Traffic management overview for global external Application Load Balancers

This page gives you an overview of the advanced traffic management capabilitiesavailable for global external Application Load Balancers. This page is for theglobal external Application Load Balancer only. These load balancers are always global andalways in Premium Tier. If you use a load balancer in a different mode,see one of the following pages:

Global external Application Load Balancers support the following advanced traffic managementfeatures:

Traffic steering. Intelligently route traffic based on HTTP(S) parameters (forexample, host, path, headers, and other request parameters).
Traffic actions. Perform request-based and response-based actions (forexample, redirects and header transformations).
Traffic policies. Fine-tune load balancing behavior (for example, advancedload balancing algorithms).

You can set up these features by using URL maps and backend services.For more information, see the following topics:

Use case examples

Traffic management addresses many use cases. This section provides a fewhigh-level examples.

Traffic steering: header-based routing

Traffic steering lets you direct traffic to service instances based onHTTP parameters such as request headers. For example, if a user's device isa mobile device withuser-agent:Mobile in the request header, trafficsteering can send that traffic to service instances designated to handle mobiletraffic, and send traffic that doesn't haveuser-agent:Mobile to instancesdesignated to handle traffic from other devices.

Cloud Load Balancing traffic steering. — **Figure 1.** Cloud Load Balancing traffic steering (click to enlarge).

Traffic actions: weight-based traffic splitting

Deploying a new version of an existing production service generally incurs somerisk. Even if your tests pass in staging, you probably don't want to subject100% of your users to the new version immediately. With trafficmanagement, you can define percentage-based traffic splits across multiplebackend services.

For example, you can send 95% of the traffic to the previous version of yourservice and 5% to the new version of your service. After you've validated thatthe new production version works as expected, you can gradually shift thepercentages until 100% of the traffic reaches the new version of your service.Traffic splitting is typically used for deploying new versions, A/B testing,service migration, and similar processes.

Cloud Load Balancing traffic splitting. — **Figure 2.** Cloud Load Balancing traffic splitting (click to enlarge).

Don't configure session affinity if you're using weighted traffic splitting.If you do, the weighted traffic splitting configuration takes precedence.

Traffic policies: request mirroring

Your organization might have specific compliance requirements mandating thatall traffic be mirrored to an additional service that can, for example,record the request details in a database for later replay.

Extensibility with Service Extensions

The integration withService Extensionslets you insert custom logic into the load balancing data path ofsupported Application Load Balancersby using callouts and plugins.

You can configure these extensions at various points in the processing path:authorization,edge,route,andtraffic.

You can also use Service Extensions to configure advancedfeatures, such asdynamic forwarding.

For more information, seeService Extensions overview.

Traffic management components

At a high level, load balancers provide traffic management by leveragingglobal URL maps andglobal backend servicesresources.

You can set up traffic steering and traffic actions by using URL maps.Google Cloud resources that are associated with URL maps include thefollowing:

Route rule
Rule match
Rule action

You can set up traffic policies by using backend services.Google Cloud resources that are associated with backend servicesinclude the following:

Locality load balancer policy
Consistent hash load balancer settings
Outlier detection

The following diagram shows the resources that are used to implement eachfeature.

Cloud Load Balancing data model. — **Figure 3.** Cloud Load Balancing data model (click to enlarge).

Routing requests to backends

In global external Application Load Balancers, the backend for your traffic is determinedby using a two-phased approach:

The load balancer selects a backend service or backend bucket based on rulesdefined in aglobal URL map.
The backend service selects a backend instance based onpolicies defined in aglobal backend service.

When you configure routing, you can choose between the following modes:

Simple host and path rule
Advanced host, path, and route rule

The two modes are mutually exclusively. Each URLmap can contain only one mode or the other mode.

Simple host and path rule

In a simple host and path rule,URL maps work as described in theURL map overview.

The following diagram shows the logical flow of a simple host and path rule.

URL map flow with a simple host and path rule. — **Figure 4.** URL map flow with a simple host and path rule (click to enlarge).

A request is initially evaluated by using host rules. A host is the domainspecified by the request. If the requesthost matches one of the entries inthehosts field, the associated path matcher is used.

Next, the path matcher is evaluated. Path rules are evaluated on thelongest-path-matches-first basis, and you can specify path rules in any order.After the most specific match is found, the request is routed to thecorresponding backend service. If the request doesn't match, the defaultbackend service is used.

