Internal passthrough Network Load Balancer forwarding rules that use a common IP address
Internal passthrough Network Load Balancers are regional load balancers that enableyou to run and scale your services behind an internal IP addressthat is accessible only to your internal virtual machine (VM) instances.
This page discusses using multiple forwarding rules withthe same IP address. For general information about internal passthrough Network Load Balancers, see theInternal passthrough Network Load Balancer overview.
Using internal forwarding rules, you can use a shared internal IP address acrossup to ten forwarding rules. To share an IP address, you set the purpose of theIP address toSHARED_LOADBALANCER_VIP. You can useTCPorUDP for theforwarding rule protocol and assign up to five ports to the forwarding rule, orspecify--ports=ALL to use all ports. If you want to use theL3_DEFAULTprotocol, you must use all ports with the--ports=ALL option.
With unique combinations of protocol and ports, you can do the following:
Create 50 unique TCP ports with each forwarding rule using the
TCPprotocol.If a forwarding rule is configured to use the
TCPprotocol and all ports, noother forwarding rule using theTCPprotocol can use the same shared IPaddress.Create 50 unique UDP ports with each forwarding rule using the
UDPprotocol.If a forwarding rule is configured to use the
UDPprotocol and all ports, noother forwarding rule using theUDPprotocol can use the same shared IPaddress.Create 50 unique combinations of TCP and UDP ports, with each forwardingrule using either the
TCPorUDPprotocol.Reference a common backend service (a single load balancer) or multiplebackend services (multiple load balancers that share the same IP address).
Use all ports when configuring a forwarding rule with the
L3_DEFAULTprotocol. There can be only oneL3_DEFAULTforwarding rule for an IPaddress, which can be shared with other TCP and UDP forwarding rules, ifnecessary.
When your forwarding rules have different protocols, you must have two differentbackend services as well. A single internal passthrough Network Load Balancer works for either TCP orUDP traffic—not both—because it has a single backend service that uses onlyone of these protocols.
Decision matrices for forwarding rules
Use the following tables to design your deployment.
Single internal passthrough Network Load Balancer
A single backend service supports TCP or UDP, not both.
When you need multiple forwarding rules, calculate the number of forwardingrules that you need by using the formula⌈total number of ports / 5⌉, where⌈⌉ is theceiling (least integer) function, and meansround up to the nearestwhole number.
For example, suppose you need 26 TCP ports on one IP address of your loadbalancer. If you don't want to create a single forwarding rule by using--ports=ALL, you must create six forwarding rules because26 / 5 = 5 with a remainder of 1.
| Intended frontend configuration | Number of forwarding rules required | --purpose=SHARED_LOADBALANCER_VIP flag required for IP address | Forwarding rule port specification |
|---|---|---|---|
| One IP address, traffic on all ports | One forwarding rule | No | --ports=ALL |
| One IP address, traffic on specific ports | For five or fewer ports: For six or more ports: | For five or fewer ports: no For six or more ports: yes | Set--ports to a set of up to five contiguous or non-contiguous port numbers. |
| Multiple IP addresses, traffic on all ports | One forwarding rule per IP address | No | --ports=ALL |
| Multiple IP addresses, traffic on specific ports | At least one forwarding rule per IP address | If using five or fewer ports per IP address: no If using six or more ports per IP address: yes | Set--ports to a set of up to five contiguous or non-contiguous port numbers. |
Two internal passthrough Network Load Balancers
When you have two internal passthrough Network Load Balancers, you can have two backend services, whereone backend service is for TCP traffic, and the other backend service is for UDPtraffic.
When you need multiple forwarding rules, calculate the number of forwardingrules that you need by using the following formula, where⌈⌉ is the ceiling (least integer) function, and meansround upto the nearest whole number:
⌈total number of TCP ports / 5⌉ ⌈total number of UDP ports / 5⌉
For example, suppose you need 26 TCP ports and 12 UDP ports.You must create nine forwarding rules:
26 / 5 = 5 with a remainder of 1, so you need six forwarding rules for yourTCP ports.12 / 5 = 2 with a remainder of 2, so you need three forwarding rules foryour UDP ports.
| Intended frontend configuration | Number of forwarding rules required | --purpose=SHARED_LOADBALANCER_VIP flag required for IP address | Forwarding rule port specification |
|---|---|---|---|
| One IP address, traffic on all ports | Two forwarding rules—one for TCP, one for UDP | Because the TCP forwarding rule and the UDP forwarding rule must share a single IP address: yes | --ports=ALL |
| One IP address, traffic on specific ports | For five or fewer TCP ports and five or fewer UDP ports: two forwarding rules—one for TCP, one for UDP For six or more TCP ports or UDP ports: multiple forwarding rules, where each forwarding rule supports one protocol and five or fewer ports | Yes | Set--ports to a set of up to five contiguous or non-contiguous port numbers. |
| Multiple IP addresses, traffic on all ports, either TCP or UDP | At least two forwarding rules—one for TCP using one IP address, one for UDP using a different IP address Three or more forwarding rules if you need three or more IP addresses | No | --ports=ALL |
| Multiple IP addresses, traffic on specific ports, either TCP or UDP | At least two forwarding rules—one for TCP using one IP address, one for UDP using a different IP address More than two forwarding rules if you need one of the following:
| For one IP address with five or fewer TCP ports and one IP address with five or fewer UDP ports: no For six or more TCP ports or UDP ports: yes | Set--ports to a set of up to five contiguous or non-contiguous port numbers. |
Limitations
- Two or more forwarding rules with the same IP address and protocol cannot haveoverlapping ports. For example:
- When you configure the forwarding rule with protocol TCP and port
80,you cannot configure another forwarding rule to serve that protocol andport. For example, you cannot create another forwarding rule to serveTCP ports80,81, and90. - When you configure the forwarding rule for TCP and ports
80,8080, and90, you cannot configure another forwarding rule for TCP that would useall ports.
- When you configure the forwarding rule with protocol TCP and port
- When two or more forwarding rules share the same IP address by using the
--purpose=SHARED_LOADBALANCER_VIPflag, at most only one of themcan have the protocol set toL3_DEFAULT.
Use cases
Many different types of deployments are possible. The followingexamples use one IP address that accepts traffic on specific ports for twoload balancers.
Example 1
This example uses different forwarding rules with the following parameters:
- The same IP address (
10.1.1.1) - Different protocols
- Separate backend services that each forwarding rule points to
- Matching protocols: the protocol of each backend service matches the protocol of the correspondingforwarding rule
Example 2
This example uses different forwarding rules with the following parameters:
- The same IPv4 address (
10.1.1.1) - The same protocol
- A different set of numbered ports on each forwarding rule
- This configuration option is an alternative to creating a singleforwarding rule that specifies all ports.
- You cannot share a static internal IPv6 address across multiple forwardingrules.
Configuration steps
You can create multiple internal forwarding rules that have the same IP addressif you do both of the following:
- Create a static (reserved) internal IP addressfor the forwarding rules to use.
- Set the
--purposeflag on theshared internal IP address to the valueSHARED_LOADBALANCER_VIP.
For an example setup, seeAccepting traffic on multiple ports using two forwarding rules.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.