Cloud Load Balancing release notes

This page contains release notes for features and updates to Cloud Load Balancing.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/cloudloadbalancing-release-notes.xml

March 27, 2024

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

This capability is in Preview.

Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS(General Availability).

March 20, 2024

The Google Cloud Console has launched a new wizard experience to walk you through the process of selecting a new load balancer. The new wizard walks you through all the available options (internal or internet-facing, proxy or passthrough, global or regional) and guides you to the appropriate load balancer for your use-case.

Try out the new wizard in the Google Cloud Console at Create a load balancer.

March 12, 2024

The global external Proxy Network Load Balancer is implemented on globally distributed GFEs and supports advanced traffic management capabilities. This load balancer can be configured to handle either TCP or SSL traffic by using either a target TCP proxy or a target SSL proxy respectively. Global external proxy Network Load Balancers support backends such as instance groups, hybrid NEGs, and Private Service Connect NEGs. For details, see the External proxy Network Load Balancer overview.

To set up a global external Proxy Network Load Balancer, see the following pages:

This capability is in General Availability.

Regional external Application Load Balancers and regional internal Application Load Balancers now support Certificate Manager certificates. For more information, see Certificates and Google Cloud load balancers.

This capability is in General Availability.

February 23, 2024

Global external Application Load Balancers now let you customize your own error responses when an HTTP error status code (4xx and 5xx) is generated. You can customize error responses for errors generated by both the load balancer and the backend instances. You can also customize error responses for error response codes that are generated when traffic is denied by Cloud Armor.

For more information, see the following pages:

This feature is available in Preview.

January 24, 2024

External passthrough Network Load balancers now support zonal NEGs with GCE_VM_IP endpoints. This also lets you add any network interface of a VM as an endpoint for a zonal NEG backend, as long as the network interface belongs to the same subnetwork as the NEG. In comparison, you can only attach the nic0 of a VM to an instance group backend.

For more details, see the following pages:

January 09, 2024

The following regional load balancers can now be configured in either Premium or Standard Network Service Tier:

  • Regional internal Application Load Balancers
  • Regional external Application Load Balancers
  • Regional internal proxy Network Load Balancers
  • Regional external proxy Network Load Balancers

For more information about Network Service Tiers, see the Network Service Tiers overview.

This feature is available in General Availability.

November 17, 2023

Forwarding rules used with Application Load Balancers now let you specify any single port from1-65535.

For more information, see the following:

This feature is available in General Availability.

November 14, 2023

Regional Application Load Balancers and regional proxy Network Load Balancers now support load balancing traffic to external backends outside Google Cloud. To define an external backend for a load balancer, you use a regional internet network endpoint group (NEG).

For details, see the following:

This capability is in General Availability.

October 17, 2023

Service Extensions callouts are available for Google Cloud Application Load Balancers, excluding Classic.

By using this feature, you can direct your load balancers to make gRPC calls to user-managed or partner-hosted applications from within the Cloud Load Balancing data processing path. These applications can then apply various policies or functions, such as header or payload manipulation, security screening, or custom logging on the traffic before returning the traffic to the load balancer for further processing.

For details, see the following topics in the Service Extensions documentation:

Service Extensions is in Preview.

September 29, 2023

Cloud Load Balancing introduces the global external Proxy Network Load Balancer. The global external Proxy Network Load Balancer is implemented on globally distributed GFEs and supports advanced traffic management capabilities. This load balancer can be configured to handle either TCP or SSL traffic by using either a target TCP proxy or a target SSL proxy respectively. Global external proxy Network Load Balancers support backends such as instance groups, hybrid NEGs, and Private Service Connect NEGs.

Load balancers that are already deployed in the classic mode are renamed as classic Proxy Network Load Balancer in the console.

For details, see the External proxy Network Load Balancer overview.

To set up a global external Proxy Network Load Balancer, see the following pages:

This capability is in Preview.

With the launch of global external Proxy Network Load Balancer, we now support three deployment modes with the external Proxy Network Load Balancer—classic (General Availability), Regional (General Availability) and global (Preview). No changes have been made to the API.

For details, see the External proxy Network Load Balancer overview.

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, both a global external Application Load Balancer and a global external Application Load Balancer (classic) support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

This capability is in General Availability.

September 26, 2023

Regional external HTTP(S), internal HTTP(S), and the regional internal TCP proxy load balancers now use distributed Envoy health checks instead of Google's centralized health checking mechanism. Envoy health check probes originate from the proxy-only subnet associated with the load balancer.

For more details, see the Hybrid NEG documentation: Distributed Envoy health checks.

This feature is available in General availability.

