Cloud Service Mesh load balancing

Cloud Service Mesh uses sidecar proxies or proxyless gRPC to deliver global loadbalancing for your internal microservices. You can deploy internal microservices(sidecar proxy-based or proxyless gRPC-based) with instances in multipleregions. Cloud Service Mesh provides health, routing, and backend information tothe sidecar proxies or proxyless gRPC, enabling them to perform optimal trafficrouting to application instances in multiple cloud regions for a service.

Note: This guide only supports Cloud Service Mesh with Google Cloud APIs anddoes not support Istio APIs. For more information see,Cloud Service Mesh overview.

In the following diagram, user traffic enters a Google Clouddeployment through an external global load balancer. The external load balancerdistributes traffic to the Front End microservice in eitherus-central1 orasia-southeast1, depending on the location of the end user.

The internal deployment features three global microservices: Front End, ShoppingCart, and Payments. Each service runs on managed instance groups (MIGs) in tworegions,us-central1 andasia-southeast1. Cloud Service Mesh uses a globalload-balancing algorithm that directs traffic from the user in California to themicroservices deployed inus-central1. Requests from the user inSingapore are directed to the microservices inasia-southeast1.

An incoming user request is routed to the Front End microservice. The serviceproxy installed on the host with the Front End then directs traffic to theShopping Cart. The sidecar proxy installed on the host with the Shopping Cartdirects traffic to the Payments microservice. In a proxyless gRPC environment,your gRPC application would handle traffic management.

In the following example, if Cloud Service Mesh receives health check resultsthat indicate that the virtual machine (VM) instances running the Shopping Cartmicroservice inus-central1 are unhealthy, Cloud Service Mesh instructs thesidecar proxy for the Front End microservices to fail over traffic to the ShoppingCart microservice running inasia-southeast1. Because autoscaling isintegrated with traffic management in Google Cloud, Cloud Service Meshnotifies the MIG inasia-southeast1 of the additional traffic, and the MIGincreases in size.

Cloud Service Mesh detects that all backends of the Payments microservice arehealthy, so Cloud Service Mesh instructs Envoy's proxy for the Shopping Cart tosend a portion of the traffic—up to the customer's configuredcapacity—toasia-southeast1 and overflow the rest tous-central1.

Load-balancing components in Cloud Service Mesh

During Cloud Service Mesh setup, you configure several load-balancingcomponents:

• The backend service, which contains configuration values.
• A health check, which provides health checking for the VMs andGoogle Kubernetes Engine (GKE) Pods in your deployment.
• With the service routing APIs, aMesh orGateway resource andaRoute resource.
• With the load balancing APIs, a global forwarding rule, which includes theVIP address, a target proxy, and a URL map.

An xDS API-compatible sidecar proxy (such as Envoy) runs on a clientVM instance or in a Kubernetes Pod. Cloud Service Mesh serves as the controlplane and uses xDS APIs to communicate directly with each proxy. In the dataplane, the application sends traffic to the VIP address configured in theforwarding rule orMesh resource. The sidecar proxy or your gRPC applicationintercepts the traffic and redirects it to the appropriate backend.

The following diagram shows an application running on Compute Engine VMs orGKE Pods, the components, and the traffic flow in aCloud Service Mesh deployment. It shows Cloud Service Mesh and theCloud Load Balancing resources that are used to determine traffic routing.The diagram shows the older load balancing APIs.

What's next

• To learn about configuring advance load balancing features, seeAdvanced load balancing overview.
• To learn more about service discovery and traffic interception, seeCloud Service Mesh service discovery.
• To learn more about Cloud Service Mesh with the service routingAPIs, see theoverview.