### Cloud Load Balancers<br>

***

<br>

**Load Balancing**<br>

- distributes user traffic across multiple instances<br>
so by spreading the load, you reduce the risk of your app having a performance issues<br>
- load balancer is a single point of entry with multiple backends<br>
and with NGCP, backends could consist of instance groups or NEGs<br>
- fully distributed and software defined<br>
- load balancer is either global or regional<br>
- load balancer is meant to serve the content as close as possible to users<br>
- autoscaling with health checks<br>

**Load Balancing Types:**<br>

- **Global**<br>
    - External HTTP(S) Load Balancing<br> 
    - SSL Proxy Load Balancing<br>
    - TCP Proxy Load Balancing<br>

It can handle IPv6 traffics<br>

vs<br>

- **Regional**<br>
    - Internal HTTP(S) Load Balancing<br>
    - Internal TCP/UDP Load Balancing<br>
    - TCP/UDP Network Load Balancing<br>
<br>

regional is if you're looking to serving the backends in a single region<br>
and handling only IPv4 traffics<br>
<br>

- **External**<br>
    - External HTTP(S) Load Balancing<br>
    - SSL Proxy Load Balancing<br>
    - TCP Proxy Load Balancing<br>
    - TCP/UDP Network Load Balancing<br>

External load balancers are designed to distribute traffics<br>
coming in to your network from the internet<br>

vs<br>

- **Internal**<br>
    - Internal HTTP(S) Load Balancing<br>
    - Internal TCP/UDP Load Balancing<br>
<br>

Internal load balancers are designed to distribute<br>
within your own network<br>


- **Traffic Type**<br>
    - HTTP(S)<br>
        - External HTTP(S) Load Balancing<br>
        - Internal HTTP(S) Load Balancing<br>
        <br>
    - TCP<br>
        - TCP Proxy Load Balancing<br>
        - Network Load Balancing<br>
        - Internal TCP/UDP Load Balancing<br>
        <br>
    - UDP<br>
        - Network Load Balancing<br>
        - Internal TCP/UDP Load Balancing<br>
        <br>

##### **Backend Services**<br>

How load balancers know what to do, is defined by the backend service<br>
Backend service configs contains set of values. protocols, various distribution and session settings, health check and timeouts<br>
Settings provide a fine-grain control over how your load balancer behaves<br>
external HTTP(S) must have at least 1 backend service or multiple<br>
backend of backend service can be either instance groups or Network end-point groups(NEG)<br>

**NEG (Network End point Group)** is a configuration object that specifies a group of backend endpoints or services<br>
Common use case for this configuration is deploying services into containers.<br>

Back to backend services<br>
Google runs a **health check** to determine the eligibility for receiving new connections<br>
backends that response successfully for a configured number of times are considered healthy<br>
fail = unhealthy, traffics won't be routed to it<br>

**Session Affinity** is sends all request from same client to the same backend.<br>

**Service Timeout** - next value, the amount of time that load balancer waits for backend to return a full response to the request<br>

**Traffic Distribution** - comprises of 3 different values<br>
    - balancing mode: defines how load balancers measures backend readiness for new request<br>
    - target capacity: defines target max # of connections at target maximum rate<br>
    - capacity scalar: adjusts overall available capacity without modifying the target capacity<br>
    - backends: group of end points that receive traffics from Google Cloud load balancer<br>
    there are multiple of backends, but the one we're focusing is instances groups<br>



**HTTP(S) Traffic Management**<br>

**cross-region load balancing**<br>
if you're using global, it can route to the closests load balancer based on proximity<br>

**content-based load balancing**<br>
HTTP(S) supports content based load balancing based on URL map<br>
select the backend service based on the host name, request path or both<br>

In [None]:
URL map configuration:
/static/*=>backend service: static
/video=>backend service: video
/images=>backend service: images


**HTTP(S) Load Balancer**<br>

This is a global proxy-based Layer 7(Application Layer?) load balancer<br>
behind a single external IP Address<br>

- single Unicast IP address<br>
- implemented on Google Front Ends(GFE) - GFE offers cross balancing, offering healthy path<br>
- load balancer can be global, external, internal<br>
- supports HTTPS and SSL for encryption in transit<br>
- takes both IPv4 and IPv6 traffic<br>
IPv6 traffic terminates at LB and served as IPv4 to the backend<br>
- distributes the traffic by the location or the content<br>
- forwarding rules are in place to distribute defined targets to target pools<br>
Ex. video content could go to one target, like the examples above<br>
- URL maps direct requests based on rules<br>
- SSL certificates are needed for HTTPS (can be Google-Managed or Self-Managed)<br>
- Ports used for HTTP 80, 8080, HTTPS: 443<br>
<br>

**SSL Proxy**<br>

Reverse proxy load balancer that distributes SSL traffic coming from the internet to the VMs<br>

- client SSL sessions are terminatd at load balancing layer and proxy to the closest region<br>
- standard tier: SSL load balancer handles load balancing regionally<br>
premium tier: load balancer handles globally<br>
- distributes traffic by location only<br>
- SSL load balancing let you use a single unicast IP address<br>
- Layer 4(network layer) Load Balancer<br>
- **SSL load balancer support for TCP with SSL offload**<br>
this is not like HTTP(S) Load Balancer where we can use specific rules or configs to direct traffic<br>
- SSL proxy load balancer supports both IPv4 and IPv6<br>
IPv6 traffic terminates at LB and serves IPv4 to the backend<br>
- Forwarding rules are in place to distribute each defined targets to target pools<br>
- It can also be used for other protocols that use SSL, such as: Websockets, IMAP over SSL<br>
<br>

**TCP Proxy**<br>

Reverse proxy load balancer that distributes TCP traffic coming from the internet to the VMs<br>

- traffic coming over TCP connection is terminated at LB<br>
then forward traffic as SSL or TCP<br>
- Load Balancer will determine which instances are at capacity and send them to not busy instances<br>
- like SSL, TCP LB let you use single unicast IP Address<br>
- Layer 4(network layer) Load Balancer<br>
- can serve traffic both globally and externally<br>
- TCP distributes the traffic by location only<br>
- Intended for non HTTP traffic<br>
- Supports IPv4/IPv6 traffic<br>
IPv6 traffic terminates at LB and serves IPv4 to the backend<br>
- Supports many well known TCP ports, such as PORT:25 (simple mail protocol or SMTP)<br>
<br>

**Network Load Balancer**<br>

Pass-through load balancer that distributes TCP and UDP traffic to VMs<br>

- Not a proxy<br>
therefore responses from backend go directly to the client (direct server return)<br>
- layer 4 regional load balancer and external<br>
- supports either TCP or UDP, but not both<br>
- support traffic on ports that aren't supported by TCP proxy and SSL proxy<br>
- SSL decrypted by backends, but not by load balancer<br>
- Traffic distributed by protocol, scheme and scope<br>
- No TLS offloading or proxying<br>
- Multiple forwarding rules reference one target pool<br>
- Other protocols use target instances<br>
- Self manage SSL certificates<br>
<br>

**Internal Load Balancer**<br>

Pass-through load balancer that distributes TCP and UDP traffic to VMs<br>

- layer 4 regional load balancer<br>
- regional and internal<br>
- supports either TCP or UDP, but not both<br>
- Balances internal traffic between instances<br>
- cannot be used to balance the internet traffic<br>
- traffic is automatically sent to the backend, doesn't terminate client connections<br>
- forwarding rules:<br>
    - you must specify at least one and up to 5 ports by number<br>
    - you must specify ALL to forward traffic to all ports<br>
<br>