HTTPs Load Balancer – External Load Balancer GCP
Also Read SSL Proxy Load Balancer
VPCs are Global, Geo Load Balancing is Simplified
Since VPC networks can span the entire globe, you can have a set of servers in Asia (say Mumbai) and another set in the U.S. - that are part of the same private IP Address Space.
The Google Cloud Load Balancer can present a single IP for these two distributed set of instances. It will automatically forward traffic to the instances that are the closest to the end user (geographically), without having to setup DNS-based load balancing.
Web Tier / Web Layer (HTTP/S load balancing)
The two most common use cases here are geographical load distribution and content-type load distribution.
Both are supported by the HTTPs External Load Balancer.
What exactly IS the HTTPs external load balancer?
- It is a proxy-based Layer 7 load balancer
- It fronts a single external IP address.
- It can distribute HTTP and HTTPS traffic to backends hosted on Compute Engine and GKE
- It is implemented on Google Front Ends (GFEs). GFEs are distributed globally and operate together using Google’s global network and control plane.
- In the Premium Tier, GFEs offer global load balancing
- With Standard Tier, the load balancing is handled regionally.
- It supports content-based load balancing using URL maps to select a backend service based on the requested host name, request path, or both.
- The following can be the backend to an HTTP load balancer:
- Instance groups
- Zonal network endpoint groups (NEGs)
- Serverless NEGs: One or more App Engine, Cloud Run, or Cloud Functions services
- Internet NEGs, for endpoints that are outside of Google Cloud (also known as custom origins)
- Buckets in Cloud Storage
Does the External load balancer support session affinity?
- Yes. In the event that target backend instance fails a health check, the session is lost and a new VM target is chosen.
How exactly does it support Session Affinity?
- It uses host headers. The external LB preserves the Host header of the original client request. In addition, it appends two IP addresses (Client IP and LB IP)to the
X-Forwarded-Forheader
Does the External load balancer support SSL Offloading?
- Yes - TLS versions 1.0 and above
What IS SSL offloading or SSL Termination?
When TLS terminates at your load balancer, the main backend server is no longer required to decrypt traffic. This takes load off your main backend server.
Does the External load balancer support Web Sockets?
- Yes.
How do SSL policies work in HTTPs Load Balancer (or SSL Proxy)?
SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates. In this document, the term "SSL" refers to both the SSL and TLS protocols.
Enable SSL policies using the gcloud command line tool when you create an HTTPS or SSL load balancer or at any time after you create the load balancer.
gcloud compute ssl-policies create NAME \
--profile COMPATIBLE|MODERN|RESTRICTED|CUSTOM \
[--min-tls-version 1.0|1.1|1.2] \
[--custom-features FEATURES]
Which Load Balancer for which app tier?
At a high level , these are the Load balancers to use for each app tier (straight from google docs)
- Web tier: Traffic enters from the internet and is load balanced by using an external HTTP(S) load balancer.
- Application tier: The application tier is scaled by using a regional internal HTTP(S) load balancer.
- Database tier: The database tier is scaled by using an internal TCP/UDP load balancer.
Leave a Reply