Articles

Choose the Right GCP Cloud Load Balancer for Your Traffic (2026)

April 18, 2026 4 min read

The first thing to understand about GCP Cloud Load Balancers is that they don’t just distribute traffic; they’re an integral part of your application’s availability and security posture, often performing tasks you wouldn’t expect from a simple proxy.

Let’s see one in action, specifically an External HTTP(S) Load Balancer. Imagine a user in New York requesting www.example.com.

  1. DNS Resolution: The user’s browser queries DNS for www.example.com. This resolves to a global IP address managed by Google Cloud.
  2. Global Network Edge: The request hits one of Google’s Points of Presence (PoPs) closest to New York. This is not in a specific region yet.
  3. SSL Termination (if HTTPS): If it’s an HTTPS request, the SSL certificate is terminated at this edge PoP. This is a key performance benefit – no need to send encrypted traffic all the way to your backend VMs.
  4. HTTP(S) Load Balancing Logic: The load balancer, still at the edge, inspects the request (URL path, host, headers) and applies routing rules defined in your backend service configuration.
  5. Regional Backend Selection: Based on the rules, it selects the most appropriate regional backend service. For example, a rule might say /api/* goes to the us-central1-api-backend service.
  6. Backend Instance Selection: Within that regional backend service, health checks determine which healthy instances can receive the traffic. The load balancer then selects one of these instances using a chosen balancing mode (e.g., round-robin, least connections).
  7. Forwarding to Instance: The request is then forwarded to the selected instance in us-central1.
  8. Application Processing: The instance processes the request and sends the response back.
  9. Response Path: The response travels back through the load balancer and Google’s network to the user in New York. Crucially, the response often returns directly from the load balancer’s PoP, not necessarily from the instance’s region, minimizing latency.

This entire process, from global edge to regional backend and back, is what you’re controlling when you choose and configure a GCP load balancer.

The Mental Model: Beyond Simple Distribution

GCP offers several types of load balancers, and the choice hinges on your traffic type and requirements:

  • Global External HTTP(S) Load Balancer: For internet-facing HTTP/S traffic, offering global reach, SSL offload, and sophisticated URL mapping. This is your standard web load balancer.
  • Global External HTTP(S) Load Balancer (Classic): An older version. Prefer the newer one unless you have specific legacy needs.
  • Global External HTTP(S) Load Balancer (Global Internal): For internal HTTP/S traffic within your VPC network, providing global reach internally.
  • Regional External Network Load Balancer: For TCP/UDP traffic that doesn’t need HTTP(S) features like SSL offload or URL mapping. It’s a pass-through L4 balancer.
  • Regional Internal Network Load Balancer: Similar to regional external, but for internal TCP/UDP traffic.
  • External TCP/SSL Proxy Load Balancer: For global TCP/SSL traffic that needs SSL offload but doesn’t require HTTP(S) aware routing.
  • Internal TCP/SSL Proxy Load Balancer: For internal TCP/SSL traffic.

Key Differentiators:

  • Global vs. Regional: Do you need a single IP address accessible from anywhere in the world (Global), or is your traffic confined to a specific region (Regional)?
  • Layer 4 (Network) vs. Layer 7 (HTTP/S, Proxy): Are you load balancing raw TCP/UDP packets (L4), or do you need to inspect and route based on HTTP headers, URL paths, or SSL certificates (L7)?
  • External vs. Internal: Is the traffic coming from the public internet (External), or is it originating from within your VPC network (Internal)?

Choosing the Right One:

  1. Internet-facing HTTP/S website or API: Global External HTTP(S) Load Balancer.
  2. Internal HTTP/S service within your VPC that needs to be accessed globally by other internal services: Global Internal HTTP(S) Load Balancer.
  3. Internet-facing TCP/UDP service (e.g., game server, custom protocol) where you don’t need HTTP features: Regional External Network Load Balancer.
  4. Internal TCP/UDP service within your VPC: Regional Internal Network Load Balancer.
  5. Internet-facing TCP/SSL service needing SSL termination but not HTTP routing: External TCP/SSL Proxy Load Balancer.

The way the Global External HTTP(S) Load Balancer handles health checks is a critical piece of its global resilience. It doesn’t just check if a backend instance is up; it actively probes backend services within specific regions. If a health check fails for all instances in us-central1, the load balancer will not send any traffic to that region, even if instances in europe-west1 are healthy. This regional isolation is a core design principle for maintaining availability during regional outages.

The next step after understanding these choices is to dive into the specifics of configuring backend services, including health checks, timeout settings, and connection draining, which are crucial for graceful application updates and preventing dropped connections.

Want structured learning?

Take the full Gcp course →