1 - 5 - Defining and Implementing Networks - 5. Load Balancing
_________ __________ ___________ is a regional, non-proxied load balancing service.
Network load balancing
The balancing mode can be based on ____ _____________ or requests per second (RPS).
CPU utilization
____________________________ uses Google's globally distributed edge points of presence to cache external HTTP(S) load balanced content close to your users. Caching content at the edges of Google's network provides faster delivery of content to your users while reducing serving costs.
Cloud CDN (Content Delivery Network)
_______________________ is an asynchronous messaging service that decouples services that produce events from services that process events. You can use Pub/Sub as messaging-oriented middleware or event ingestion and delivery for streaming analytics pipelines.
Cloud Pub/Sub
IPv6 termination for load balancing
For example, in this diagram there is a website www.example.com that is translated by Cloud DNS to both an IPv4 and IPv6 address. This allows a desktop user in New York and a mobile user in Iowa to access the load balancer through the IPv4 and IPv6 addresses, respectively. But how does the traffic get to the backends and their IPv4 addresses? Well, the load balancer acts as a reverse proxy, terminates the IPv6 client connection, and places the request into an IPv4 connection to a backend. On the reverse path, the load balancer receives the IPv4 response from the backend and places it into the IPv6 connection back to the original client. In other words, configuring IPv6 termination for your load balancers lets your backend instances appear as IPv6 applications to your IPv6 clients.
_____ _________ ________ is a regional load balancer that enables you to run and scale your services behind an internal load balancing IP address that is accessible only to your internal virtual machine (VM) instances.
Google Cloud Internal TCP/UDP Load Balancing
_____ _______ ________ _______ _________ is not based on a device or a VM instance. Instead, it is a software-defined, fully distributed load balancing solution.
Google Cloud internal load balancing
Now, in order to decide which load balancer best suits your implementation of GCP, consider the following aspects of Cloud Load Balancing: ________ versus ________ load balancing, ________ versus ________ load balancing, and the traffic type.
global versus regional, external versus internal
A _________ ____________ polls instances attached to the backend service at configured intervals.
health check
When you create an instance group, the final step is to consider creating a ________ _________ to determine which instances should receive traffic.
health check
The backend services contain a ____________ ______, _______ ________ , a timeout setting and one or more backends.
health check, session affinity
In order to create a managed instance group, you first need to create an ________ ___________ .
instance template.
The regional load balancers are the ______ _______/_______ , the ____ ____/______ and the _________ ________ load balancers
internal TCP/UDP network TCP/UDP internal HTTP(S)
sometimes it's useful to combine an __________ ______ __________ load balancer to support 3-tier web services.
internal and external
The client SSL session terminates at the ___________ _______________.
load balancer.
SSL proxy load balancer terminates user SSL connections at the _____ _______ layer
load balancing
If you need to specify a group of backend endpoints or services, you can use a ______ ____________ ________ ___________ configuration object.
network endpoint group (or NEG)
If vulnerabilities arise in the SSL or TCP stack, GCP will apply ________ at the load balancer automatically in order to keep your instances safe.
patches
Cloud CDN caches content at the edges of Google's network ______ _______ ___________ of content to your users while reducing serving costs.
providing faster delivery
The internal HTTP(S) load balancer is a proxy-based Layer 7 load balancer that enables you to run and scale your services behind a private load balancing IP address that is accessible only in the load balancer's ___________ in your VPC network.
region
Cloud Load Balancing gives you the ability to ________ your resources up or down with intelligent autoscaling.
scale
You can automatically _________ the number of instances in the group.
scale
Cloud Armor uses _______ ___________ to deny or allow access to your HTTP(S) load balancer.
security policies
You can reduce the management overhead for your virtual machine instances by using _____ _______ _________ on your instances.
self-signed certificates
A ___________ NEG points to Cloud Run, App Engine, and Cloud Functions services residing in the same region as the NEG.
serverless
___________ NEGs don't contain endpoints.
serverless
An HTTP(S) load balancer requires at least one _____ _______ ________installed on the target HTTPS proxy for the load balancer.
signed SSL certificate
When you create an instance group, First, decide if the instance group is going to be _______ __ _____-_______and where those locations will be.
