Google Cloud Load Balancing is a fully distributed, software-defined managed service for distributing traffic across applications and regions. It offers a range of load balancing options to support different types of traffic, from global external HTTP(S) traffic to internal TCP/UDP traffic within a single region.
Key Features
Autoscaling : Handles increases in traffic without pre-warming
Global and Regional : Distribute traffic globally or within specific regions
Integrated with Google Cloud : Works with Cloud CDN, Cloud Armor, and Monitoring
Intelligent traffic distribution : Based on capacity, proximity, and health
Layer 4 and Layer 7 support : Protocol and application-level load balancing
Modern protocols : Support for HTTP/2 and QUIC
Security features : Integration with Cloud Armor for DDoS protection and WAF capabilities
Load Balancing Types
Global Load Balancers
Type
Use Case
Protocol Support
Notes
Global External Application Load Balancer
Global HTTP(S), gRPC traffic
HTTP, HTTPS, HTTP/2, gRPC
Integrate with Cloud CDN and Cloud Armor
Global External Proxy Network Load Balancer
TLS termination, preserves client source IP
Global External Classic Application Load Balancer (Legacy)
Predecessor to Global External Application Load Balancer
Regional Load Balancers
Type
Use Case
Protocol Support
Notes
Regional External Application Load Balancer
HTTP, HTTPS, HTTP/2, gRPC
Lower latency within a region
Regional Internal Application Load Balancer
HTTP, HTTPS, HTTP/2, gRPC
Private traffic inside VPC
Regional External Network Load Balancer
Preserves client source IP
Regional Internal Network Load Balancer
Internal RFC 1918 clients
Cross-region Internal Network Load Balancer
Internal traffic across regions
Multi-region internal services
Choosing the Right Load Balancer
HTTP(S) Traffic :
Global reach needed : Global External Application Load Balancer
Single region traffic : Regional External Application Load Balancer
Internal services : Regional Internal Application Load Balancer
TCP/UDP Traffic :
Global TCP : Global External Proxy Network Load Balancer
Regional TCP/UDP with preserved client IPs : Regional External Network Load Balancer
Internal TCP/UDP : Regional Internal Network Load Balancer
Cross-region internal : Cross-region Internal Network Load Balancer
Global External Application Load Balancer
This setup creates a globally distributed HTTP load balancer for a web application:
Copy # Google Cloud Provider Configuration
provider "google" {
project = "my-project-id"
region = "us-central1"
}
# Reserve a global static external IP address
resource "google_compute_global_address" "default" {
name = "global-lb-ip"
}
# Create a backend service with health check
resource "google_compute_health_check" "default" {
name = "http-health-check"
check_interval_sec = 5
timeout_sec = 5
http_health_check {
port = 80
request_path = "/health"
}
}
# Create instance group for backend VMs
resource "google_compute_instance_group" "webservers" {
name = "webserver-group"
description = "Web server instance group"
zone = "us-central1-a"
named_port {
name = "http"
port = 80
}
# Note: In a real deployment, you would reference existing instances
# or use an instance group manager with an instance template
}
# Backend service to distribute traffic to instances
resource "google_compute_backend_service" "default" {
name = "web-backend-service"
protocol = "HTTP"
port_name = "http"
timeout_sec = 30
enable_cdn = true
load_balancing_scheme = "EXTERNAL"
health_checks = [google_compute_health_check.default.id]
backend {
group = google_compute_instance_group.webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
# Optional: Configure Cloud CDN
cdn_policy {
cache_mode = "CACHE_ALL_STATIC"
client_ttl = 3600
default_ttl = 3600
max_ttl = 86400
serve_while_stale = 86400
}
}
# URL map to route requests to the backend service
resource "google_compute_url_map" "default" {
name = "web-url-map"
default_service = google_compute_backend_service.default.id
# Optional: Add path-based routing rules
host_rule {
hosts = ["example.com"]
path_matcher = "main"
}
path_matcher {
name = "main"
default_service = google_compute_backend_service.default.id
path_rule {
paths = ["/api/*"]
service = google_compute_backend_service.default.id
