Load balancer feature comparison
This page gives you a comparative overview of the load balancing featuresoffered by Cloud Load Balancing. If you haven't already done so, begin byreading the following:
- To get an overview of the different load balancing solutions that areavailable in Google Cloud, seeCloud Load Balancingoverview.
- To determine which Google Cloud load balancer best meets yourapplication's needs, seeChoose a loadbalancer.
In the following tables, acheckmarkindicates that a feature is supported. For more information about a feature,click theinfo link.
Type of load balancer
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Proxy | Load balancer modes: regional cross-region | Load balancer modes: global classic regional | Load balancer modes: regional cross-region | Load balancer modes: global classic regional | ||
| Passthrough | Load balancer modes: internal | Load balancer modes: external | ||||
Protocols from the clients to the load balancer
This table lists the protocols supported for communication between clients andthe different load balancers.
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| One of: HTTP (HTTP/1.0) HTTPS (HTTP/1.0) | (Only global and classic modes) | |||||
| One of: HTTP (HTTP/1.1) HTTPS (HTTP/1.1) | No QUIC support | No QUIC support for regional mode. | ||||
HTTP/2 over TLS HTTP/2 over TCP, also known as H2C gRPC1 | (H2C support for global and regional modes only) | |||||
| HTTP/3 (based on IETF QUIC) | (Only global and classic modes) | |||||
| SSL or TCP | TCP only | Regional mode: TCP only Global and classic mode: SSL or TCP | ||||
| TCP, UDP, or L3_DEFAULT2 | info | info | ||||
| WebSockets | info | info | ||||
| TLS early data | 3 | |||||
1 To support gRPC clients, create an Application Load Balancer thatsupports HTTP/2 end-to-end (with or without TLS).
2 TheL3_DEFAULT setting enables support for the following additional IP protocols:
- For internal passthrough Network Load Balancers,
L3_DEFAULTenables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE. - For external passthrough Network Load Balancers,
L3_DEFAULTenables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6.
3 TLS early data is supported for HTTPS over TCP (HTTP/1.1, HTTP/2) and HTTP/3 over QUIC.
Protocols from the load balancer to the backends
This table lists the IP protocol settings supported with backend services fordifferent load balancers. For more reference information, seeBackendservices.
This table does not apply to Application Load Balancers withserverless NEG backends. The backend service protocol setting is ignored forthese load balancers.
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| One of: HTTP (HTTP/1.1) HTTPS (HTTP/1.1) | ||||||
HTTP/2 over TLS, including gRPC HTTP/2 over TCP, also known as H2C | (H2C support for global and regional modes only) | |||||
| One of: SSL (TLS) or TCP | TCP only | Regional mode: TCP only Global and classic mode: SSL or TCP | ||||
| TCP, UDP, or UNSPECIFIED1 | info | info | ||||
| WebSockets | info | info | ||||
1 TheUNSPECIFIED setting enables support for the following additional IP protocols:
- For internal passthrough Network Load Balancers,
UNSPECIFIEDenables support for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE. - For external passthrough Network Load Balancers,
UNSPECIFIEDenables support for TCP, UDP, ESP, GRE, ICMP, and ICMPv6.
Backends
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Backends can be in multiple regions | (Only cross-region mode) | (Onlyglobal and classic mode) | (Only cross-region mode) | (Onlyglobal and classic mode) | ||
| Backends must be in one region | (Only regional mode) | (Onlyregional and classic mode) | (Only regional mode) | (Onlyregional andclassic mode) | info | info |
| Cloud Storage in backend buckets | (Only cross-region mode) | (Onlyglobal and classic mode) | ||||
| External endpoints in internet NEGs | (Only regional mode) | (Global, regional, andclassic modes) | (Only regional mode) | (Only regional mode) | ||
| Multiple backend services and a URL map | ||||||
| Virtual machine backends on Compute Engine | ||||||
| Self-managed Kubernetes and GKE | ||||||
| Zonal NEGs | GCE_VM_IP_PORT endpoints | GCE_VM_IP_PORT endpoints | GCE_VM_IP_PORT endpoints | GCE_VM_IP_PORT endpoints | GCE_VM_IP endpoints | GCE_VM_IP endpoints |
| Private Service Connect NEGs | (Only global and regional mode) | (Only global and regional mode) | ||||
| Private external endpoints in hybrid NEG backends | info | info | info | info | ||
| Serverless backends | info | info | ||||
| Dual-stack (IPV4 and IPv6) backends | info | (Only global and regional modes) | info | (Only global and regional modes) | info | info |
| IPv6-only backends | info | info | ||||
Health checks
For links to reference information, seeHealthchecks.