single or multi-zoned
Regional managed instance groups are generally recommended over zonal managed instance groups because they allow you to ___ _____ ______ _______ _______.
spread application load across multiple zones,
An HTTP(S) load balancer uses a ________ ___________ proxy instead of a target HTTP proxy.
target HTTPS
You can configure the target proxy with up to _______ SSL certificates.
ten
If an instance in the group stops, crashes, or is deleted by an action, other than _______ ________ __________ ____________, the managed instance group automatically recreates the instance so it can resume its processing tasks.
the instance groups commands
You want to use a global load balancer when your users need access to _____ _______ ________ _____ _________
the same applications and content,
With Network Load Balancing traffic can only be balanced between VM instances that are in _______ _______ ________, unlike a global load balancer.
the same region
You can easily _________ all of the instances in the group.
update
HTTP requests are load balanced on which ports?
Ports 80 or 8080
HTTP(S) load balancers support the ____________ transport layer protocol
QUIC
To use HTTPS, you must create at least one ______ _____________ that can be used by the target proxy for the load balancer
SSL certificate
_______ __________ is a global load balancing service for encrypted, non-HTTP traffic.
SSL proxy
Global load balancing for unencrypted, non-HTTP traffic
TCP proxy load balancing
A _______________________ defines a group of instances that receive incoming traffic from forwarding rules
Target pool resource
Cloud CDN or __________ __________ _____________ uses Google's globally distributed edge points of presence to cache HTTP(S) load-balanced content close to your users.
Content Delivery Network
Managed instance groups can automatically ________ _______ _________ unhealthy instances in a group to ensure that all the instances are running optimally.
identify and recreate
When you create an instance group, Third, select the _______ _______ that you want to use
instance template
HTTP(S) load balancing uses a _________-_____________ algorithm to distribute requests among available instances.
round-robin
HTTP(S) load balancing, is the _____ ________ of the OSI model.term-33
the application layer
Only the ______ , ________, and _______ proxy load balancing services support IPv6 clients.
HTTP(S), SSL proxy, and TCP
The global load balancers are the ______, _______ ________, and __________ load balancers.
HTTP(S), SSL proxy, and TCP proxy
Google Cloud internal load balancing backend services support the ______,_____, or _________ protocols.
HTTP, HTTPS, or HTTP/2
HTTP(S) load balancing, acts at ________ __ of the OSI model.
Layer 7
The internal load TCP/UDP balancer uses the network load balancer _____________, which is a large, distributed software system.
Maglev
HTTPS requests are load balanced on which ports?
Port 443
When you create an instance group, you __________ the specific rules for the instance group.
define
Cloud Load Balancing gives you the ability to __________ load-balanced compute resources in single or multiple regions,
distribute
Managed instance groups can work with load balancing services to _______ network traffic to all of the instances in the group
distribute
The regional load balancers _____________ traffic to instances that are in a single GCP region.
distribute
GCP offers different types of load balancers that can be divided into two categories: ___________ and ___________.
global and regional.
You want to use a global load balancer when your users and instances are ____________ distributed,
globally
The 5 steps to creating an instance group
1. Single Zoned or Multi Zones 2. Choose Ports 3. Select Template 4. Autoscale circumstances 5. Health Check
Applicable autoscaling policies:
1. scaling based on CPU utilization, 2. load balancing capacity, 3. monitoring metrics 4. queue-based workload like Cloud Pub/Sub.
Backend services also have a timeout setting, which is set to __ seconds by default.
30
If you prefer a table over a flow chart, I recommend this summary table.
This table helps you identify the right load balancer based on the traffic type, the distribution of your backends, global or regional, and the type of IP addresses of your backends, external or internal. This table also lists the available ports for load balancing and highlights that only the global load balancers support both IPv4 and IPv6 clients.
You can use network load balancing to load balance _______ traffic and to load balance _______ and _______ traffic on ports that are not supported by the TCP proxy and SSL proxy load balancers.
UDP, TCP, SSL
The target HTTP proxy checks each request against a _____ ______ to determine the appropriate backend service for the request.
URL map
GCP load balancer supports both ________ and ________ clients
IPv4 and IPv6
_____________ _____________ attempts to send all requests from the same client to the same virtual machine instance.
Session affinity
The internal load TCP/UDP balancer uses , _____________ which is GCP's software-defined network virtualization stack.