September 06, 2023

Cloud Load Balancing is introducing new advanced cost, latency, and resiliency optimizations for your global external Application Load Balancer. These include the following capabilities:

  • You can use a service load balancing policy to customize the parameters that influence how traffic is distributed within the backends associated with a backend service (for example, load balancing algorithm and auto-capacity draining).
  • You can designate specific backends as preferred backends.

For details, see Advanced load balancing optimizations.

August 21, 2023

Internal passthrough Network Load Balancers can now be configured to handle private IPv6 traffic within your VPC. To enable this, you must configure your dual-stack subnet, backend VMs, health checks, and the forwarding rules to handle IPv6 traffic.

For details, see:

This feature is available in General Availability.

August 16, 2023

The following changes have been made to the Google Cloud console:

  • Firewall rules has moved to Network security > Firewall policies.
  • SSL policies has moved to Network services > SSL policies.

August 15, 2023

Regional Application Load Balancers and regional proxy Network Load Balancers now support load balancing traffic to external backends outside Google Cloud. To define an external backend for a load balancer, you use a regional internet network endpoint group (NEG).

For details, see the following:

This capability is in Preview.

August 14, 2023

Cloud Load Balancing introduces the cross-region internal Application Load Balancer.

The cross-region internal Application Load Balancer supports backends in multiple regions, provides seamless cross-region failover, and is globally accessible by clients from any Google Cloud region, on premise, or other clouds.

For details, see the Internal Application Load Balancer overview.

To set up a cross-region internal Application Load Balancer, see the following pages:

This capability is in Preview.

With the launch of cross-region internal Application Load Balancer, we now support two deployment modes with the internal Application Load Balancer—regional (General Availability) and cross-region (Preview). In the regional mode, you configure the Internal Application Load Balancer in a specific region, and associate it with backends only in the load balancer's region. Load balancers deployed in the regional mode are renamed as regional internal Application Load Balancer in the console. No changes have been made to the API.

For details, see the Internal Application Load Balancer overview.

July 25, 2023

The global external HTTP(S) load balancer now supports a configurable client HTTP Keepalive Timeout. The client HTTP keepalive timeout represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP/S proxy.

For details, see

This capability is available in General Availability.

July 24, 2023

Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE protocols. To handle multiple protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT and set the backend service protocol to UNSPECIFIED.

For details, see:

Set up an internal passthrough Network Load Balancer with VM instance group backends for multiple protocols

This feature is available in Preview.

July 06, 2023

The Cloud Load Balancing Console now allows you to see the equivalent API code for actions you take in the Console. When you create or update a load balancer, before you click Create or Update, you can click Equivalent Code to view the load balancer API resources that will be created, updated, or deleted.

This capability is in General Availability.

June 28, 2023

Global external Application Load Balancers now support outlier detection for serverless NEG backends. Outlier detection analysis identifies unhealthy serverless NEGs based on their HTTP response patterns, and reduces the error rate by routing some of the new requests from unhealthy services to healthy services. For more details, see the following topics:

June 21, 2023

We're announcing the rebranding of Cloud Load Balancing into two main types of load balancers: Application Load Balancers and Network Load Balancers.

Over the past few years, we've undertaken several initiatives to bring greater consistency across all flavors of Cloud Load Balancing - for example, by making Envoy proxy the consistent data plane for all new load balancing features. Now, to further help our users understand the different features available with Cloud Load Balancing, and help them quickly identify the best type of load balancer for their use-case, we're adopting a new naming convention.

What is the new naming convention?

Cloud Load Balancing now offers two types of load balancers: Application Load Balancers and Network Load Balancers. As a general rule, you'd choose an Application Load Balancer when you need a Layer 7 load balancer for your applications with HTTP(S) traffic. You'd choose a Network Load Balancer when you need a Layer 4 (TCP) load balancer that supports TLS offloading (with a proxy load balancer) or you need support for additional IP protocols such as UDP (with a passthrough load balancer).

Application and Network Load Balancers can be configured in various deployment modes, for example, internal (private networks) or external (internet facing), global or regional.

For more details, see the following topics:

The Google Cloud Console has also been updated to reflect these changes. No changes have been made to the API.

June 07, 2023

The global external HTTP(S) load balancer now supports a configurable client HTTP Keepalive Timeout. The client HTTP keepalive timeout represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP/S proxy.

For details, see

This capability is available in Preview.

May 30, 2023

The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic and request and response behaviors. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in General availability.

May 24, 2023

Cloud Load Balancing introduces the external regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic in a single region behind an external regional IP address. External regional TCP proxy load balancer will load-balance external TCP traffic from the internet to backends in the same region.

For details, see the External Regional TCP Proxy Load Balancing overview

To set up an external regional TCP proxy load balancer, see the following pages:

This capability is in General Availability.