}
}
}
# HTTP target proxy to route requests to URL map
resource "google_compute_target_http_proxy" "default" {
name = "web-proxy"
url_map = google_compute_url_map.default.id
}
# Global forwarding rule to route traffic to the proxy
resource "google_compute_global_forwarding_rule" "default" {
name = "web-forwarding-rule"
ip_address = google_compute_global_address.default.address
port_range = "80"
target = google_compute_target_http_proxy.default.id
load_balancing_scheme = "EXTERNAL"
}
# Optional: Set up HTTPS with managed SSL certificate
resource "google_compute_managed_ssl_certificate" "default" {
name = "web-ssl-cert"
managed {
domains = ["example.com"]
}
}
resource "google_compute_target_https_proxy" "default" {
name = "web-https-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [google_compute_managed_ssl_certificate.default.id]
}
resource "google_compute_global_forwarding_rule" "https" {
name = "web-https-forwarding-rule"
ip_address = google_compute_global_address.default.address
port_range = "443"
target = google_compute_target_https_proxy.default.id
load_balancing_scheme = "EXTERNAL"
} Regional Internal Application Load Balancer
This setup creates a regional internal HTTP load balancer for internal microservices:
Copy # Define a regional internal application load balancer
resource "google_compute_region_health_check" "default" {
name = "internal-http-health-check"
region = "us-central1"
check_interval_sec = 5
timeout_sec = 5
http_health_check {
port = 8080
request_path = "/healthz"
}
}
# Create a regional backend service
resource "google_compute_region_backend_service" "default" {
name = "internal-backend-service"
region = "us-central1"
protocol = "HTTP"
port_name = "http"
timeout_sec = 30
load_balancing_scheme = "INTERNAL_MANAGED"
health_checks = [google_compute_region_health_check.default.id]
backend {
group = google_compute_region_instance_group_manager.default.instance_group
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}
# Create a URL map for routing
resource "google_compute_region_url_map" "default" {
name = "internal-url-map"
region = "us-central1"
default_service = google_compute_region_backend_service.default.id
}
# Create regional HTTP proxy
resource "google_compute_region_target_http_proxy" "default" {
name = "internal-http-proxy"
region = "us-central1"
url_map = google_compute_region_url_map.default.id
}
# Create a forwarding rule to route traffic to the proxy
resource "google_compute_forwarding_rule" "default" {
name = "internal-forwarding-rule"
region = "us-central1"
ip_protocol = "TCP"
port_range = "8080"
load_balancing_scheme = "INTERNAL_MANAGED"
target = google_compute_region_target_http_proxy.default.id
network = "default"
subnetwork = "default"
}
# Create a managed instance group for the backends
resource "google_compute_region_instance_group_manager" "default" {
name = "internal-service-mig"
region = "us-central1"
base_instance_name = "service"
version {
instance_template = google_compute_instance_template.default.id
}
auto_healing_policies {
health_check = google_compute_region_health_check.default.id
initial_delay_sec = 300
}
target_size = 2
}
# Define the instance template for the backends
resource "google_compute_instance_template" "default" {
name = "internal-service-template"
machine_type = "e2-medium"
disk {
source_image = "debian-cloud/debian-11"
auto_delete = true
boot = true
}
network_interface {
network = "default"
# No access_config means no external IP
}
metadata_startup_script = <<-EOT
#!/bin/bash
apt-get update
apt-get install -y nginx
cat > /var/www/html/healthz <<EOF
OK
EOF
cat > /etc/nginx/sites-available/default <<EOF
server {
listen 8080;
location / {
root /var/www/html;
}
location /healthz {
root /var/www/html;
}
}
EOF
systemctl restart nginx
EOT
tags = ["allow-health-check"]
}
# Create a firewall rule to allow health checks
resource "google_compute_firewall" "default" {
name = "allow-health-check"
network = "default"
allow {
protocol = "tcp"
ports = ["8080"]
}
source_ranges = ["35.191.0.0/16", "130.211.0.0/22"]
target_tags = ["allow-health-check"]
} Regional External Network Load Balancer
This setup creates a regional external TCP load balancer that preserves client IP addresses:
