Load Balancing Overview: Google Cloud Associate Cloud Engineer Study Guide
Google Cloud Load Balancing (GCLB) is a fully distributed, software-defined managed service. Unlike traditional hardware-based load balancers, GCLB is not an “appliance” in a single rack. It is part of the Google Front End (GFE) and Andromeda network virtualization stack, allowing it to handle massive traffic spikes without manual scaling.
The Analogy: The Grand Hotel Concierge
Imagine a massive global hotel (Google Cloud). Guests (Users) arrive at the front door from all over the world. Instead of one person trying to check everyone in, there is a Global Concierge (Global Load Balancer) at the entrance.
- The Concierge knows which floors (Regions) are full.
- If the guest speaks “HTTP,” they are sent to the Buffet (Port 80/443).
- If the guest is a VIP (Premium Tier), they are whisked through a private elevator (Google’s Backbone Network).
- If a specific kitchen (Server/Instance) is on fire (Fails Health Check), the Concierge immediately stops sending guests there and directs them to a working kitchen nearby.
Core Concepts & Google Best Practices
- Reliability: Use Health Checks to ensure traffic only reaches healthy backends. Without a health check, the LB will continue sending traffic to crashed instances.
- Scalability: Integrate with Managed Instance Groups (MIGs) and Autoscaling. The LB distributes traffic, while the MIG adjusts the number of instances based on CPU or load.
- Security: Cloud Armor integrates directly with External HTTP(S) Load Balancers to provide DDoS protection and WAF capabilities.
- Cost Optimization: Choose between Standard Tier (uses public internet) and Premium Tier (uses Google’s high-performance fiber) based on budget and latency needs.
Detailed Comparison: Load Balancer Types
| Feature | HTTP(S) Load Balancing | SSL / TCP Proxy | Network Load Balancing |
|---|---|---|---|
| Layer | Layer 7 (Application) | Layer 4 (Transport) | Layer 4 (Transport) |
| Scope | Global or Regional | Global | Regional |
| Traffic Type | HTTP, HTTPS, HTTP/2 | TCP with/without SSL | TCP, UDP, ICMP |
| IP Address | Anycast IP (Single Global IP) | Anycast IP (Single Global IP) | Regional IP |
| Best Use Case | Web Applications, Microservices | Non-HTTP traffic, Global reach | High performance, UDP, Gaming |
Decision Matrix: “If/Then” for the ACE Exam
| If the requirement is… | Then use… |
|---|---|
| Global traffic routing for a website | External HTTP(S) Load Balancer |
| Internal traffic between two VPC tiers | Internal HTTP(S) or TCP/UDP Load Balancer |
| Support for UDP traffic (like DNS or VoIP) | Network Load Balancer (Regional) |
| Client IP preservation (Passthrough) | Network Load Balancer |
| SSL termination at the Load Balancer | HTTP(S) or SSL Proxy Load Balancer |
Exam Tips: Golden Nuggets
- Health Checks: If instances are showing as “Unhealthy,” check your Firewall Rules. You must allow traffic from Google’s probe IP ranges (e.g.,
35.191.0.0/16and130.211.0.0/22). - Anycast IP: Only Global Load Balancers (HTTP(S), SSL Proxy, TCP Proxy) use a single Anycast IP address to route users to the nearest healthy region.
- Network LB vs. Proxy: Network LB is passthrough (it doesn’t terminate the connection). Proxies terminate the connection and open a new one to the backend.
- Session Affinity: Use this when a user must stay connected to the same backend instance for the duration of their session.
GCP Load Balancing Architecture Flow
Request Flow: User -> Global IP -> Forwarding Rule -> Target Proxy -> Backend Service -> Instances
Key GCP Services
- Cloud Armor: WAF & DDoS protection.
- Cloud CDN: Cache content at Edge.
- Cloud Storage: Backend buckets for static sites.
- Identity-Aware Proxy (IAP): Secure access control.
Common Pitfalls
- Forgetting to open Firewall ports for Health Checks.
- Using Regional LB for a Global audience (Latency).
- Mismatching the LB type with the protocol (e.g., trying to use HTTP LB for UDP).
Architecture Patterns
- Multi-Region: HTTP(S) LB with MIGs in us-east1 and europe-west1.
- Internal Tier: Internal TCP/UDP LB between App and DB layers.
- Static Site: HTTP(S) LB with Cloud Storage Backend.