About Private Service Connect health for automatic cross-region failover

This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.

Private Service Connect health lets service producers define health states thatsupport automatic cross-region failover for service consumers that usePrivate Service Connect backends. These health states are basedon the aggregated health of the service producer's backends(VMs or network endpoints), providing consumers a more accurate failover signalthan outlier detection, which infers health from response failures.

To enable cross-region failover, both the service producer andconsumer must use a multi-region deployment. When you configurePrivate Service Connect health, the health state of each regional published serviceis automatically propagated to the consumer's loadbalancer. If a service instance in one region becomes unhealthy, the consumer'sload balancer stops routing traffic to that service and instead routes trafficto a healthy service instance in an alternate region.

Deployment requirements

To use Private Service Connect health for automatic failover, both the service producerand the service consumer must configure their resources for a multi-regiondeployment, as described in this section. For more information aboutrequirements for load balancer and backend types, seeSpecifications.

Producer configuration:

• Deploy the service in each region. Each regional instance of the service must be configured on a regional load balancer thatsupports access by a backend.
• Create a service attachment to publish each regional instance of the service.

Consumer configuration:

• Create a Private Service Connect backend to access published services. The backend must be based on aload balancer that supports cross-region failover and includes the following configuration:
  • A Private Service Connect NEG in each region that points to that region's service attachment
  • A global backend service that contains the NEG backends

The following diagram shows a multi-region deployment:

Private Service Connect health components

Private Service Connect health uses the following components to support automaticcross-region failover.

Health aggregation policy

Ahealth aggregation policy is a resource that you create to define theconditions that a backend service must meet to be considered healthy.A policy aggregates the health states of a backend service's backends(VMs in an instance group or network endpoints in a NEG), as determined byregularhealth checks.

A backend service is considered healthy if two configurable conditions are met:

• Percentage of healthy endpoints: The minimum percentage of backendsthat must be healthy. The default is 60%.

• Minimum number of healthy endpoints: The minimum number of backends thatmust be healthy. The default value is 1.

For example, you can create a policy that specifies a backend service must haveat least 75% of its backends healthy and at least three healthy backends. Ifthe number of healthy backends falls below either of those thresholds, thebackend service is considered unhealthy.

Health source

Ahealth source is a resource that makes the health of a single backendservice available for aggregation as part of a composite health check.When you create a health source, you specify the following:

• A backend service to monitor
• A health aggregation policy that determines the backend service's health

The health source uses the conditions defined in the health aggregation policyto determine the health state of the associated backend service.

Composite health check

Acomposite health check is a resource that aggregates the health states ofone or more health sources to produce a single composite health state for aregional published service. The published service is considered healthy if eachof the associated health sources are healthy. If any of the health sources areunhealthy, the service is considered unhealthy.

Health destination

Ahealth destination receives the final composite health state from acomposite health check. For a published service, the health destination is theforwarding rule of the producer's load balancer. The health state isautomatically propagated to consumer load balancers that connect to thisforwarding rule.

Specifications

Private Service Connect health has the following specifications.

• Behavior:

  • The health of individual backends within a backend service isdetermined by standard health checks.
  • A configurable health aggregation policy determines the overall healthstate of a backend service based on the health of its individualbackends.
  • A composite health check aggregates the health states from one or morebackend services that are configured as health sources, creating acomposite health state.
  • The composite health state is provided to a health destination, whichmust be the forwarding rule of a published service.
  • The composite health state is automatically propagatedto connected consumer load balancers, whereunheatlhy states trigger automatic cross-region failover.

• Configuration:

  • The service producer and consumer must configure resources in amulti-region deployment.
  • Each published service instance must be published with aload balancer that supports cross-region failover.
  • Backend services that you use as health sources must have a loadbalancing scheme ofINTERNAL orINTERNAL_MANAGED.
  • Published service instances must have one of the following backendtypes:
    • Network endpoint group of typeGCE_VM_IP_PORT
    • Network endpoint group of typeGCE_VM_IP
    • Managed or unmanaged instance group
  • The published service instances must be accessed byPrivate Service Connect backends that are based onload balancers that supports Private Service Connect health.
  • All Private Service Connect health resources are regional and must be in thesame region as the service that you are monitoring.
  • A health source resource must reference exactly one backend service.
  • A composite health check resource must reference from 1 to 10 healthsources.
  • A forwarding rule can be the health destination for only one compositehealth check.

Limitations

Private Service Connect health has the following limitations:

• Composite health states produced by Private Service Connect health are onlyvisible to the consumer load balancer and can't be viewed in logs.
• All Private Service Connect health resources, including the backend services andforwarding rules they reference, must exist in the same project.
• You can't use the composite health state of one service as a health sourcefor another service.
• There is no mode to test a health check configuration that doesn't affectconnected consumers. Any configured composite health checks can immediatelytrigger failover.
• Private Service Connect health only supportsPrivate Service Connect backends that access publishedservices.

Pricing

There is no additional charge for using Private Service Connect health. However, youare charged for resources and network traffic in your VPCnetwork.

For more information, seeVPC pricing.

What's next

• To configure Private Service Connect health, seeConfigure Private Service Connect health for automatic cross-region failover.