A typical simple host and path rule might look something like the following, wherevideo traffic goes tovideo-backend-service, and all other traffic goes toweb-backend-service.ThedefaultService andservice can point to a backend service or a backendbucket. This example shows backend services.

gcloud compute url-maps describe lb-map

defaultService:global/backendServices/web-backend-servicehostRules:-hosts:-'*'pathMatcher:pathmapname:lb-mappathMatchers:-defaultService:global/backendServices/web-backend-servicename:pathmappathRules:-paths:-/video-/video/*service:global/backendServices/video-backend-service

Advanced host, path, and route rule

Advanced host, path, and route rules provide additional configuration optionscompared to simple host and path rules. These options enable more advancedtraffic management patterns and also modify some of the semantics. For example,route rules have an associated priority value and are interpreted in priorityorder (rather than by using longest-path-matches-first semantics).

As in the earlier simple host and path rule example, you can configureadvanced traffic management by using a URL map. For example, the followingURL map configures routing where 95% of the traffic is routed to one backendservice, and 5% of the traffic is routed to another backend service.

ThedefaultService andservice can point to a backend service or a backendbucket. This example shows backend services.

gcloud compute url-maps describe lb-map

defaultService:global/backendServices/service-ahostRules:-hosts:-'*'pathMatcher:matcher1name:lb-mappathMatchers:-defaultService:global/backendServices/service-aname:matcher1routeRules:-matchRules:-prefixMatch:''routeAction:weightedBackendServices:-backendService:global/backendServices/service-aweight:95-backendService:global/backendServices/service-bweight:5

Host rules

When a request reaches your load balancer, the request'shost field isevaluated against thehostRules defined in the URL map. Each host ruleconsists of a list of one or more hosts and a single path matcher(pathMatcher). If nohostRules are defined, the request is routed to thedefaultService.

For more information, seehostRules[] anddefaultService in theglobal URL map API documentation.

Path matchers

After a request matches a host rule, the load balancer evaluates thepath matcher corresponding to the host.

A path matcher is made up of the following:

One or more path rules (pathRules)or route rules (routeRules).
A default service (defaultService), which is the default backend service or backend bucket that is used when no other backend services or backend buckets match.

For more information, seepathMatchers[],pathMatchers[].pathRules[], andpathMatchers[].routeRules[] in theglobal URL map APIdocumentation.

Path rules

Path rules (pathRules) specify one or more URL paths, such as/ or/video.Path rules are generally intended for the type of simple host and path-basedrouting described previously.

For more information, seepathRules[] in theglobal URL map APIdocumentation.

Route rules

A route rule (routeRules) matches information in an incoming request and makesa routing decision based on the match.

Route rules can contain a variety of different match rules (matchRules) and avariety of different route actions (routeAction).

A match rule evaluates the incoming request based on the HTTP(S) request's path,headers, and query parameters. Match rules support various types of matches(for example, prefix match) as well as modifiers (for example, caseinsensitivity). This lets you, for example, send HTTP(S) requests to a setof backends based on the presence of a custom-defined HTTP header.

Note: Match options and semantics differ depending on the request portion thatyou match. For more information, seematchRules[] in theglobal URL map APIdocumentation.

If you have multiple route rules, the load balancer executes them in priorityorder (based on thepriority field), which lets you specify custom logicfor matching, routing, and other actions.

Within a given route rule, when the first match is made, the load balancer stopsevaluating the match rules, and any remaining match rules are ignored.

Google Cloud performs the following actions:

Looks for the first match rule that matches the request.
Stops looking at any other match rules.
Applies the actions in the corresponding route actions.

Route rules have several components, as described in the following table.

Route rule component (`API field name`)	Description
Priority (`priority`)	A number from 0 through 2,147,483,647 (that is, (2^31)-1) assigned to a route rule within a given path matcher. The priority determines the order of route rule evaluation. The priority of a rule decreases as its number increases so that a rule with priority`4` is evaluated before a rule with priority`25`. The first rule that matches the request is applied. Priority numbers can have gaps. You cannot create more than one rule with the same priority.
Description (`description`)	An optional description of up to 1,024 characters.
Service (`service`)	The full or partial URL of the backend service resource to which traffic is directed if this rule is matched.
Match rules (`matchRules`)	One or more rules that are evaluated against the request. These`matchRules` can match all or a subset of the request's HTTP attributes, such as the path, HTTP headers, and query (GET) parameters. Within a`matchRule`, all matching criteria must be met for the`routeRule`'s`routeActions` to take effect. If a`routeRule` has multiple`matchRules`, the`routeActions` of the`routeRule` take effect when a request matches any of the`routeRule`'s`matchRules`.
Route action (`routeAction`)	Lets you specify what actions to take when the match rule criteria are met. These actions include traffic splitting, URL rewrites, retry and mirroring, fault injection, and CORS policies.
Redirect action (`urlRedirect`)	You can configure an action to respond with an HTTP redirect when the match rule criteria are met. This field cannot be used in conjunction with a route action.
Header action (`headerAction`)	You can configure request and response header transformation rules when the criteria within`matchRules` are met.

