How To Set Up A Multi-Region Load Balancer On GCP?

Load balancing is necessary in case of any production-ready application. The load balancer is used for load balancing. The main goal here is to distribute the incoming traffic across multiple regions to ensure the high availability and high reliability of an application. Google Cloud Platform provides us with services to configure load balancers for managing traffic on the hosted application. In this article, we will be learning about global load balancers and how we can configure a multi-regional or Global load balancer using Google Cloud Platform.

What Is A Multi-region Load Balancer?

A multi-region load balancer in Google Cloud Platform is a load balancer used for distributing incoming network traffic across multiple regions. This type of load balancer creates globally backed services with a backend in multiple regions, which helps ensure efficient scaling and fault tolerance in different geographical locations. Multi-regional load balancers ensure high availability and reliability. Using a multi-regional load balancer ensures traffic is directed to the closest backend, which reduces latency and improves the overall performance of an application for the users.

Setting Up multi-region Load balancer In GCP: A Step-By-Step Guide

Here we will be creating a cross-region internal application load balancer in a VPC Network with one backend service. Here our objective is to build two backends in two different regions, say us-east1 and us-west1 and then we will be creating forwarding rule so that our multi-region load balancer can serve the requests.

Step 1: Create VPC Network

• Open Google Cloud Console and login with your credentials. Search VPC Network in the search bar or look for it the left sidebar. Click on VPC Network.

• Click on Create VPC Network and use the following configurations:

Name: lb-network-crs-reg

• On the subnet section, select custom and let’s create subnet for the load balancer backend.

 Name: lbsubnet-uswest1
Region: us-west1
IP address range: 10.1.2.0/24

• After Configuration, Click on Done.
• Click on Add Subnet to add another subnet. Here write the following information

Name: lbsubnet-useast1
Region: us-east1
IP address range: 10.1.3.0/24

• Click on Done.
• Leave all other settings as default and click on Create. Wait for few minutes and your VPC Network with defined subnets will be created.

Step 2: Configure Proxy-Only Subnet

• The proxy only subnet provides a set of IP addresses that Google uses to run Envoy proxies. The proxies will disconnect the connections from the user and create a new connection to the backends.
• This muti-region load balancer is still in preview mode for now, so there is a lack of GUI based configuration options. Hence we will go with manually writing configurations using Cloud shell.
• Open Cloud Shell in GCP and execute the following command. For us-west1 we are reserving the IP range 10.129.0.0/23.

    gcloud beta compute networks subnets create proxy-only-subnet1 \
        --purpose=GLOBAL_MANAGED_PROXY \
        --role=ACTIVE \
        --region=us-west1 \
        --network=lb-network-crs-reg \
        --range=10.129.0.0/23

Output:

• Now, Let’s reserve the IP range of 10.130.0.0/23 for us-east1.

    gcloud beta compute networks subnets create proxy-only-subnet2 \
        --purpose=GLOBAL_MANAGED_PROXY \
        --role=ACTIVE \
        --region=us-east1 \
        --network=lb-network-crs-reg \
        --range=10.130.0.0/23

Output:

• Now to verify the creation, go to the VPC network we have created, and check the subnet section.

• You can observe that these are reserved proxy only subnets for load balancing. You can also see that these proxy-subnets are cross-region managed proxy.

Step 3: Create Firewall Rules

A) Firewall rule to allow incoming ssh:

On your VPC Network click on add firewall rule to allow incoming ssh connections and follow the configuration
Name: fw_ilb_to_backends
Network: lb-network-crs-reg
Direction of traffic: Ingress
Action on match: Allow
Targets: Specified target tags
Target tags: allow-ssh
Source filter: IPv4 ranges
Source IPv4 ranges: 0.0.0.0/0

• Protocols and ports: Select the TCP checkbox, and then enter 22 for the port number.
• Click on Create.

B) Firewall rule to allow google health checks:

Again Click on Add Firewall rule to allow google cloud health checks,

• Name: fw_healthcheck
• Network: lb-network-crs-reg
• Direction of traffic: Ingress
• Action on match: Allow
• Targets: Specified target tags
• Target tags: load-balanced-backend
• Source filter: IPv4 ranges
• Source IPv4 ranges: 130.211.0.0/22 and 35.191.0.0/16
• Protocols and ports: Select the TCP checkbox, and then enter 80 for the port number.

C) Firewall rule to allow connection to backend:

• Again Click on Add firewall rule to allow load balancer’s proxy subnets to connect with the backends

Name: fw_backends
Network: lb-network-crs-reg
Direction of traffic: Ingress
Action on match: Allow
Targets: Specified target tags
Target tags: load-balanced-backend
Source filter: IPv4 ranges
Source IPv4 ranges: 10.129.0.0/23 and 10.130.0.0/23
Protocols and ports: Select the TCP checkbox, and then enter 80, 443, 8080 for the port numbers.

Step 4: Create managed instance group

• Here we are going to create a template and a managed instance group.
• The managed instance groups provide VM instances running the backend servers of an cross-region internal load balancer.

A) Create Instance Template

• In cloud console, go to Instance templates option and select the following configuration:

Name: gil7-backendeast1-template

• Boot Disk: Debian GNU/Linux 10 (buster)

• In Advance option, go to networking and For network tags write allow-ssh and load-balanced-backend.
• In Network interfaces select, Network: lb-network-crs-reg. Subnet: lbsubnet-useast1.

