internet accessible 4
|
||||||
|
Privately accessible
|
info 5 |
info 5 |
info 5 |
|||
|
Client source IP address preservation
|
X‑Forwarded‑For header | X‑Forwarded‑For header | PROXY protocol | PROXY protocol | ||
|
IPv6 address support
|
IPv6 termination (Only global and classic 1 mode) |
IPv6 termination (Only global and classic 1 mode) |
info |
info 1 |
1 Supported for Premium Tier.
2 Supported for Standard Tier.
3 External IP addresses from BYOIPv6 are not supported for target pool backends.
4 Internet access is also available for clients that are in Google Cloud.
5 Private access is available in the same VPC network and from any region with global access. In cross-region mode, global access is enabled by default.
Network topologies
Global mode: Premium Tier
Classic and regional mode: Premium or Standard Tier
Global mode: Premium Tier
Classic and regional mode: Premium or Standard Tier
(Only global and classic 2 modes)
1 Google Cloud or on-premises clients must access the load balancer privately by being either in the same VPC network, in a peered VPC network, or in another network connected using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs)
2 Supported for Premium Tier
3
For regional load balancers, the backend VM's nic0
must be in the same network and region used by the forwarding rule. For
cross-region load balancers, the backend VM's nic0
must be in the
same network used by the forwarding rule.
4
The load balancer only sends traffic to the first network
interface ( nic0
), whichever VPC network that nic0
is in.
5
The load balancer only sends traffic to the first network
interface ( nic0
) of the backend VM.
Failover and availability
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Load balancer is resilient to zonal outages
Automatic failover to healthy backends within same region |
||||||
|
Load balancer is resilient to regional outages
Automatic failover to healthy backends in other regions |
(Only cross-region mode) |
(Only global and classic 1 modes) |
(Only cross-region mode) |
(Only global and classic 1 modes) |
||
|
Support for active-active high availability configuration
|
info |
(Only in regional mode) |
||||
|
Support for active-passive failover configuration
|
Only in global mode |
|||||
|
Behavior when all backends are unhealthy
|
info |
info |
info |
info |
info (configurable) |
info (configurable 2 ) |
|
Configurable standby backends
|
info (configurable) |
info (configurable 3 ) |
||||
|
Connection draining on failover and failback
|
info (configurable) |
info (configurable 4 ) |
1 Supported for Premium Tier.
2 When all the backends of a target pool-based external passthrough Network Load Balancers are unhealthy, traffic is distributed among all backends.
3 Target pool-based external passthrough Network Load Balancers use backup pools to support failover.
4 Target pool-based external passthrough Network Load Balancers don't support configuration of connection draining on failover.
Monitoring
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Byte count metrics
|
info |
info |
info |
info |
info |
info |
|
Packet count metrics
|
info |
info |
||||
|
Round trip time (RTT) metrics
|
info |
info |
||||
|
Request latency metrics
|
info |
info |
info |
|||
|
Connection count metrics
|
info |
info |
||||
|
HTTP request count metrics
|
info |
info |
Logging
Session affinity
For detailed information, see Session affinity .
For links to reference information, see Backend services .
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Headers
|
(Only global and regional mode) |
|||||
|
HTTP cookie
|
(Only global and regional) |
|||||
|
Generated cookie
|
||||||
|
Stateful cookie
|
|
(Only global and regional) |
||||
|
Client IP, no destination (1-tuple)
CLIENT_IP_NO_DESTINATION
|
info |
|||||
|
Client IP, Destination IP (2-tuple)
CLIENT_IP
|
1 | 1 | ||||
|
Client IP, Destination IP, Protocol (3-tuple)
CLIENT_IP_PROTO
|
1 | 1 | ||||
|
Client IP, Client Port, Destination IP, Destination Port, Protocol
(5-tuple)
CLIENT_IP_PORT_PROTO
|
1,2 | 1,2 | ||||
|
None (5-tuple)
NONE
|
3 | 3 |
1 Setting session affinity is only meaningful if the protocol uses sessions—for example, TCP.
2 If the protocol does not have a concept of ports or if the packet does not carry port information (subsequent UDP fragments, for example), then a 3-tuple hash of the Client IP, Destination IP, and protocol is used instead.
3
If the protocol has a concept of ports and the packet carries port
information, then None
is a 5-tuple hash. If the protocol does not have a
concept of ports or if the packet does not carry port information (for example,
subsequent UDP fragments), then None
is a 3-tuple hash of the Client IP,
Destination IP, and protocol.
Load balancing methods
For detailed information, see the Backend services overview .
For links to reference information, see Backend services .