May 10, 2023

If you're using hybrid NEGs with distributed Envoy health checks, you can't configure the same NON_GCP_PRIVATE_IP_PORT network endpoint in multiple hybrid NEGs. This configuration does not work with Envoy-based load balancers such as the regional external HTTP(S) load balancer, the internal HTTP(S) load balancer, and the internal TCP proxy load balancer.

April 18, 2023

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, both a global external HTTP(S) load balancer and a global external HTTP(S) load balancer (classic) support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

This capability is in Preview.

April 17, 2023

Global external HTTP(S) load balancers now support proxying traffic to external backends outside Google Cloud. To define an external backend for a load balancer, you use a global resource called an internet network endpoint group (NEG).

For details, see the following:

This capability is in Preview.

April 14, 2023

We have added new fields in the logging support available for Regional external HTTP(S) load balancer and Internal HTTP(S) Load Balancer:

  • proxyStatus a string that specifies why the load balancer returned an error response

  • tls specifies the tls metadata for the connection between the client and the load balancer

For details, see

This enhancement is available in General availability.

April 06, 2023

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

This feature is available in General availability.

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

This capability is in General availability.

April 03, 2023

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

This capability is in General availability.

March 21, 2023

Network Load Balancing now supports user-specified weights on the backend service. This allows you to manage the backend load distribution of your load balancer and avoid overloading them.

For details, see:

This feature is in General Availability.

March 07, 2023

The Cloud Load Balancing Console now allows you to see the equivalent API code for actions you take in the Console. When you create or update a load balancer, before you click Create or Update, you can click Equivalent Code to view the load balancer API resources that will be created, updated, or deleted.

This capability is in Preview.

February 23, 2023

Network Load Balancing logging and Internal TCP/UDP Load Balancing logging are now available in General availability.

January 31, 2023

The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic and request and response behaviors. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in Preview.

January 17, 2023

Internal TCP/UDP load balancers can now be configured to handle private IPv6 traffic within your VPC. To enable this, you must configure your dual-stack subnet, backend VMs, health checks, and the forwarding rules to handle IPv6 traffic.

For details, see:

This feature is available in Preview.

December 05, 2022

Currently, health check probes for hybrid NEGs originate from Google's centralized health checking mechanism. If you cannot allow traffic that originates from the Google health check ranges to reach your hybrid endpoints and would prefer to have the health check probes originate from your own private IP addresses instead, speak to your Google account representative to get your project allowlisted for distributed Envoy health checks.

This feature is available in Preview for allowlisted projects only.

November 17, 2022

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

This capability is in Preview.

November 14, 2022

We're introducing a change in behavior for custom headers used with Global external HTTP(S) load balancers.

This change doesn't affect projects that have any traffic using custom headers before November 14, 2022. Only projects that aren't currently using any custom headers (with either backend services or URL maps) are affected. If you are using custom headers as of November 14, 2022, you'll still see the behavior in the Before column.

The following tables describe changes in behavior applicable only to the global external HTTP(S) load balancers with advanced traffic management. The classic external HTTP(S) load balancers already behave this way when you configure custom headers on backend services. Configuring custom headers on URL maps isn't supported by the classic external HTTP(S) load balancers.

Custom headers configured on backend services

Before After
Custom request header values are appended to headers on incoming requests. Custom request header values replace headers on incoming requests.
If a custom request header value resolves to an empty string, it is ignored. If a custom request header value resolves to an empty string, it is added to the headers, and replaces the existing header value for this header name.

For example, if this is your backend service configuration:

customRequestHeaders: 'x-special-custom-header:'
customRequestHeaders: 'x-resolvable-custom-header:{client_city}'

And this is the incoming client request:

curl your-domain.com \
  -H "x-special-custom-header:client-value" \
  -H "x-resolvable-custom-header: NorthPole"
  -H "extra-header: some-content"

Before the change, this would be the request sent to the backend with the custom header appended to the client header:

Host: your-domain.com
x-special-custom-header: client-value
x-resolvable-custom-header: NorthPole,ActualClientCity
extra-header: some-content

After the change, this is the request sent to the backend with the custom header replacing the client header:

Host: your-domain.com
x-special-custom-header: 
x-resolvable-custom-header: ActualClientCity
extra-header: some-content

Custom headers configured on URL maps

Before After
If a headerValue in requestHeadersToAdd cannot be resolved or resolves to an empty string, the header is ignored. If a headerValue in requestHeadersToAdd cannot be resolved or resolves to an empty string, the header is added, either replacing or appending to existing values based on the replace field.
When custom header variables are present, requestHeaderToAdd always defaults to replace: false. When custom header variables are present, requestHeaderToAdd now defaults to replace: true.