Health checks are not supported for internal and externalApplication Load Balancers that use serverless NEG backends.
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| gRPC health checks (without TLS) | 2 | 2 | 2 | 2 | 1 | |
| gRPC health checks (with TLS) | 2 | 2 | 2 | 2 | 1 | |
| HTTP health checks | 3 | (Only classic and regional mode) | 1 | |||
| HTTPS health checks | 3 | (Only classic and regional mode) | 1 | |||
| HTTP/2 health checks | (Only classic and regional mode) | 1 | ||||
| SSL health checks | 1 | |||||
| TCP health checks | 1 | |||||
| Configurable health checks | ||||||
| Configurable request path (HTTP, HTTPS, HTTP/2) | ||||||
| Configurable request string or path (TCP or SSL) | ||||||
| Configurable expected response string | 1 | |||||
| Distributed Envoy health checks | (Only regional mode) | (Only regional mode) | ||||
1 This table documents health checks used by backend service-based external passthrough Network Load Balancers. Target pool-based load balancers support onlylegacy HTTP health checks.
2 Envoy-based regional load balancers(regional internal and external Application Load Balancers andregional internal and external proxy Network Load Balancers) that use hybrid NEG backends don'tsupport gRPC health checks. For more information, see theHybridNEGs overview.
3 Regional external Application Load Balancer does not support legacy health checks. The global external Application Load Balancer and the classic Application Load Balancer supportlegacy health checks only if both of the following are true:
- The backends are instance groups.
- The backend virtual machine (VM) instances serve traffic that uses the HTTP or HTTPS protocol.
IP addresses
For links to reference information, seeAddresses.
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Regional internal IPv4 address, accessible in your VPC network | ||||||
| Regional internal IPv6 address, accessible in your VPC network | info | |||||
| Global external IPv4 address (Includes BYOIP addresses) | (Only global and classic1 mode) | (Only global and classic1 mode) | ||||
| Global external IPv6 address | IPv6 termination (Only global and classic1 mode) | IPv6 termination (Only global and classic1 mode) | ||||
| Regional external IPv4 address (Includes BYOIP addresses) | (Only regional and classic2 mode) | (Only regional and classic2 mode) | ||||
| Regional external IPv6 address (Includes BYOIP addresses) | ||||||
| Multiple forwarding rules with the same IP address, each having a unique protocol and port combination | ||||||
| Internet accessible4 | ||||||
| Privately accessible | info5 | info5 | info5 | |||
| Client source IP address preservation | X‑Forwarded‑For header | X‑Forwarded‑For header | PROXY protocol | PROXY protocol | ||
1 Supported for Premium Tier.
2 Supported for Standard Tier.
3 External IP addresses from BYOIPv6 are not supported for target pool backends.
4 Internet access is also available for clients that are in Google Cloud.
5 Private access is available in the same VPC network and from any region with global access. In cross-region mode, global access is enabled by default.
Network topologies
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Network Service Tiers support | Premium Tier | Global mode: Premium Tier Classic and regional mode: Premium or Standard Tier | Premium Tier | Global mode: Premium Tier Classic and regional mode: Premium or Standard Tier | Premium Tier | Premium or Standard Tier |
| Relationships between VPC networks, load balancers, and their backends | ||||||
| Load balancer and backends in different VPC networks | info | info | info | info | ||
| Backends can use a Shared VPC network | ||||||
| Cross-project service referencing | info | info (Only global and regional mode) | ||||
| Client access to load balancers | ||||||
| Google Cloud or on-premises clients must access the load balancer privately1 | ||||||
| Google Cloud client VMs require external IP addresses or a NAT solution like Cloud NAT to access the load balancer | ||||||
| On-premises client VMs require internet access to access the load balancer | ||||||
| Google Cloud client VMs can be located in any region | info | (Only global and classic2 modes) | info | info | ||
| Google Cloud client VMs can be located in any project | ||||||
| More topologies | ||||||
| Load balancer as next hop | info | |||||
| Specify network interface of a backend VM | 3 | 4 | 3 | 4 | info | info5 |
| Multi-NIC load balancing | info | info | info | info | info | info |
1 Google Cloud or on-premises clients must access the load balancer privately by being either in the same VPC network, in a peered VPC network, or in another network connected using Cloud VPN tunnels or Cloud Interconnect attachments (VLANs)
2 Supported for Premium Tier
3 For regional load balancers, the backend VM'snic0 must be in the same network and region used by the forwarding rule. For cross-region load balancers, the backend VM'snic0 must be in the same network used by the forwarding rule.