Copy # Create a health check for the backend service
resource "google_compute_region_health_check" "tcp_health_check" {
name = "tcp-health-check"
region = "us-central1"
check_interval_sec = 5
timeout_sec = 5
tcp_health_check {
port = 80
}
}
# Create a regional backend service
resource "google_compute_region_backend_service" "backend" {
name = "tcp-backend-service"
region = "us-central1"
protocol = "TCP"
load_balancing_scheme = "EXTERNAL"
health_checks = [google_compute_region_health_check.tcp_health_check.id]
backend {
group = google_compute_instance_group.backends.id
balancing_mode = "CONNECTION"
}
}
# Create an instance group for the backends
resource "google_compute_instance_group" "backends" {
name = "tcp-backend-group"
zone = "us-central1-a"
instances = [google_compute_instance.backend.id]
named_port {
name = "http"
port = 80
}
}
# Create a backend VM
resource "google_compute_instance" "backend" {
name = "tcp-backend-vm"
machine_type = "e2-medium"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = "default"
access_config {
// Ephemeral public IP
}
}
metadata_startup_script = <<-EOT
#!/bin/bash
apt-get update
apt-get install -y nginx
systemctl start nginx
EOT
}
# Reserve an external IP address
resource "google_compute_address" "lb_ip" {
name = "tcp-lb-ip"
region = "us-central1"
}
# Create a forwarding rule
resource "google_compute_forwarding_rule" "tcp_forwarding_rule" {
name = "tcp-forwarding-rule"
region = "us-central1"
load_balancing_scheme = "EXTERNAL"
port_range = "80"
ip_address = google_compute_address.lb_ip.address
backend_service = google_compute_region_backend_service.backend.id
}
# Create firewall rule to allow traffic from Google Load Balancers
resource "google_compute_firewall" "allow_lb" {
name = "allow-lb-to-backends"
network = "default"
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["http-server"]
} Implementation with gcloud CLI
Global External Application Load Balancer
Copy # Create a global static IP address
gcloud compute addresses create global-lb-ip \
--global
# Create health check
gcloud compute health-checks create http http-basic-check \
--port=80 \
--check-interval=5s \
--timeout=5s \
--healthy-threshold=2 \
--unhealthy-threshold=2 \
--request-path="/health"
# Create a backend service
gcloud compute backend-services create web-backend-service \
--protocol=HTTP \
--port-name=http \
--health-checks=http-basic-check \
--global
# Add your instance group to the backend service
gcloud compute backend-services add-backend web-backend-service \
--instance-group=webserver-group \
--instance-group-zone=us-central1-a \
--global
# Create URL map
gcloud compute url-maps create web-map \
--default-service=web-backend-service
# Create HTTP target proxy
gcloud compute target-http-proxies create http-lb-proxy \
--url-map=web-map
# Create forwarding rule
gcloud compute forwarding-rules create http-content-rule \
--address=global-lb-ip \
--global \
--target-http-proxy=http-lb-proxy \
--ports=80 Regional Internal Application Load Balancer
Copy # Create health check
gcloud compute health-checks create http internal-http-health-check \
--port=8080 \
--request-path="/healthz" \
--check-interval=5s \
--timeout=5s \
--region=us-central1
# Create backend service
gcloud compute backend-services create internal-backend-service \
--region=us-central1 \
--health-checks=internal-http-health-check \
--health-checks-region=us-central1 \
--protocol=HTTP \
--load-balancing-scheme=INTERNAL_MANAGED
# Add instance group to backend service
gcloud compute backend-services add-backend internal-backend-service \
--instance-group=internal-service-mig \
--instance-group-region=us-central1 \
--region=us-central1
# Create URL map
gcloud compute url-maps create internal-url-map \
--region=us-central1 \
--default-service=internal-backend-service
# Create HTTP proxy
gcloud compute target-http-proxies create internal-http-proxy \
--region=us-central1 \
--url-map=internal-url-map \
--url-map-region=us-central1
# Create forwarding rule
gcloud compute forwarding-rules create internal-forwarding-rule \
--region=us-central1 \
--load-balancing-scheme=INTERNAL_MANAGED \
--network=default \
--subnet=default \
--target-http-proxy=internal-http-proxy \
