TCP network load balancers support SSL natively, making it possible to secure network traffic. Unlike SSL proxy load balancing and HTTP(S) load balancing, TCP network load balancing simply allows SSL traffic to pass through the load balancer and terminate at the VM itself. For NLBs, there are four higher-level primary components involved: a target pool, a regional…

External Application Load Balancers are proxies that use at least two TCP connections: The load balancer’s secondary TCP connections might not get closed after each request; they can stay open to handle multiple HTTP requests and responses. The backend HTTP keepalive timeout defines the TCP idle timeout between the load balancer and your backends. The backend HTTP…

You can reserve static IP addresses. You can also list and release your reserved static IP addresses. You can reuse a static IP for multiple load balancers.

A proxy-only subnet provides a pool of IP addresses that are reserved exclusively for Envoy proxies used by Google Cloud load balancers. It cannot be used for any other purposes. Each of the load balancer’s proxies is assigned an internal IP address. Packets sent from a proxy to a backend VM or endpoint has a…

Network load balancers distribute traffic across a set of compute instances known as a target pool. Target pools are regional resources which may contain compute instances across multiple zones within a single region. Each Google Cloud project may have up to 50 target pools. For NLBs, target pools may operate on individual compute instances or on…

The authorization provided to applications hosted on a Compute Engine instance is limited by two separate configurations: the roles granted to the attached service account, and the access scopes that you set on the instance. Both of these configurations must allow access before the application running on the instance can access a resource. Don’t rely on default Service…

Lists accounts and shows which account is active. The active account is used by gcloud and other Google Cloud CLI tools to access Google Cloud Platform. While there is no limit on the number of accounts with stored credentials, there is only one active account.

There are nine types of load balancers, global or regional—the former to denote a load balancer with components (backends) in multiple regions and the latter with all components in a single region. Backend services are the means a load balancer uses to send incoming traffic to compute resources responsible for serving requests.The compute resources are…

A common use case is to inspect bidirectional traffic between two VPC networks by leveraging a group of network virtual appliances, that is, multi-NIC VMs. VPC networks named vpc-a and vpc-b, each with one subnet. Each backend VM has two network interfaces, one attached to each VPC network (nic0 attached to VPC vpc-a, nic1 attached…

A public zone hosts DNS records that are visible to the Internet, whereas a private zone hosts DNS records that are visible only inside your organization. Creating Forwarding Zones A forwarding zone overrides normal DNS resolution of the specified zones. Instead, queries for the specified zones are forwarded to the listed forwarding targets: –dns-name is…