4 The load balancer only sends traffic to the first network interface (nic0), whichever VPC network thatnic0 is in.
5 The load balancer only sends traffic to the first network interface (nic0) of the backend VM.
Failover and availability
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Load balancer is resilient to zonal outages Automatic failover to healthy backends within same region | ||||||
| Load balancer is resilient to regional outages Automatic failover to healthy backends in other regions | (Only cross-region mode) | (Only global and classic1 modes) | (Only cross-region mode) | (Only global and classic1 modes) | ||
| Support for active-active high availability configuration | info | (Only inregional mode) | ||||
| Support for active-passive failover configuration | Only inglobal mode | |||||
| Behavior when all backends are unhealthy | info | info | info | info | info (configurable) | info (configurable2) |
| Configurable standby backends | info (configurable) | info (configurable3) | ||||
| Connection draining on failover and failback | info (configurable) | info (configurable4) | ||||
1 Supported for Premium Tier.
2 When all the backends of a target pool-based external passthrough Network Load Balancersare unhealthy, traffic is distributed among all backends.
3 Target pool-based external passthrough Network Load Balancers use backup pools tosupport failover.
4 Target pool-based external passthrough Network Load Balancers don't supportconfiguration of connection draining on failover.
Monitoring
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Byte count metrics | info | info | info | info | info | info |
| Packet count metrics | info | info | ||||
| Round trip time (RTT) metrics | info | info | ||||
| Request latency metrics | info | info | info | |||
| Connection count metrics | info | info | ||||
| HTTP request count metrics | info | info | ||||
Logging
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Log type | ||||||
| HTTP request and response attribute logs | info | info | ||||
| Connection attribute logs | info | info | info | info | ||
| Log fields | ||||||
| HTTP request | info | global, classic regional | ||||
| String that explains the proxy response | proxyStatus | statusDetails proxyStatus | ||||
| TLS metadata between client and load balancer | info | (Onlyregional mode) | ||||
| Connection attributes: 5-tuple, bytes/packets sent and received | info | info | info | |||
| VM instance details and GKE details | info | (Onlyregional mode) | info | info | ||
| Client VPC or location details | info | info | ||||
| Network tier details | info | |||||
| Labels describing the load balancer resource | info | global, classic regional | info | info | info | info |
Session affinity
For detailed information, seeSessionaffinity.
For links to reference information, seeBackendservices.
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Headers | (Only global and regional mode) | |||||
| HTTP cookie | (Only global and regional) | |||||
| Generated cookie | ||||||
| Stateful cookie | (Only global and regional) | |||||
Client IP, no destination (1-tuple)CLIENT_IP_NO_DESTINATION | info | |||||
Client IP, Destination IP (2-tuple)CLIENT_IP | 1 | 1 | ||||
Client IP, Destination IP, Protocol (3-tuple)CLIENT_IP_PROTO | 1 | 1 | ||||
Client IP, Client Port, Destination IP, Destination Port, Protocol (5-tuple)CLIENT_IP_PORT_PROTO | 1,2 | 1,2 | ||||
None (5-tuple)NONE | 3 | 3 | ||||
1 Setting session affinity is only meaningful if the protocol usessessions—for example, TCP.
2 If the protocol does not have a concept of ports or if the packetdoes not carry port information (subsequent UDP fragments, for example), then a3-tuple hash of the Client IP, Destination IP, and protocol is used instead.
3 If the protocol has a concept of ports and the packet carries portinformation, thenNone is a 5-tuple hash. If the protocol does not have aconcept of ports or if the packet does not carry port information (for example,subsequent UDP fragments), thenNone is a 3-tuple hash of the Client IP,Destination IP, and protocol.
Load balancing methods
For detailed information, see theBackendservices overview.
For links to reference information, seeBackendservices.
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Balancing mode: connection | ||||||
| Balancing mode: rate (requests per second) | 1 | 1 | ||||
| Balancing mode: backend utilization (instance group backends only) | 1 | 1 | ||||
| Configurable maximum capacity per backend instance group or NEG | 1 | 1 | ||||
| Circuit breaking | 1 | (Only regional mode) | (Only regional mode) | |||
| Prefers region closest to client on the internet2 | (Only global and classic3 modes) | (Only global and classic3 modes) | ||||
| Prefers region closest to the load balancer2 | (Only global and classic3 modes) | (Only classic3 modes) | ||||
| Weight-based load balancing | (Only global and regional modes) | 4 | ||||
| Within zone/region load balancing policy | info | info | info | info | info | info |