Andromeda
___________ is a network addressing and routing methodology in which a single destination address has multiple routing paths to two or more endpoint destinations.
Anycast
_____________ helps your applications gracefully handle increases in traffic and reduces cost when the need for resources is lower.
Autoscaling
Cloud Armor _______ _______ ______ ________ ______ help defend you against attacks like cross-site scripting and SQL injection.
Web-Application Firewall Rule Set
When you create an instance group, Second, _____ _____ _______ that you are going to allow and load balance across
choose the ports
One differentiator between the different GCP load balancers is the support for ______ clients.
IPv6
If you need an external load balancing service, start on the top left of this flow chart. If you need an internal load balancing service, you can choose from the Internal TCP/UDP and Internal HTTP(S) load balancers depending on your traffic type.
If you need an external load balancing service, start on the top left of this flow chart. First, choose the type of traffic that your load balancer must handle. If that is HTTP or HTTPS traffic, we recommend using the HTTP(S) load balancing service as a Layer 7 load balancer. Otherwise, use the TCP and UDP traffic paths of this flow chart to determine whether the SSL proxy, TCP proxy, or network load balancing service meets your needs. If you need an internal load balancing service, you can choose from the Internal TCP/UDP and Internal HTTP(S) load balancers depending on your traffic type.
internal load balancing enables you to support use cases such as the traditional 3-tier web services.
In this example, the web tier uses an external HTTP(S) load balancer that provides a single global IP address for users in San Francisco, Iowa, Singapore, and so on. The backends of this load balancer are located in the us-central1 and asia-east1 regions because this is a global load balancer. These backends then access an internal load balancer in each region as the application or internal tier. The backends of this internal tier are located in us-central1-a, us-central1-b, and asia-east1-b. The last tier is the database tier in each of those zones. The benefit of this 3-tier approach is that neither the database tier nor the application tier is exposed externally. This simplifies security and network pricing.
This network diagram illustrates SSL proxy load balancing.
In this example, traffic from users in Iowa and Boston is terminated at the global load balancing layer. From there, a separate connection is established to the closest backend instance. In other words, the user in Boston would reach the us east region, and the user in Iowa would reach the us central region, if there is enough capacity. Now, the traffic between the proxy and the backends can use SSL or TCP. That being said, I would recommend using SSL.
This network diagram illustrates TCP proxy load balancing.
In this example, traffic from users in Iowa and Boston is terminated at the global load balancing layer. From there, a separate connection is established to the closest backend instance. Similarly to in the SSL proxy load balancing example, the user in Boston would reach the us east region, and the user in Iowa would reach the us central region, if there is enough capacity. Now, the traffic between the proxy and the backends can use SSL or TCP.
Configuring an Internal Load Balancer
In this lab, you created two managed instance groups in the us-central1 region, along with firewall rules to allow HTTP traffic to those instances and TCP traffic from the GCP health checker. Then, you configured and tested an internal load balancer for those instance groups.
________ _________ means that this load balances can route requests to backend locations where there is capacity.
Intelligent routing
Requests are generally routed to the instance group that is _______ to the user.
closest
Sometimes referred to as sticky sessions, _____________________ is a platform feature that associates all HTTP requests coming from an end-user with a single application instance
Session affinity,
A managed instance group is a ________ _________ _______ ________ ________ that you control as a single entity, using an instance template.
collection of identical VM instances
_________ and _________ NEGs define how endpoints should be reached, whether they are reachable, and where they are located.
Zonal and internet
Cloud Load Balancing gives you the ability to put your resources behind a single ____ ______ ______ __________,
anycast IP address
You want to use a global load balancer when you want to provide access using a single _______ ______ __________.
anycast IP address
Google Cloud Armor also alerts you of potential Layer 7 ________ in the Security Command Center,
attacks
When you create an instance group, Fourth, decide if you want to _______ and under what circumstances.
autoscale
Managed instance groups offer ____________________ capabilities that allow you to automatically add or remove instances from a managed instance group based on increases or decreases in load.
autoscaling
You just define the ________ ___________ and the autoscaler performs automatic scaling based on the measured load.
autoscaling policy,