For more information about the following fields, see theglobal URL map APIdocumentation.

routeRules[]
routeRules[].priority
routeRules[].description
routeRules[].service
routeRules[].matchRules[]
routeRules[].routeAction
routeRules[].urlRedirect
routeRules[].headerAction

Match rules

Match rules (matchRules) match one or more attributes of a request and takeactions specified in the route rule. The following list provides some examplesof request attributes that can be matched by using match rules:

Host: a hostname is the domain name portion of a URL; for example,the hostname portion of the URLhttp://example.net/video/hd isexample.net. In the request, the hostname comes from theHost header, asshown in this example curl command, where10.1.2.9 is the load-balancedIP address:
```
curl -v http://10.1.2.9/video/hd --header 'Host: example.com'
```
Paths follow the hostname—for example,/images. The rule can specifywhether the entire path or only the leading portion of the path needs tomatch.
Other HTTP request parameters, such as HTTP headers, which allow cookiematching, as well as matching based on query parameters (GET variables).

For a complete list of supported match rules, seepathMatchers[].routeRules[].matchRules[] in theglobal URL map APIdocumentation.

Route actions

Route actions are specific actions to take when a route rule matches theattributes of a request.

Route action (`API field name`)	Description
Redirects (`urlRedirect`)	Returns a configurable 3xx response code. It also sets the`Location` response header with the appropriate URI, replacing the host and path as specified in the redirect action.
URL rewrites (`urlRewrite`)	Rewrites the hostname portion of the URL, the path portion of the URL, or both, before sending a request to the selected backend service. For the path portion rewrites, you can use wildcards in`pathTemplateRewrite`.
Header transformations (`headerAction`)	Adds or removes request headers before sending a request to the backend service. You can also add or remove response headers after receiving a response from the backend service. Attempting to add and remove the same header results in the header being removed, unless the`replace: True` flag is used with the`requestHeadersToAdd` operation.
Traffic mirroring (`requestMirrorPolicy`)	In addition to forwarding the request to the selected backend service, sends an identical request to the configured mirror backend service on afire and forget basis. The load balancer doesn't wait for a response from the backend to which it sends the mirrored request. Mirroring is useful for testing a new version of a backend service. You can also use it to debug production errors on a debug version of your backend service, rather than on the production version. Note the following limitations when using traffic mirroring: Traffic mirroring is supported when both backend services have managed instance groups, zonal NEGs, or hybrid NEGs backends. It is not supported for internet NEGs, serverless NEGs, and Private Service Connect backends. Requests to the mirrored backend service do not generate any logs or metrics for Cloud Logging and Cloud Monitoring.
Weighted traffic splitting (`weightedBackendServices`)	Allows traffic for a matched rule to be distributed to multiple backend services, proportional to a user-defined weight assigned to the individual backend service. This capability is useful for configuring staged deployments or A/B testing. For example, the route action could be configured such that 99% of the traffic is sent to a service that's running a stable version of an application, while 1% of the traffic is sent to a separate service running a newer version of that application.
Retries (`retryPolicy`)	Configures the conditions under which the load balancer retries failed requests, how long the load balancer waits before retrying, and the maximum number of retries permitted. To learn more about retries, see theRetries section in theRequest distribution overview page.
Timeout (`timeout`)	Specifies the timeout for the selected route. Timeout is computed from the time that the request is fully processed up until the time that the response is fully processed. Timeout includes all retries.
Fault injection (`faultInjectionPolicy`)	Introduces errors when servicing requests to simulate failures, including high latency, service overload, service failures, and network partitioning. This feature is useful for testing the resiliency of a service to simulated faults.
Delay injection (`faultInjectionPolicy`)	Introduces delays for a user-defined portion of requests before sending the request to the selected backend service.
Abort injection (`faultInjectionPolicy`)	Responds directly to a fraction of requests with user-defined HTTP status codes instead of forwarding those requests to the backend service.
Security policies (`corsPolicy`)	Cross-origin resource sharing (CORS) policies handle settings for enforcing CORS requests.

You can specify one of the following route actions:

Route traffic to a single service (service).
Split traffic between multiple services (weightedBackendServices weight:x,wherex must be from 0 to 1000).
Redirect URLs (urlRedirect).

In addition, you can combine any one of the previously mentioned route actionswith one or more of the following route actions:

Mirror traffic (requestMirrorPolicy).
Rewrite URL host and path (urlRewrite).
Retry failed requests (retryPolicy).
Set timeout (timeout).
Introduce faults to a percentage of the traffic (faultInjectionPolicy).
Add CORS policy (corsPolicy).
Manipulate request or response headers (headerAction).

