With Network Load Balancing, Google Cloud customers have a powerful tool for distributing external TCP and UDP traffic among virtual machines in a Google Cloud region. In order to make it easier for our customers to manage incoming traffic and to control how the load balancer behaves, we recently added support for backend services to Network Load Balancing. This provides improved scale, velocity, performance and resiliency to our customers in their deployment—all in an easy to manage way.
As one of the earliest members of the Cloud Load Balancing family, Network Load Balancing uses a 5-tuple hash consisting of the source and destination IP address, protocol and source and destination ports. Network load balancers are built using Google’s own Maglev, which load-balances all traffic that comes into our data centers and front-end engines at our network edges, and can scale to millions of requests per-second, optimizing for latency and performance with features like direct server return, and minimizing the impact of unexpected faults on connection oriented protocols. In short, Network Load Balancing is a great Layer-4 load balancing solution if you want to preserve a client IP address all the way to the backend instance and perform TLS termination on the instances.
We now support backend services with Network Load Balancing—a significant enhancement over the prior approach, target pools. A backend service defines how our load balancers distribute incoming traffic to attached backends and provides fine-grained control for how the load balancer behaves. This feature now provides a common unified data model for all our load-balancing family members and accelerates the delivery of exciting features on Network Load Balancing.
As a regional service, a network load balancer has one regional backend service. In this blog post, we share some of the new features and benefits you can take advantage of with regional backend services and how to migrate to them. Then, stay tuned for subsequent blogs where we’ll share some novel ways customers are using Network Load Balancing, upcoming features and ways to troubleshoot regional backend services.
Regional backend services bring the benefits
Choosing a regional backend service as your load balancer brings a number of advantages to your environment.
Out of the gate, regional backend services provide:
- High-fidelity health checking with unified health checking – With regional backend services you can now take full advantage of load balancing health check features, freeing yourself from the constraints of legacy HTTP health checks. For compliance reasons, TCP health checks with support for custom request and response strings or HTTPS were a common request for Network Load Balancing customers.
- Better resiliency with failover groups – With failover groups, you can designate an Instance Group as primary and another one as secondary and failover the traffic when the health of the instances in the active group goes below a certain threshold. For more control on the failover mechanism, you can use an agent such as keepalived or pacemaker and have a healthy or failing health check exposed based on changes of state of the backend instance.
- Scalability and high availability with Managed Instance Groups – Regional backend services support Managed Instance Groups as backends. You can now specify a template for your backend virtual machine instances and leverage autoscaling based on CPU utilization or other monitoring metrics.
In addition to the above you will be able to take advantage of Connection Draining for connection oriented protocol (TCP) and faster programming time for large deployments.
Migrating to regional backend services
You can migrate from target pools to regional backend services in five simple steps.
1.Create unified health checks for your backend service.
gcloud compute health-checks create tcp my-tcp-health-check --port 7 --region us-central1 Created [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regional/healthChecks/my-tcp-health-check]. NAME PROTOCOL PORT my-tcp-health-check TCP 7
2. Create instance-groups from existing instances in the target pool
gcloud compute instance-groups unmanaged add-instances us-ig1 --instances ig-us-central1-1,ig-us-central1-2 --zone us-central1-a Updated [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/us-central1-a/instanceGroups/us-ig1].
gcloud compute instance-groups unmanaged add-instances us-ig2 --instances ig-us-central1-3,ig-us-central1-4 --zone us-central1-b Updated [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/ig-us-central1-b/instanceGroups/us-ig2].
3. Create a backend service and associate it with the newly created health checks.
gcloud compute backend-services create my-backend-service --region us-central1 --health-checks my-tcp-health-check --health-checks-region us-central1 --load-balancing-scheme external Created [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/us-central1/backendServices/my-backend-service]. NAME BACKENDS PROTOCOL my-backend-service TCP
4. Configure your backend service and add the instance groups.
gcloud compute backend-services add-backend my-backend-service --instance-group us-ig1 --instance-group-zone us-central1-a --region us-central1 Updated [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/us-central1/backendServices/my-backend-service].
gcloud compute backend-services add-backend my-backend-service --instance-group us-ig2 --instance-group-zone us-central1-b --region us-central1 Updated [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/us-central1/backendServices/my-backend-service].
5. Run get-health on your configured Backend Services to make sure the set of backends are accurate and health-status determined. Then use the set-target API to update your existing forwarding rules to the newly created backend service.
gcloud compute beta forwarding-rules set-target network-lb-forwarding-rule --region us-central1 --backend-service my-backend-service Updated [https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/regions/us-central1/forwardingRules/network-lb-forwarding-rule]. ---
UDP with regional backend services
Google Cloud networks forward UDP fragments as they arrive. In order to forward the UDP fragments of a packet to the same instance for reassembly, set session affinity to None (NONE). This indicates that maintaining affinity is not required, and hence the load balancer uses a 5-tuple hash to select a backend for unfragmented packets, but 3-tuple hash for fragmented packets.
With support for regional backend services with Network Load Balancing, you can now use high-fidelity health checks including TCP, getter better performance in programming times, use a uniform data model for configuring your load-balancing backends be they Network Layer Load Balancing or others, get feature parity with Layer 4 Internal Load Balancing with support for connection draining and failure groups.
Learn more about regional backend services here and get a head start on your migration. We have a compelling roadmap for Network Load Balancing ahead of us, so stay tuned for more updates.
By Babi Seal(Product Manager, Load Balancing) and Jens Kuehlers(Cloud Solutions Architect)
Source: Google Cloud Blog