Internal/External Forwarding Rule in GCP
In Cloud Computing and specifically focusing on Google Cloud Platform, a forwarding rule is set up to allow incoming traffic and direct it from individual ports within a specific range to particular ports on user VM’s on Google Cloud Platform. This range of ports can be opened on the public IP Address by using firewall rules. A Forwarding Rule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
The main application of these forwarding rules is in the Load Balancers of GCP which are responsible to distribute your network’s traffic and autoscale it as up or down with respect to your network’s availability. Now, each of these forwarding rules referred to an IP address and one or more ports on which the load balancer accepts traffic. With some of the Google Cloud Load Balancers you can limit the number of your predefined set of ports and for others, you are allowed to specify arbitrary ports.
Also, you cannot use port forwarding to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups.
You can also specify an IP protocol for a forwarding rule which is always either TCP or UDP protocol for Google Cloud load balancers
- Depending on the range or the extent of your network, a forwarding rule can be classified as either an Internal forwarding rule or an External forwarding rule.
- In the context of scope, forwarding rules resources can also be further grouped as Global or Regional.
Basic difference :
|Internal Forwarding Rule||External Forwarding Rule|
|It is mainly applied to forward traffic that originates inside a Google Cloud network||It is used for forwarding traffic that originates from the internet, outside of your VPC network.|
|For an internal forwarding rule, you need to have the clients in the same Virtual Private Cloud Network as a backend service, or in a connected network||For an external forwarding rule, you are allowed to have the clients globally located outside the scope of your VPC network.|
Use of Internal/External forwarding rules :
Internal Forwarding Rules are used by two types of Google Cloud load balancers:
- Internal TCP/UDP load balancers –
The supported protocol is either TCP or UDP but not both at the same time. Each of these load balancers have atleast one internal regional forwarding rule.
- Internal HTTP(S) load balancers –
The supported protocol can be HTTP, HTTPS, or HTTP/2. Each of these load balancers have exactly one internal regional forwarding rule.
Whereas, External forwarding rules are used by the following Google Cloud load balancers:
- External HTTP(S) load balancers –
It uses a global external IP address in premium tier whereas a regional external IP address in standard tier.
- SSL proxy load balancers –
These are similar to an external HTTP(S) load balancer as they can terminate SSL (TLS) sessions but they are used for non-HTTP(S) traffic.
- TCP proxy load balancers –
These are intended to be used for specific ports well-known ports such as port 25 for SMTP.
- Network load balancers –
These are not proxy load balancers and are used to direct TCP/UDP traffic across regional backends.