For more information about the configuration and semantics of route actions, seethe following in theglobal URL map APIdocumentation.

urlRedirect
urlRewrite
headerAction
requestMirrorPolicy
weightedBackendServices
retryPolicy
timeout
faultInjectionPolicy
corsPolicy

HTTP-to-HTTPS redirects

If you need to redirect HTTP traffic to HTTPS, youcan create two forwarding rules with a common IP address.

For a complete example, seeSet up HTTP-to-HTTPS redirect forglobal external Application Load Balancers.

Traffic policies

By using backend service resources, you can configure traffic policies tofine-tune load balancing within an instance group or network endpointgroup (NEG). These policies only take effect after a backend service has beenselected by using your URL map (as described previously).

Traffic policies enable you to:

Control the load balancing algorithm among instances within the backendservice.
Control the volume of connections to an upstream service.
Control the eviction of unhealthy hosts from a backend service.

The following traffic policy features are configured in theglobal backendservice.

Note: Traffic policies (including load balancing locality policy, sessionaffinity, and outlier detection) aren't supported with internet NEG backends.

Traffic policy (API field name) Description

Traffic policy (`API field name`)	Description
Load balancing locality policy (`LocalityLbPolicy`)	For a backend service or bucket, traffic distribution is based on aload balancing mode and aload balancing locality policy. The balancing mode determines the fraction of traffic that must be sent to each backend (bucket, instance group, or`GCE_VM_IP_PORT` NEG). The load balancing policy (`LocalityLbPolicy`) determines how backends within the zone or in the group are load balanced. When a backend service receives traffic, it first directs traffic to a backend (bucket, instance group, or`GCE_VM_IP_PORT` NEG) according to the backend's balancing mode. After a backend is selected, traffic is then distributed among instances or endpoints within each zone according to the locality policy. For regional managed instance groups, the locality policy applies to each constituent zone. For the balancing modes supported, seeBalancing mode. For the load balancing policy algorithms supported, see`localityLbPolicy` in theglobal backend service API documentation.
Session affinity (`consistentHash`)	Includes HTTP cookie-based affinity, HTTP header-based affinity, client IP address affinity, stateful cookie-based session affinity, and generated cookie affinity. Session affinity provides a best-effort attempt to send requests from a particular client to the same backend for as long as the backend is healthy and has capacity. Session affinity settings are fulfilled only if the load balancing locality policy is set to`RING_HASH` or`MAGLEV`. For more information about session affinity, see`consistentHash` in theglobal backend service API documentation.
Outlier detection (`outlierDetection`)	A set of policies that specify the criteria for eviction of unhealthy backend VMs or endpoints in NEGs, along with criteria defining when a backend or endpoint is considered healthy enough to receive traffic again. For more information about outlier detection, see`outlierDetection` in theglobal backend service API documentation.

Load balancing locality policy (LocalityLbPolicy)

For a backend service or bucket, traffic distribution is based on aload balancing mode and aload balancing locality policy.

The balancing mode determines the fraction of traffic that must be sent to each backend (bucket, instance group, orGCE_VM_IP_PORT NEG). The load balancing policy (LocalityLbPolicy) determines how backends within the zone or in the group are load balanced. When a backend service receives traffic, it first directs traffic to a backend (bucket, instance group, orGCE_VM_IP_PORT NEG) according to the backend's balancing mode. After a backend is selected, traffic is then distributed among instances or endpoints within each zone according to the locality policy. For regional managed instance groups, the locality policy applies to each constituent zone.

For the balancing modes supported, seeBalancing mode.

For the load balancing policy algorithms supported, seelocalityLbPolicy in theglobal backend service API documentation.

Session affinity (consistentHash)

Includes HTTP cookie-based affinity, HTTP header-based affinity, client IP address affinity, stateful cookie-based session affinity, and generated cookie affinity. Session affinity provides a best-effort attempt to send requests from a particular client to the same backend for as long as the backend is healthy and has capacity.

Session affinity settings are fulfilled only if the load balancing locality policy is set toRING_HASH orMAGLEV.

For more information about session affinity, seeconsistentHash in theglobal backend service API documentation.

Outlier detection (outlierDetection)

A set of policies that specify the criteria for eviction of unhealthy backend VMs or endpoints in NEGs, along with criteria defining when a backend or endpoint is considered healthy enough to receive traffic again.

For more information about outlier detection, seeoutlierDetection in theglobal backend service API documentation.

What's next

To configure traffic management for global external Application Load Balancer, see Setting up traffic management for global external Application Load Balancers.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.

Movatterモバイル変換

Traffic management overview for global external Application Load Balancers Stay organized with collections Save and categorize content based on your preferences.