For example, if this is your URL map configuration:

requestHeadersToAdd:
  - headerName: 'x-special-custom-header'
    headerValue: ''

And this is the incoming client request:

curl your-domain.com \
  -H "x-special-custom-header:client-value"

Before the change, requestHeaderToAdd defaults to replace: false, so the custom header does not override the client value. The following is the request sent to the backend:

Host: your-domain.com
x-special-custom-header: client-value

After the change, requestHeaderToAdd defaults to replace: true, so the custom header value replaces the client value. The following is the request sent to the backend:

Host: your-domain.com
x-special-custom-header:

November 10, 2022

Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.

For details, see:

This feature is in General Availability.

October 31, 2022

Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.

The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.

For details, see the following:

This capability is in General Availability.

September 20, 2022

Regional internal and external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

You can use organization policy constraints to limit how Shared VPC is used across a project, folder, or organization. For details, see Organization policy constraints for Cloud Load Balancing.

This feature is available in General Availability.

August 31, 2022

External TCP and SSL proxy load balancers now allow you to specify a forwarding rule with a global anycast IP address and any port from 1-65535. The target TCP or SSL proxy terminates IPv4 or IPv6 client traffic at the specified port and then proxies the traffic to backend instances.

For more information, see the following:

This feature is available in General Availability.

August 10, 2022

August 08, 2022

External TCP/UDP network load balancers can now be configured to handle IPv6 traffic from clients. To enable this, you must configure your subnet, backend VMs, and the forwarding rules to handle IPv6 traffic.

This feature is only available for backend service-based network load balancers.

For details, see:

This feature is available in General Availability.

July 25, 2022

Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.

The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.

For details, see the following:

This capability is in Preview.

July 21, 2022

Regional internal HTTP(S) load balancers and regional external HTTP(S) load balancers now support a combination of zonal NEGs (of type GCE_VM_IP_PORT) and hybrid NEGs (of type NON_GCP_PRIVATE_IP_PORT) in a single backend service. For all supported backend combinations, see the table at Backend services.

This feature is available in General Availability.

July 13, 2022

External HTTP(S) Load Balancing is now available in a regional mode. The new regional external HTTP(S) load balancer contains many of the features of our existing classic external HTTP(S) load balancer, but with an ever-growing list of advanced traffic management capabilities. You can use this load balancer for workloads with jurisdictional compliance requirements or to access the Standard Network Tier.

For details, see:

This load balancer is available in General Availability.

June 20, 2022

Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.

For details on the new load balancer, see:

This load balancer is available in General Availability.

June 06, 2022

External TCP/UDP Network Load Balancing now supports load-balancing GRE traffic. To handle GRE protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT and set the backend service protocol to UNSPECIFIED.

For details, see:

This feature is available in General Availability.

June 01, 2022

Forwarding rules for external TCP/UDP network load balancers can now be configured to direct traffic coming from a specific range of source IP addresses to a specific backend service (or target instance). This is called traffic steering.

For details, see:

This capability is in Preview.

May 26, 2022

Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.

For details, see:

This feature is in Preview.

May 09, 2022

Regional external and regional internal HTTP(S) load balancers now support using Cloud Run services as backends for the load balancer. This is configured using a serverless network endpoint group (NEG).

For details, see:

This feature is available in Preview.

May 05, 2022

Regional external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

This feature is available in Preview.

April 19, 2022

Backend subsetting for internal HTTP(S) load balancers improves performance and scalability by assigning a subset of backends to each of the proxy instances.

This feature is in Preview.

April 08, 2022

TCP Proxy and SSL Proxy load balancers now support Google Cloud Armor. For more information, see the Cloud Armor security policy overview.

This feature is available in Preview.

March 14, 2022

Starting October 1, 2022, we'll apply an outbound data processing charge of $0.008 - $0.012 per GB (based on region) to all Cloud Load Balancing products in order to maintain consistency and alignment with the variable costs of the services across our Cloud Load Balancing portfolio. The charge will be called Outbound data processed by load balancer and the price will mirror the existing price for the Inbound data processed by load balancer charge.

If you are on an existing contract, your prices will not change for the lifetime of the contract, or until renewal.

The current internal HTTP(S) load balancer pricing already includes this charge, so no changes are being made there.

To learn more about this change, see the Google Cloud Blog post: Unlock more choice with updates to Google Cloud's infrastructure capabilities and pricing.

Backend subsetting for internal TCP/UDP load balancers lets you scale your internal TCP/UDP load balancer to support a larger number of backend VM instances per internal backend service.

This feature is in General availability.

March 03, 2022

You can now use a combination of zonal NEGs (of type GCE_VM_IP_PORT) and hybrid NEGs (of type NON_GCP_PRIVATE_IP_PORT) as backends for your global external HTTP(S) load balancers. For all supported backend combinations, see the table at Backend services.

February 21, 2022

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in General Availability.