--target-http-proxy-region=us-central1 \
--ports=8080 Advanced Configurations
Custom Headers and URL Rewrites
For Application Load Balancers, you can configure custom headers and URL rewrites:
Copy resource "google_compute_url_map" "advanced_url_map" {
name = "advanced-url-map"
default_service = google_compute_backend_service.default.id
host_rule {
hosts = ["example.com"]
path_matcher = "advanced"
}
path_matcher {
name = "advanced"
default_service = google_compute_backend_service.default.id
path_rule {
paths = ["/api/*"]
service = google_compute_backend_service.api.id
route_action {
url_rewrite {
path_prefix_rewrite = "/v1/"
}
}
}
path_rule {
paths = ["/legacy/*"]
service = google_compute_backend_service.legacy.id
header_action {
request_headers_to_add {
header_name = "X-Source"
header_value = "legacy-gateway"
replace = true
}
}
}
}
} Weighted Traffic Distribution
For Global Application Load Balancers, you can implement weighted traffic distribution for A/B testing or canary deployments:
Copy resource "google_compute_url_map" "weighted_url_map" {
name = "weighted-url-map"
default_service = google_compute_backend_service.prod.id
host_rule {
hosts = ["example.com"]
path_matcher = "weighted"
}
path_matcher {
name = "weighted"
default_service = google_compute_backend_service.prod.id
route_rules {
priority = 1
match_rules {
prefix_match = "/features/"
}
route_action {
weighted_backend_services {
backend_service = google_compute_backend_service.prod.id
weight = 90
}
weighted_backend_services {
backend_service = google_compute_backend_service.canary.id
weight = 10
}
}
}
}
} Session Affinity
Configure session affinity to route requests from the same client to the same backend:
Copy resource "google_compute_backend_service" "affinity_service" {
name = "affinity-backend-service"
protocol = "HTTP"
load_balancing_scheme = "EXTERNAL"
timeout_sec = 30
health_checks = [google_compute_health_check.default.id]
backend {
group = google_compute_instance_group.webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
session_affinity = "GENERATED_COOKIE"
# For cookie-based affinity
consistent_hash {
http_cookie {
name = "session-cookie"
ttl {
seconds = 3600
}
}
}
} SSL Policies for Enhanced Security
Create a custom SSL policy for HTTPS load balancers:
Copy # Create custom SSL policy
resource "google_compute_ssl_policy" "secure_policy" {
name = "secure-ssl-policy"
profile = "MODERN"
min_tls_version = "TLS_1_2"
# Optional: specify allowed cipher suites
custom_features = [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
}
# Apply SSL policy to HTTPS proxy
resource "google_compute_target_https_proxy" "default" {
name = "web-https-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [google_compute_managed_ssl_certificate.default.id]
ssl_policy = google_compute_ssl_policy.secure_policy.id
} Cloud Armor Integration for WAF and DDoS Protection
Add Cloud Armor security policy to your load balancer:
Copy # Create Cloud Armor security policy
resource "google_compute_security_policy" "policy" {
name = "my-security-policy"
# Default rule (lowest priority, evaluated last)
rule {
action = "allow"
priority = "2147483647"
match {
versioned_expr = "SRC_IPS_V1"
config {
src_ip_ranges = ["0.0.0.0/0"]
}
}
description = "Default rule, allow all traffic"
}
# Block traffic from specific countries
rule {
action = "deny(403)"
priority = "1000"
match {
expr {
expression = "origin.region_code == 'CN'"
}
}
description = "Block traffic from China"
}
# Block common SQL injection patterns
rule {
action = "deny(403)"
priority = "2000"
match {
expr {
expression = "evaluatePreconfiguredExpr('sqli-stable')"
}
}
description = "Block SQL injection attempts"
}
# Rate limit by IP
rule {
action = "rate_based_ban"
priority = "3000"
match {
versioned_expr = "SRC_IPS_V1"
config {
src_ip_ranges = ["0.0.0.0/0"]
}
}
description = "Rate limit all traffic"
rate_limit_options {
conform_action = "allow"
exceed_action = "deny(429)"
enforce_on_key = "IP"
rate_limit_threshold {
count = 100
interval_sec = 60
}
}
}
}
# Apply security policy to backend service
resource "google_compute_backend_service" "default" {
name = "web-backend-service"
protocol = "HTTP"
port_name = "http"
timeout_sec = 30
enable_cdn = true