• Go to management and inside startup script enter the following:

#!/bin/bash
apt-get update
apt-get install apache2 -y
a2ensite default-ssl
a2enmod ssl
vm_hostname="$(curl -H "Metadata-Flavor:Google" \
http://169.254.169.254/computeMetadata/v1/instance/name)"
echo "Page served from: $vm_hostname" | \
tee /var/www/html/index.html
systemctl restart apache2

• Click on create.
• Again click on create instance template and follow the configurations

Name: gil7-backendwest1-template

Boot Disk: Debian GNU/Linux 10 (buster).

• Click Advanced options and then go to Networking and configure the following fields:
• Network tags: allow-ssh, load-balanced-backend.

• For Network interfaces, Network: lb-network-crs-reg, Subnet: lbsubnet-uswest1

• In Management section, inside startup script write the following:

#! /bin/bash
apt-get update
apt-get install apache2 -y
a2ensite default-ssl
a2enmod ssl
vm_hostname="$(curl -H "Metadata-Flavor:Google" \
http://169.254.169.254/computeMetadata/v1/instance/name)"
echo "Page served from: $vm_hostname" | \
tee /var/www/html/index.html
systemctl restart apache2

• Now click on create.

B) Create Instance Groups

• Search for instance groups and click on create instance group and follow the below given configurations:

Name: gl7-ilb-migb.
Location: Single zone.
Region: us-west1.
Zone: us-west1-a.
Instance template: gil7-backendwest1-template.
Autoscaling mode: Off:do not autoscale.
Maximum number of instances: 2.

• Click on create.
• Again click on create instance group.

Name: l7-ilb-backend-east
Location: Single zone.
Region: us-east1.
Zone: us-east1-b.
Instance template: gil7-backendeast1-template.
Autoscaling mode: Off:do not autoscale.
Maximum number of instances: 2.

Step 5: Configure Load Balancer

A) Create Health Check

• First lets create the health check up using cloud shell.

gcloud compute health-checks create http global-http-health-check \
   --use-serving-port \
   --global

Output:

B) Create backend service And Add Backend

• Now we will be creating the global backed service to connect to the backends we have created.

gcloud compute backend-services create gl7-gilb-backend-service \
  --load-balancing-scheme=INTERNAL_MANAGED \
  --protocol=HTTP \
  --enable-logging \
  --logging-sample-rate=1.0 \
  --health-checks=global-http-health-check \
  --global-health-checks \
  --global

Output:

• Now let’s add backends to the backend service.

gcloud compute backend-services add-backend gl7-gilb-backend-service \
  --balancing-mode=UTILIZATION \
  --instance-group=gl7-ilb-migb \
  --instance-group-zone=us-west1-a \
  --global

Output:

• For the other backend also do the same by using the following command,

gcloud compute backend-services add-backend gl7-gilb-backend-service \
  --balancing-mode=UTILIZATION \
  --instance-group=gl7-ilb-migb \
  --instance-group-zone=us-east1-b \
  --global

C) Create URL Map

• Now let’s create the URL map

gcloud compute url-maps create gl7-gilb-url-map \
  --default-service=gl7-gilb-backend-service \
  --global

Output:

D) Create Forwarding Rules

• And finally create the forwarding rules

gcloud compute forwarding-rules create gil7forwarding-rule-a \
  --load-balancing-scheme=INTERNAL_MANAGED \
  --network=lb-network-crs-reg \
  --subnet=lbsubnet-uswest1 \
  --subnet-region=us-west1 \
  --address=10.1.2.99 \
  --ports=80 \
  --target-http-proxy=gil7-http-proxy \
  --global

Output:

• Add another forwarding rule for us-east1.

gcloud compute forwarding-rules create gil7forwarding-rule-b \
  --load-balancing-scheme=INTERNAL_MANAGED \
  --network=lb-network-crs-reg \
  --subnet=lbsubnet-useast1 \
  --subnet-region=us-east1 \
  --address=10.1.3.99 \
  --ports=80 \
  --target-http-proxy=gil7-http-proxy \
  --global

Output:

Step 6: Verify The Multi-Region Load Balancer

• Once you have completed all the above steps correctly, you should be able to see the multi-region load balancer created in your Google Cloud Project.
• To check the same, let’s navigate to the load balancer section in GCP.
• Go to Networking Tab and then in the Network services click on Load balancing.

• Now wait for few seconds to all details get updated.

• As you can see we have successfully created a multi-region load balancer in Google Cloud Project.

Conclusion

A multi-region load balancer on Google Cloud Platform is a powerful tool to ensure high availability, scalability and performance of application using servers in different region. By efficiently distributing the load or the incoming traffic across multiple regions, these load balancers minimizes latency and optimize resource utilization. This features are still new to the Google cloud platform so there is a gap in GUI configuration, still can be configured using cloud shell commands.

Multi-region load balancer on GCP – FAQ’s

What Is A Multi-Region Load Balancer?

A multi region load balancer is a load balancer that distributes the incoming network traffic across multiple regions to reduce latency and optimize resource utilization for the application. This helps in ensuring high availability and reliability of the application.

What Is Health Check And Why Is It Necessary?

A health check is a regular test to ensure that instances are healthy and will be able to handle incoming traffic. That’s why it is a good practice to perform health check up before load balancer distributes traffic.

How To Create A Global Load Balancer?

To create a global load balancer, in your GCP Console, go to network services, then into Load balancing. Click on create load balancer and select HTTPS Load balancing or TCP/UDP Load balancing and then do the configurations with frontend and backends.

What Is Timeout In Load Balancer?

If the backend service doesn’t return a successful response, the load balancer closes the connection after waiting for 30 sec(generally) . This is known as Load balancer time-out. The timeout depends on the configurations made with the backend.

How Many Rules Can A Load Balancer Have?

The number of rules a load balancer can have depends on the load balancing service and it’s configuration. In GCP the maximum number of rules for a URL Map in the HTTPS Load balancing service is 1000.