February 15, 2022

Internal TCP/UDP Load Balancing now supports source-IP address session affinity (CLIENT_IP_NO_DESTINATION) in Public Preview.

February 08, 2022

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

This feature is available in General Availability.

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in General Availability.

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in Preview.

January 26, 2022

Internal HTTP(S) Load Balancing now supports Shared VPC configurations where the load balancer's frontend and URL map can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced in a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

This feature is available in Preview.

January 19, 2022

The default behavior for HTTP/3 and Google QUIC is changing for global external HTTP(S) load balancers. The default setting of quicOverride=NONE will now advertise support for HTTP/3 to your clients. This change is currently rolling out globally.

If you don't want this behavior to change, you can disable HTTP/3 by setting quicOverride to DISABLE. For instructions, see Configuring HTTP/3.

December 20, 2021

Internal TCP/UDP Load Balancing now allows you to configure a connection tracking policy for the load balancer's backend service. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

  • Tracking mode
  • Connection persistence on unhealthy backends
  • Idle timeout

To learn about how connection tracking works, see Traffic distribution.

This feature is available in General Availability.

November 22, 2021

When you make an internal TCP/UDP load balancer the next hop of a static route, the route can have instance tags (also called network tags).

In addition, there are two different ways to specify the next hop:

  • Forwarding rule's name and the load balancer's region
  • Internal IP address of the forwarding rule.

This feature is now available in General availability.

For more information, see the following pages:

Note that this feature isn't supported in the Console. To configure the route with network tags, use gcloud or the API.

November 15, 2021

Cloud Load Balancing introduces a new version of the external HTTP(S) load balancer. The new global external HTTP(S) load balancer with advanced traffic management capabilities contains many of the features of our existing classic HTTP(S) load balancer, but with an ever-growing list of traffic management capabilities such as weighted traffic splitting, request mirroring, outlier detection, fault injection, and so on.

For details on the new load balancer, see:

This load balancer is available in Public Preview.

November 01, 2021

Cloud Load Balancing announces a significant increase in the URL map limits for External and Internal HTTP(S) Load Balancing. The new limits let you scale to a much higher number of services behind a single load balancer.

For example, URL maps for external HTTP(S) load balancers can now support up to 1000 host rules. The total size of the URL map is constrained to 64KB for External HTTP(S) Load Balancing and 128KB for Internal HTTP(S) Load Balancing

For the updated list of limits see, URL map limits

October 18, 2021

Cloud Load Balancing now supports load-balancing traffic to endpoints that extend beyond Google Cloud, such as on-premises data centers and other public clouds that you can reach using hybrid connectivity.

Hybrid load balancing is supported by the following load balancers:

  • External HTTP(S) Load Balancing
  • Internal HTTP(S) Load Balancing
  • TCP Proxy and SSL Proxy Load Balancing

For details, see Hybrid load balancing overview.

This feature is available in General Availability.

September 29, 2021

External HTTP(S) Load Balancing is now available in a regional mode. The new regional external HTTP(S) load balancer contains many of the features of our existing global load balancer, but with an ever-growing list of advanced traffic management capabilities. You can use this load balancer for workloads with jurisdictional compliance requirements or to access the Standard Network Tier.

For details, see:

This load balancer is available in Public Preview.

September 23, 2021

Internal TCP/UDP Load Balancing now allows you to configure a connection tracking policy for the load balancer's backend service. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

  • Tracking mode
  • Connection persistence on unhealthy backends
  • Idle timeout

To learn about how connection tracking works, see Traffic distribution.

This feature is available in Preview.

September 07, 2021

Cloud Load Balancing now supports load-balancing traffic to endpoints that extend beyond Google Cloud, such as on-premises data centers and other public clouds that you can reach using hybrid connectivity.

Hybrid load balancing is supported by the following load balancers:

  • External HTTP(S) Load Balancing
  • Internal HTTP(S) Load Balancing
  • TCP Proxy and SSL Proxy Load Balancing

For details, see Hybrid load balancing overview.

This feature is available in Preview.

August 23, 2021

Added Terraform examples to automate load balancer configuration:

July 29, 2021

Cloud Monitoring now provides a new predefined dashboard called External HTTP(S) Load Balancers. The new dashboard provides powerful visualizations to help you understand and troubleshoot connectivity issues on your external HTTP(S) load balancers.

For details, see HTTP(S) Load Balancing logging and monitoring.

July 27, 2021

When you make an internal TCP/UDP load balancer the next hop of a static route, the route can now have instance tags (also called network tags).

In addition, you now have two different ways to specify the next hop:

  • Forwarding rule's name and the load balancer's region
  • Internal IP address of the forwarding rule

For more information, see the following pages:

July 07, 2021

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in Preview.