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Balancing mode: connection
|
||||||
|
Balancing mode: rate (requests per second)
|
1 | 1 | ||||
|
Balancing mode: backend utilization
(instance group backends only) |
1 | 1 | ||||
|
Configurable maximum capacity per backend instance group or NEG
|
1 | 1 | ||||
|
Circuit breaking
|
1 |
(Only regional mode) |
(Only regional mode) |
|||
|
Prefers region closest to client on the internet 2
|
(Only global and classic 3 modes) |
(Only global and classic 3 modes) |
||||
|
Prefers region closest to the load balancer 2
|
(Only global and classic 3 modes) |
(Only classic 3 modes) |
||||
|
Weight-based load balancing
|
(Only global and regional modes) |
4 | ||||
|
Within zone/region load balancing policy
|
info |
info |
info |
info |
info |
info |
1 This feature is not supported with load balancers that use serverless NEG backends.
2 When the closest region is at capacity or isn't healthy, the load balancer prefers next closest region.
3 Supported for classic load balancers in Premium Tier only.
4 This feature is not supported with target pool-based external passthrough Network Load Balancers.
Routing and traffic management
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
HTTP or layer 7 request routing
|
info |
info |
||||
|
Fault injection
|
info |
(Only global and regional modes) |
||||
|
Configurable timeouts
|
info |
info |
info |
info |
||
|
Retries
|
info |
info |
||||
|
Redirects
|
info |
global classic regional |
||||
|
URL rewrites
|
info |
global classic regional |
||||
|
Request and response header transformations
(configured on the URL map) |
info |
(Only global and regional modes) |
||||
|
Traffic splitting
|
info |
(Only global and regional modes) |
||||
|
Traffic mirroring
|
info 1 |
(Only global and regional modes) |
(Only regional mode) |
|||
|
Outlier detection
|
info |
(Only global and regional modes) |
||||
|
Retry failed requests
|
info |
(Only global and regional modes) |
||||
|
Custom request and response headers
(configured on the backend service) |
(Only global and regional modes) |
|||||
|
Custom error responses
|
(Only global mode) |
|||||
|
Service load balancing policy
|
(Only cross-region mode) |
(Only global mode) |
(Only cross-region mode) |
(Only global mode) |
||
|
Connection tracking policy
|
info |
info 1 |
||||
|
Source IP-based traffic steering
|
info 2 |
1 This feature is not supported with load balancers that use serverless NEG backends.
2 This feature is supported by backend service-based external passthrough Network Load Balancers . Target pool-based load balancers don't support this feature.
For traffic management features available with Cloud Service Mesh, see Cloud Service Mesh features: Routing and traffic management .
Autoscaling and autohealing
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Managed instance group autoscaling based on load balancer serving
capacity
|
(Only global and classic modes) | |||||
|
Autohealing (native to managed instance groups and GKE)
|
||||||
|
Connection draining
|
1 |
Security
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Google-managed SSL certificates
|
info |
info 1 |
(Only global and classic mode) 2 |
|||
|
CORS
|
info |
(Only global and regional modes) |
||||
| 3 | ||||||
|
Google Cloud Armor
|
info |
info |
(Only global and classic mode) |
info |
||
|
SSL offload
|
(Only global and classic modes) 2 |
|||||
|
SSL policies
(TLS version and cipher suites) |
info |
info |
info (Only global and classic modes) 2 |
|||
|
Frontend mutual TLS
|
info |
info |
1 Global external Application Load Balancers and classic Application Load Balancers support both Compute Engine and Certificate Manager Google-managed SSL certificates, whereas regional external Application Load Balancers support only Certificate Manager Google-managed certificates.
2 Supported only if the load balancer is configured with a target SSL proxy.
3 IAP is incompatible with Cloud CDN.
Google Cloud Armor protection for external load balancers
Cloud Armor provides both always-on and user-configurable DDoS protections for all external load balancers, and user-configurable security policy rules depending on the type of load balancer.
- Backend security policy
- Edge security policy
- Backend security policy
- Edge security policy
- Regional backend security policy
- Backend security policy
- Backend security policy
- Network edge security policy
You can also configure advanced network DDoS protection for external passthrough Network Load Balancers , protocol forwarding , or VMs with public IP addresses. For more information about advanced network DDoS protection, see Configure advanced network DDoS protection .
Cross-product integrations
| Internal | External | Internal | External | Internal | External | |
|---|---|---|---|---|---|---|
|
Cloud CDN
|
(Only global and classic 1 modes) |
|||||
|
Service Extensions plugins and callouts
|
info |
info |
||||
|
Internal Compute Engine DNS names
|
(Only regional mode) |
(Only regional mode) |
info |
|||
|
Automatic Service Directory registration (Preview)
|
info |
info |
||||
|
App Hub
integration
|
info |
info |
info |
info |
info |
info |
1 Supported for Premium Tier
What's next
For detailed information about each load balancer, see the following:
- External Application Load Balancer overview (global, classic, and regional)
- Internal Application Load Balancer overview (regional and cross-region)
- External proxy Network Load Balancer overview (global, classic, and regional)
- Internal proxy Network Load Balancer overview (regional and cross-region)
- External passthrough Network Load Balancer overview
- Internal passthrough Network Load Balancer overview