1 This feature is not supported with load balancers that use serverless NEG backends.
2 When the closest region is at capacity or isn't healthy, the load balancer prefers next closest region.
3 Supported for classic load balancers in Premium Tier only.
4 This feature is not supported with target pool-based external passthrough Network Load Balancers.
Routing and traffic management
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| HTTP or layer 7 request routing | info | info | ||||
| Fault injection | info | (Only global and regional modes) | ||||
| Configurable timeouts | info | info | info | info | ||
| Retries | info | info | ||||
| Redirects | info | global classic regional | ||||
| URL rewrites | info | global classic regional | ||||
| Request and response header transformations (configured on the URL map) | info | (Onlyglobal andregional modes) | ||||
| Traffic splitting | info | (Onlyglobal andregional modes) | ||||
| Traffic mirroring | info1 | (Onlyglobal andregional modes) | (Only regional mode) | |||
| Outlier detection | info | (Onlyglobal andregional modes) | ||||
| Retry failed requests | info | (Onlyglobal andregional modes) | ||||
| Custom request and response headers (configured on the backend service) | (Onlyglobal andregional modes) | |||||
| Custom error responses | (Only global mode) | |||||
| Service load balancing policy | (Only cross-region mode) | (Only global mode) | (Only cross-region mode) | (Only global mode) | ||
| Connection tracking policy | info | info1 | ||||
| Source IP-based traffic steering | info2 | |||||
1 This feature is not supported with load balancers that use serverless NEG backends.
2 This feature is supported bybackend service-based external passthrough Network Load Balancers. Target pool-based load balancers don't support this feature.
For traffic management features available with Cloud Service Mesh, seeCloud Service Mesh features: Routing and trafficmanagement.
Autoscaling and autohealing
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Managed instance group autoscaling based on load balancer serving capacity | (Only global and classic modes) | |||||
| Autohealing (native to managed instance groups and GKE) | ||||||
| Connection draining | 1 | |||||
Security
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Google-managed SSL certificates | info | info1 | (Onlyglobal andclassic mode)2 | |||
| CORS | info | (Only global and regional modes) | ||||
| Identity-Aware Proxy (IAP) | 3 | |||||
| Google Cloud Armor | info | info | (Onlyglobal andclassic mode) | info | ||
| SSL offload | (Only global and classic modes)2 | |||||
| SSL policies (TLS version and cipher suites) | info | info | info (Only global and classic modes)2 | |||
| Frontend mutual TLS | info | info | ||||
1 Global external Application Load Balancers and classic Application Load Balancers supportboth Compute Engine and Certificate ManagerGoogle-managed SSL certificates, whereas regional external Application Load Balancers support onlyCertificate Manager Google-managed certificates.
2 Supported only if the load balancer is configured with a targetSSL proxy.
3 IAP is incompatible with Cloud CDN.
Google Cloud Armor protection for external load balancers
Cloud Armor provides both always-on and user-configurable DDoSprotections for all external load balancers, and user-configurable securitypolicy rules depending on the type of load balancer.
| Load balancer type or mode | Cloud Armorsecurity policies | Supported security policy types |
|---|---|---|
| Global external Application Load Balancer |
| |
| Classic Application Load Balancer |
| |
| Regional external Application Load Balancer |
| |
| Global external proxy Network Load Balancer |
| |
| Classic proxy Network Load Balancer |
| |
| External passthrough Network Load Balancer |
|
You can also configure advanced network DDoS protection forexternal passthrough Network Load Balancers,protocol forwarding, or VMs withpublic IP addresses. For more information about advanced network DDoSprotection, seeConfigure advanced network DDoS protection.
Cross-product integrations
| Feature | Application Load Balancer | Proxy Network Load Balancer | Passthrough Network Load Balancer | |||
|---|---|---|---|---|---|---|
| Internal | External | Internal | External | Internal | External | |
| Cloud CDN | (Onlyglobal andclassic1 modes) | |||||
| Service Extensions plugins and callouts | info | info | ||||
| Internal Compute Engine DNS names | (Onlyregional mode) | (Onlyregional mode) | info | |||
| Automatic Service Directory registration (Preview) | info | info | ||||
| App Hub integration | info | info | info | info | info | info |
1 Supported for Premium Tier
What's next
For detailed information about each load balancer, see the following:
- External Application Load Balancer overview (global, classic, and regional)
- Internal Application Load Balancer overview (regional and cross-region)
- External proxy Network Load Balancer overview (global, classic, and regional)
- Internal proxy Network Load Balancer overview (regional and cross-region)
- External passthrough Network Load Balancer overview
- Internal passthrough Network Load Balancer overview
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.