June 22, 2021

External HTTP(S) Load Balancing and Cloud CDN now support HTTP/3. HTTP/3 is based on the IETF QUIC transport protocol. Compared to HTTP/2, it reduces request latency, improves throughput, and mitigates head-of-line blocking. HTTP/3 is already supported on most major web browsers.

To learn how to enable HTTP/3 on your external HTTP(S) load balancer, visit the documentation.

Symmetric hashing for internal TCP/UDP load balancers as next hops—When load balancing to multiple NICs on the backends, you no longer need to use source network address translation (SNAT). SNAT isn't required because Google Cloud uses symmetric hashing. This means that when packets belong to the same flow, Google Cloud calculates the same hash. In other words, the hash doesn't change when the source IP address:port is swapped with the destination IP address:port.

This feature is in General Availability.

June 09, 2021

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

This feature is available in Preview.

May 26, 2021

Starting May 15, 2021, a newly-created custom static route using a next hop forwarding rule of an internal TCP/UDP load balancer will forward all protocol traffic, not just TCP and UDP traffic.

If a route created before May 15, 2021 is still in operation on August 14, 2021, it will automatically be migrated to forward all protocol traffic starting August 15, 2021. If you don't want to wait until then, you can enable forwarding of traffic for all protocols by creating new routes and deleting the old ones.

For more information, see Processing of TCP, UDP, and other protocol traffic.

May 04, 2021

Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers. For more information on this type of zonal NEG, see Zonal NEGs overview. For instructions on how to set up an internal TCP/UDP load balancer with a zonal NEG backend, see Setting up Internal TCP/UDP Load Balancing with zonal NEGs

This feature is in General Availability.

April 28, 2021

Internal TCP/UDP Load Balancing now supports session affinity for the UDP protocol. This feature is available in General Availability.

March 31, 2021

External TCP/UDP Network Load Balancing is now supported with backend services. Compared to the target pool backend, a backend service gives you more fine-grained control over your load balancer, including access to features such as connection draining, failover policies, and support for managed instance groups as backends.

Network load balancers with a backend service can also use health checks that match the traffic (TCP, SSL, HTTP, HTTPS, or HTTP/2) they are distributing.

To get started, see:

This feature is available in General Availability.

March 28, 2021

Cloud CDN, external HTTP(S) Load Balancing and Cloud Storage customers are not affected by the recent OpenSSL security advisory that relates to CA certificate checks (CVE-2021-3450) and TLS renegotiation (CVE-2021-3449).

These services use BoringSSL and are not affected by these OpenSSL-specific bugs.

March 24, 2021

Subsetting for internal TCP/UDP load balancers lets you scale your internal TCP/UDP load balancer to support a larger number of backend VM instances per internal backend service.

This feature is in Preview.

March 08, 2021

You can now use the gcloud compute url-maps validate command to test advanced route configurations such as routing based on headers and query parameters, HTTP to HTTPS redirects, and URL rewrites.

You can also use this command to independently run tests without saving changes to the URL map. This protects live traffic to your production services and prevents any unintended interruptions due to URL map misconfigurations.

This feature is now available in General Availability.

February 16, 2021

Zonal NEGs (with GCE_VM_IP network endpoints) can now be used as backends for internal TCP/UDP load balancers. For more information on this type of zonal NEG, see Zonal NEGs overview.

This feature is in Preview.

February 03, 2021

Identity-Aware Proxy (IAP) is supported with Internal HTTP(S) Load Balancing. This support is available in General Availability.

February 02, 2021

For internal TCP/UDP load balancers, you can create multiple forwarding rules with the same IP address. The forwarding rules can have different protocols and ports. This feature is available in General Availability.

December 09, 2020

Health check logging is now available in General Availability.

November 10, 2020

External TCP/UDP Network Load Balancing is now supported with backend services. Compared to the target pool backend, a backend service gives you more fine-grained control over your load balancer, including access to features such as connection draining, failover policies, and support for managed instance groups as backends.

Network load balancers with a backend service can also use health checks that match the traffic (TCP, SSL, HTTP, HTTPS, or HTTP/2) they are distributing.

To get started, see:

This feature is available in Preview.

October 20, 2020

For HTTP requests, the httpRequest.remoteIp and httpRequest.serverIp fields can include port information. For example 10.0.0.1:80.

October 08, 2020

External HTTP(S) Load Balancing is now supported for App Engine, Cloud Functions, and Cloud Run services. To configure this, you will need to use a new type of network endpoint group (NEG) called a Serverless NEG.

This feature is now available in General Availability.

October 01, 2020

Added a new tutorial for delivering HTTP and HTTPS content over the same hostname when using Cloud CDN. While many browsers enforce the use of Transport Layer Security (TLS) and disallow non-secure content delivery, there are still use cases where non-secure delivery and secure delivery must be allowed over the same hostname.