load_balancing_scheme = "EXTERNAL"
health_checks = [google_compute_health_check.default.id]
security_policy = google_compute_security_policy.policy.id
backend {
group = google_compute_instance_group.webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
} Load Balancing Patterns
Multi-Regional Active-Active
Deploy a global load balancer with backend services in multiple regions for high availability:
Copy resource "google_compute_backend_service" "multi_region" {
name = "multi-region-backend"
protocol = "HTTP"
port_name = "http"
load_balancing_scheme = "EXTERNAL"
timeout_sec = 30
health_checks = [google_compute_health_check.default.id]
# US region backend
backend {
group = google_compute_instance_group.us_webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
# Europe region backend
backend {
group = google_compute_instance_group.eu_webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
# Asia region backend
backend {
group = google_compute_instance_group.asia_webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
# Use latency-based routing
locality_lb_policy = "LEAST_REQUEST"
} Internal Microservices Architecture
Create internal load balancers for microservices communication:
Copy # Service A - Internal Load Balancer
resource "google_compute_region_backend_service" "service_a" {
name = "service-a-backend"
region = "us-central1"
protocol = "HTTP"
load_balancing_scheme = "INTERNAL_MANAGED"
health_checks = [google_compute_region_health_check.service_a_health.id]
backend {
group = google_compute_region_instance_group_manager.service_a.instance_group
balancing_mode = "UTILIZATION"
}
}
# Service B - Internal Load Balancer
resource "google_compute_region_backend_service" "service_b" {
name = "service-b-backend"
region = "us-central1"
protocol = "HTTP"
load_balancing_scheme = "INTERNAL_MANAGED"
health_checks = [google_compute_region_health_check.service_b_health.id]
backend {
group = google_compute_region_instance_group_manager.service_b.instance_group
balancing_mode = "UTILIZATION"
}
}
# API Gateway - External Load Balancer
resource "google_compute_backend_service" "api_gateway" {
name = "api-gateway-backend"
protocol = "HTTP"
port_name = "http"
load_balancing_scheme = "EXTERNAL"
health_checks = [google_compute_health_check.gateway_health.id]
backend {
group = google_compute_instance_group_manager.api_gateway.instance_group
balancing_mode = "UTILIZATION"
}
} CDN Integration Pattern
Integrate Cloud CDN with Application Load Balancer for static content:
Copy resource "google_compute_backend_service" "cdn_backend" {
name = "cdn-backend-service"
protocol = "HTTP"
port_name = "http"
timeout_sec = 30
enable_cdn = true
load_balancing_scheme = "EXTERNAL"
health_checks = [google_compute_health_check.default.id]
backend {
group = google_compute_instance_group.webservers.id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
cdn_policy {
cache_mode = "USE_ORIGIN_HEADERS"
client_ttl = 3600
default_ttl = 3600
max_ttl = 86400
negative_caching = true
serve_while_stale = 86400
cache_key_policy {
include_host = true
include_protocol = true
include_query_string = true
}
}
} Monitoring and Logging
CloudWatch Metrics for Load Balancers
Copy # Create a dashboard for load balancer monitoring
resource "google_monitoring_dashboard" "lb_dashboard" {
dashboard_json = <<EOF
{
"displayName": "Load Balancer Dashboard",
"gridLayout": {
"columns": "2",
"widgets": [
{
"title": "Request Count",
"xyChart": {
"dataSets": [
{
"timeSeriesQuery": {
"timeSeriesFilter": {
"filter": "metric.type=\"loadbalancing.googleapis.com/https/request_count\" resource.type=\"https_lb_rule\" resource.label.\"forwarding_rule_name\"=\"${google_compute_global_forwarding_rule.default.name}\"",
"aggregation": {
"alignmentPeriod": "60s",
"perSeriesAligner": "ALIGN_RATE"
}
}
}
}
]
}
},
{
"title": "Backend Latency",
"xyChart": {
"dataSets": [
{
"timeSeriesQuery": {
"timeSeriesFilter": {
"filter": "metric.type=\"loadbalancing.googleapis.com/https/backend_latencies\" resource.type=\"https_lb_rule\" resource.label.\"forwarding_rule_name\"=\"${google_compute_global_forwarding_rule.default.name}\"",
"aggregation": {
"alignmentPeriod": "60s",
"perSeriesAligner": "ALIGN_PERCENTILE_95"
}
}
}
}
]
}
}
]
}
}
EOF
