We are in process of setting up an infrastructure where we have several services hosted and we have separate Internal Load Balancer for each service.
If we have global Load balancer in front of internal load balancer. Can someone please help and tell me how the various services can communicate with each other. Would it be via global HTTP LB ? Is this the right approach. Would really appreciate your help.
I expect your "global load balancer" is set up with a global external IP and so reachable by external clients via the internet.
If you use an internal load balancer to further distribute the load to instances within your VPC inside the GCP project, there is no need to call the external IP to communicate with other services inside your GCP project.
You can directly execute calls against the IP address of the internal load balancer.
Note you can either let GCP allocate any free IP address within your VPC, or you can select the IP address within the address range of the selected VPC.
See also the following documentation about internal load balancers:
https://cloud.google.com/compute/docs/load-balancing/internal/
You can't reuse the same Instance Group as backend for HTTP(S) Load Balancing and for an Internal Load Balancer.
What you can do is use HTTP(s) Load Balancing for both internal and external clients.
Otherwise, you can run a HTTP proxy service in the HTTP(s) Load Balancing backends, and forward the requests to the internal load balanced IP.
Related
I am trying to find out a way for implementing regional load balancing in different regions and I want all regional load balancers under a one unicast IP address globally (internal), which is the best way to do this,
Thanks in advance
Internal Load Balancers are regional & In GCP it is not possible to make an internal Load Balancing like a floating IP.
Internal Load Balancers distribute traffic to instances inside of Google Cloud.
External Load Balancers distribute traffic coming from the internet to your Google Cloud Virtual Private Cloud (VPC) network. Global Load Balancing requires that you use the Premium Tier of Network Service Tiers. For regional Load Balancing, you can use Standard Tier.
For more information find the link.
I have created 2 VMs (Webserver) in GCP on one region & TCP internal load balancer configured in the same region and created another vm on another region(southeast asia). Now, I am not able to ping load balancer IP but I am able to ping the webserver IP.
Webserver1---region :us-central ----10.128.0.5 &
Webserver2---region: us-central------10.128.0.6 &
Internal load balancer ip----------10.128.0.13
Test machine---region: southeast asia----10.148.0.5
I understand that by "pinging the load balancer " you mean you want to check the healt of the load balancer.However pinging a load balancer is not possible as it is a virtual part of a network and it is not a seperate device.however u can check the health of the load balancer using the instrucctions from the following docs.
https://cloud.google.com/load-balancing/docs/internal/setting-up-internal
hope that was helpful.
GCP internal load balancer by design handles traffic within the same region. As your test machine is in a different region(Southeast-asia), you cannot ping the internal load balancer which is present in the US-CENTRAL1 region.
Internal HTTP(S) Load Balancing distributes HTTP and HTTPS traffic to backends hosted on Compute Engine and Google Kubernetes Engine (GKE). The load balancer is accessible only in the chosen region of your Virtual Private Cloud (VPC) network on an internal IP address.
Kindly refer to the below link for:
Internal TCP/UDP Load Balancing overview :
https://cloud.google.com/load-balancing/docs/l7-internal
Troubleshooting Internal TCP/UDP Load Balancing
https://cloud.google.com/load-balancing/docs/internal/troubleshooting-ilb
Is it possible in GCP to create an internal load balancer that balances the traffic between two Compute Instances in different regions?
Two instances (written NAT on them) are in different regions (e.g one in us-central1 and other in asia-south1) serving something on the same ports and the internal load balancer (e.g with IP: 170.0.0.4) is accepting requests from the clients and forwarding them to these VMs.
This would help in creating a highly available service (NAT in this case) that will work even when one VM or the service or region is down.
EDIT:
Adding some more details here:
Both VMs and the Load Balancer have internal IPs.
Both VMs and the Load Balancer are in the same VPC network
I need a layer 7 (HTTP(S)) internal lLoad balancer.
Internal Load balancing is only regional and since you want to have back-end in different regions it will still work but you will have to set up one by yourself.
It's not possible "out of the box".
You can have a look at the Internal Load Balacing documentation which explains how this works and why. Here's also a table with available Load balancing options.
If you want to configure your own LB then maybe try Envoy Proxy (or Nginx, or any solution you want).
In essence - unless you set up your own load balancer GCP doesn't have the functionality.
You could also use external load balancer (which is risky) and use it to load balance traffic and restrict external traffic to your instances (just a bunch of known IP's or ranges).
With only two endpoints, it is impossible to use a load-balancer, because there is nothing to balance. You could only put both of them behind a load balancer, then it could balance their traffic. Moving both into the same region might be the only option to use the internal load balancer, but also here, the servers need to be put behind it.
I managed to set up autoscaling based on an external load balancer, but I didn't find a way to do the same for an internal load balancer.
Is this feature supported, how to go about auto-scaling my instance group based on the internal load balancer?
The issue is, when you configure an instance group to scale by HTTP requests, you need an HTTP load balancer, which is internet facing, So, the UDP load balancer, which can be internal doesn't work for that.
The Internal Load Balancer uses a backend service which can use a managed instance group. You can assign a managed instance group to the backend or target pools of both internal and network load balancers.
Keep in mind that the Network Load Balancer uses target pools instead of backend services, but target pools can use managed instance groups as well.
Take a look at the documentation for more details. Alternatively I found this and this posts that I believe can be useful to you.
From your last comment:
I'm not able to setup a TCP load balancer which has a backend service, I only get a REGIONAL backend service, which doesn't support http load balancing..
As stated in the Internal Load Balancing Concepts, "internal client requests stay internal to your VPC network and region", so there is neither need of HTTP here, nor a multi-regional setup.
On the same page, under section "About Internal Load Balancing", the schema shows a classic load balancing architecture, featuring one global (http) and multiple internal (tcp/udp) load balancers for each region.
Further on, under "Deploying Internal Load Balancing with clients across VPN or Interconnect", the following is stated in an "Important" note:
Internal Load Balancing is a regional product. [...] An internal load balancer cannot forward or receive traffic to and from VM instances in other regions.
Basically, if your managed instance group has instances across multiple regions, then you need an external load balancer, but if all your instances are within the same region (instances can be split across zones within this same region, e.g. us-west1-a/b/c), then you can rely on an internal load balancer.
I have created one internal load balancer and application deployed on that internal network. For testing purpose I have created one instance in same VPC called "instance1". I am able to curl to load balancer from this instance1 but I am not able to ping this internal load balancer from outside of VPC.
My future plan is to deploy UI on external load balancer and call internal load balancer from there.
Query is, as I am not able to connect to internal load balancer from outside how my UI instance will be able to do the same.
Internal Loadbalancers are for internal connections only. For reaching out your load balancer from a different network, you can use VPC Peering (connect two GCP network) or use Interconnect products (VPN or Direct connection) for secured/dedicated intranet access.
If your application is intended to be accessible from the outside world (the internet), you can use an external load balancer (Layer 4 or Layer 7 if your application is HTTP based).