September 15, 2020

Added total latency to external HTTP(S) load balancer Cloud Logging entries. Total latency measures from when the external HTTP(S) load balancer receives the first bytes of the incoming request headers until the external HTTP(S) load balancer finishes proxying the backend's response to the client. This feature is now available in General Availability.

September 14, 2020

The External HTTP(S) Load Balancer now supports setting custom response headers on backend buckets and services. This feature is available in Beta.

Custom response headers make it easier to set common web security headers and override response headers from your application at the load balancer.

September 09, 2020

August 31, 2020

Google Cloud internal HTTP(S) load balancers have native support for the WebSocket protocol when you use HTTP or HTTPS as the protocol to the backend. The load balancer does not need any configuration to proxy WebSocket connections.

August 19, 2020

The Organization policy constraint for restricting Cloud Load Balancing creation is now available in General Availability.

August 17, 2020

July 25, 2020

The introductory period during which you could use Internal HTTP(S) Load Balancing without charge has ended. Starting July 25, 2020, your usage of Internal HTTP(S) Load Balancing will be billed to your project.

July 16, 2020

The Organization Policy for restricting load balancer creation has launched into Beta.

July 13, 2020

Internal TCP/UDP load balancers now support regional health checks. To configure, see Health checks for backend services. This feature is supported in General Availability.

July 07, 2020

External HTTP(S) Load Balancing is now supported for App Engine, Cloud Functions, and Cloud Run services. To configure this, you will need to use a new type of network endpoint group (NEG) called a Serverless NEG.

This feature is available in Beta.

June 29, 2020

You can now create an internal HTTP(S) load balancer in a Shared VPC service project.

This feature is available in Alpha. Please contact your Google account team to get access to this feature.

June 25, 2020

The introductory period during which you can use Internal HTTP(S) Load Balancing without charge is coming to an end. Starting on July 25, 2020, your usage of Internal HTTP(S) Load Balancing will be billed to your project.

June 03, 2020

HTTP(S) Load Balancing logging is now available in General Availability.

June 02, 2020

You can now use a custom filter when you list endpoints in a zonal network endpoint group. This feature is available as a Beta release.

May 20, 2020

For internal TCP/UDP load balancers, you can create multiple forwarding rules with the same IP address. The forwarding rules can have different protocols and ports. This feature is available in Beta.

April 27, 2020

Google-managed SSL certificates are available in General Availability.

April 23, 2020

External HTTP(S) load balancers now support header-based routing and query parameter-based routing.

These features are available in General Availability.

April 20, 2020

Internal TCP/UDP Load Balancing with failover groups is available in General Availability.

April 14, 2020

External HTTP(S) load balancers now support URL rewrites and redirects.

URL rewrites allow you to decouple the URLs that your external users use from those that your services use.

With URL redirects, you can redirect client requests from one URL to another URL.

These features are available in General Availability.

April 10, 2020

Backend services documentation is updated through the Cloud Load Balancing doc set.

April 09, 2020

TLS v1.3 is now enabled by default for all external HTTPS load balancers, SSL proxy load balancers, and Cloud CDN. Note that this change doesn't apply to internal HTTPS load balancers or Traffic Director.

TLS v1.3 supports modern ciphers with forward-secrecy as a baseline and, critically, reduces the number of round trips required to establish a TLS session, which directly improves performance seen by your end-users.

Clients that support TLS v1.3 include Chrome, Chromium-based browsers, and Android. These clients automatically negotiate TLS v1.3 without requiring any changes. Clients that do not support TLS v1.3 are unaffected.

March 25, 2020

Network endpoint groups (NEGs) now support global, internet endpoints that let you create custom origins for Cloud CDN and deliver content over Google's high performance, distributed edge caching infrastructure when the content is hosted on-premises or in another cloud. This feature is available in General Availability.

March 20, 2020

To help you get started quickly, added two new examples for external HTTP(S) Load Balancing:

Health check logging is now available in Beta.

March 18, 2020

Internal HTTP(S) Load Balancing now supports configurable idle timeouts.

IAM Conditions now supports forwarding rule attributes. You can use these attributes to specify the types of forwarding rules that a member can create. This feature is available in General Availability.

February 25, 2020

Updated and reorganized documentation for SSL certificates.

Internal HTTP(S) Load Balancing now supports accessing your load balancer from a connected network through VPC Peering, Cloud VPN, and Cloud Interconnect.

February 21, 2020

For Internal TCP/UDP Load Balancing, load balancing to multiple NICs on a single backend VM instance is now available in General Availability.

February 19, 2020

Global access for Internal TCP/UDP Load Balancing is now available in General Availability.