} Setting Up Alerting Policies
Copy # Create alert policy for 5xx errors
resource "google_monitoring_alert_policy" "lb_5xx_errors" {
display_name = "High 5xx Error Rate Alert"
combiner = "OR"
conditions {
display_name = "Error Rate > 5%"
condition_threshold {
filter = "metric.type=\"loadbalancing.googleapis.com/https/request_count\" resource.type=\"https_lb_rule\" resource.label.\"forwarding_rule_name\"=\"${google_compute_global_forwarding_rule.default.name}\" metric.label.\"response_code_class\"=\"500\""
duration = "60s"
comparison = "COMPARISON_GT"
threshold_value = 0.05
aggregations {
alignment_period = "60s"
per_series_aligner = "ALIGN_RATE"
cross_series_reducer = "REDUCE_SUM"
group_by_fields = ["resource.label.forwarding_rule_name"]
}
denominator_filter = "metric.type=\"loadbalancing.googleapis.com/https/request_count\" resource.type=\"https_lb_rule\" resource.label.\"forwarding_rule_name\"=\"${google_compute_global_forwarding_rule.default.name}\""
denominator_aggregations {
alignment_period = "60s"
per_series_aligner = "ALIGN_RATE"
cross_series_reducer = "REDUCE_SUM"
group_by_fields = ["resource.label.forwarding_rule_name"]
}
}
}
notification_channels = [
google_monitoring_notification_channel.email.id
]
documentation {
content = "High rate of 5xx errors detected on load balancer ${google_compute_global_forwarding_rule.default.name}"
mime_type = "text/markdown"
}
}
resource "google_monitoring_notification_channel" "email" {
display_name = "DevOps Team Email"
type = "email"
labels = {
email_address = "devops@example.com"
}
} Best Practices
Choose the right load balancer : Match your load balancer type to your traffic patterns and requirements
Implement health checks properly : Design health checks that accurately reflect service health, not just connectivity
Utilize Cloud CDN : Enable Cloud CDN for static content to reduce backend load and improve user experience
Implement security layers : Use Cloud Armor for WAF capabilities and DDoS protection
Configure appropriate session affinity : Choose the correct affinity method based on your application requirements
Set up proper monitoring : Configure dashboards and alerts for key metrics like latency, errors, and traffic
Design for high availability : Use multiple regions for global services and multiple zones for regional services
Optimize backend instance groups : Use managed instance groups with autoscaling for dynamic workloads
Define custom headers for backend routing : Add custom headers to help backend services identify traffic source
Implement graceful backend transitions : Use weighted traffic distribution for canary releases
Configure appropriate timeouts : Adjust timeout settings based on backend service response characteristics
Troubleshooting
Common Issues and Solutions
5xx Errors from Load Balancer
Check backend service health
Verify backend instance capacity
Inspect backend service logs for errors
Confirm firewall rules allow health check traffic
High Latency
Check backend service resource utilization
Verify proper region selection for regional load balancers
Enable and optimize Cloud CDN for cacheable content
Use network performance tests to identify bottlenecks
SSL/TLS Certificate Problems
Verify certificate validity and domain names
Check SSL policy configuration
Ensure certificates are properly uploaded and linked
Look for certificate mismatch errors in logs
Load Balancer Not Distributing Traffic Evenly
Review balancing mode settings
Check instance group health and capacity
Verify session affinity settings
Inspect health check pass/fail rates
Diagnostic Commands
Copy # Check health check status for instances
gcloud compute backend-services get-health web-backend-service \
--global
# View recent load balancer logs
gcloud logging read 'resource.type=http_load_balancer AND resource.labels.forwarding_rule_name=web-forwarding-rule' \
--limit=10
# Get load balancer details
gcloud compute forwarding-rules describe web-forwarding-rule \
--global
# List SSL certificates
gcloud compute ssl-certificates list
# Test backend connectivity from Cloud Shell
curl -v --resolve example.com:443:$(gcloud compute addresses describe global-lb-ip --global --format='value(address)') https://example.com/ Further Reading