February 10, 2020

Network endpoint groups (NEGs) now support global, internet endpoints that let you create custom origins for Cloud CDN and deliver content over Google's high performance, distributed edge caching infrastructure when the content is hosted on-premises or in another cloud. This feature is available in Beta.

February 04, 2020

IAM Conditions now supports forwarding rule attributes. You can use these attributes to specify the types of forwarding rules that a member can create. This feature is available in Beta.

January 29, 2020

Network Load Balancing monitoring is now available in General Availability.

January 15, 2020

Improved documentation for Adding backend buckets to load balancers.

January 06, 2020

December 11, 2019

Internal TCP/UDP Load Balancing as next hop is available in General Availability..

December 10, 2019

Internal HTTP(S) Load Balancing is available in General Availability.

November 18, 2019

For Internal TCP/UDP Load Balancing, load balancing to multiple NICs on a single backend VM instance is now available in Beta.

October 18, 2019

For the HTTP(S), TCP proxy, and SSL proxy load balancers, the Stackdriver logging timestamp field in the LogEntry now shows the time that requests arrived at the load balancer. Previously, the timestamp showed the time the response was sent by the load balancer back to the client.

Expanded information about the probe IP ranges for backend health checks.

Added information about TCP and UDP request and return packets for Internal TCP/UDP Load Balancing.

September 09, 2019

HTTP(S) Load Balancing logging is now available in Beta.

September 06, 2019

Documentation update: Creation of new load balancing tutorial that is both content-based and cross-regional.

  • The Content-based load balancing tutorial has been modified to include cross-region functionality.
  • The Cross-region load balancing tutorial has been removed.
  • Links to both original tutorials now redirect to the combined tutorial.
  • Modified file Adding a Cloud Storage bucket to content-based load balancing to create two buckets and modify the load balancer accordingly.

August 28, 2019

August 13, 2019

External HTTP(S) load balancers validate protocol selection during ALPN negotiation. For more information, see RFC 7301.

August 09, 2019

Creating user-defined request headers is published. The information is removed from the backend services documentation

July 31, 2019

Internal HTTP(S) Load Balancing is available in Beta.

July 26, 2019

HTTP/2 between the load balancer and backends is available in General Availability.

HTTP/2 health checking is available in General Availability.

June 27, 2019

The user-defined request header feature is available in General Availability.

June 20, 2019

Network endpoint groups in load balancing is available in General Availability.

May 16, 2019

Documentation update: The quotas and limits for load balancing resources are now documented. See Load Balancing Resource Quotas.

May 15, 2019

Documentation update: The global forwarding rules page (previously at /load-balancing/docs/https/global-forwarding-rules) is combined with Forwarding rule concepts.

April 10, 2019

Traffic Director is available in Beta.

April 09, 2019

March 25, 2019

March 06, 2019

Documentation updates for Internal TCP/UDP Load Balancing – The following documents have been updated or added:

January 11, 2019

December 04, 2018

The HTTP(S) load balancer now supports sending an HTTP DELETE with a body to the load balancer.

October 24, 2018

Content-based HTTP(S) health checking is now available in General Availability.

June 28, 2018

HTTP/2 and gRPC to backend VMs is now available in Beta.

Content-based HTTP(S) health checking is now available in Beta.

June 13, 2018

QUIC support for HTTPS Load Balancing is now available in General Availability.

April 17, 2018

SSL Policies configuration for HTTPS and SSL Proxy Load Balancing is now available in General Availability.

April 10, 2018

QUIC support for HTTPS Load Balancing is now available in Beta.

April 04, 2018

January 18, 2018

December 20, 2017

Internal Load Balancing access across VPN or Interconnect is now available in General Availability.

November 20, 2017

September 19, 2017

September 07, 2017

Multiple SSL certificate support is now available in General Availability.

July 19, 2017

Regional instance groups for Internal Load Balancing is now available in General Availability.

June 26, 2017

TCP Proxy Load Balancing is now available in General Availability.

May 02, 2017

April 19, 2017

Websocket support for HTTP(S) Load Balancing is now available in General Availability.

April 06, 2017

TCP Proxy Load Balancing is now available in Beta.

April 05, 2017

Google Cloud Storage support for HTTP(S) Load Balancing is now available in General Availability.

March 06, 2017

December 08, 2016

Internal Load Balancing is now available in General Availability.

October 21, 2016

Internal Load Balancing is now available in Beta.

September 26, 2016

Session Affinity for HTTP(S) Load Balancing is now available in General Availability.

SSL Proxy Load Balancing is now available in General Availability.

August 08, 2016

SSL Proxy Load Balancing is now available in Beta.

October 29, 2015

HTTP(S) Load Balancing is now available in General Availability.

June 03, 2015

HTTPS Load Balancing is now available in Beta.

September 18, 2014

HTTP Load Balancing is now available in Beta.