> For the complete documentation index, see [llms.txt](https://repo.4pfsec.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://repo.4pfsec.com/google-cloud-computing/cloud-computing-fundamentals/set-up-network-and-http-load-balancers.md).

# Set Up Network and HTTP Load Balancers

## Overview

In this hands-on lab you'll learn the differences between a network load balancer and an HTTP load balancer and how to set them up for your applications running on Compute Engine virtual machines (VMs).

There are several ways you can [load balance on Google Cloud](https://cloud.google.com/load-balancing/docs/load-balancing-overview#a_closer_look_at_cloud_load_balancers). This lab takes you through the set up of the following load balancers:

* [Network Load Balancer](https://cloud.google.com/compute/docs/load-balancing/network/)
* [HTTP(s) Load Balancer](https://cloud.google.com/compute/docs/load-balancing/http/)

## Lab

### Set the default region and zone for all resources <a href="#step4" id="step4"></a>

with the following command:

```
gcloud config set compute/zone us-central1-a
gcloud config set compute/region us-central1
```

### Create multiple web server instances <a href="#step5" id="step5"></a>

Create 2 new VMs in your default zone

```
gcloud compute instances create www1 \
  --image-family debian-9 \
  --image-project debian-cloud \
  --zone us-central1-a \
  --tags network-lb-tag \
  --metadata startup-script="#! /bin/bash
    sudo apt-get update
    sudo apt-get install apache2 -y
    sudo service apache2 restart
    echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html"
```

```
gcloud compute instances create www2 \
  --image-family debian-9 \
  --image-project debian-cloud \
  --zone us-central1-a \
  --tags network-lb-tag \
  --metadata startup-script="#! /bin/bash
    sudo apt-get update
    sudo apt-get install apache2 -y
    sudo service apache2 restart
    echo '<!doctype html><html><body><h1>www2</h1></body></html>' | tee /var/www/html/index.html"
```

```
gcloud compute instances create www3 \
  --image-family debian-9 \
  --image-project debian-cloud \
  --zone us-central1-a \
  --tags network-lb-tag \
  --metadata startup-script="#! /bin/bash
    sudo apt-get update
    sudo apt-get install apache2 -y
    sudo service apache2 restart
    echo '<!doctype html><html><body><h1>www3</h1></body></html>' | tee /var/www/html/index.html"
```

![](/files/f3tiluHnAPop2Yu204DB)

Create a firewall rule to allow external traffic to the VM instances:

```
gcloud compute firewall-rules create www-firewall-network-lb
--target-tags network-lb-tag --allow tcp:80
```

![](/files/oGnfiSrdM1B5y6lJC3YN)

Run the following command to list IPs of all instances:

```
gcloud compute instances list
```

![](/files/qhmnCt6DQs6VGK3De6HS)

### Configure the load balancing service <a href="#step6" id="step6"></a>

Create a static external IP address for your load balancer:

```
gcloud compute addresses create network-lb-ip-1 --region us-central1
```

![](/files/oriLlBnCUZZTz8rwskzw)

Add a legacy HTTP health check resource:

```
gcloud compute http-health-checks create basic-check
```

![](/files/5zGXREeDxV4CLuKqfKCy)

Add a target pool in the same region as your instances. Run the following to create the target pool and use the health check, which is required for the service to function:

```
gcloud compute target-pools create www-pool \
    --region us-central1 --http-health-check basic-check

```

![](/files/28X6pdlwY2cik2fUAMMu)

Add the instances to the pool:

```
gcloud compute target-pools add-instances www-pool \
    --instances www1,www2,www3

```

![](/files/PeKTvY4rz5YFzROCcP0r)

Add a forwarding rule:

```
gcloud compute forwarding-rules create www-rule \
    --region us-central1 \
    --ports 80 \
    --address network-lb-ip-1 \
    --target-pool www-pool
```

![](/files/Smj3vjJyKVV9ZlUlu6uL)

### Sending traffic to your instances <a href="#step7" id="step7"></a>

Enter the following command to view the external IP address of the www-rule forwarding rule used by the load balancer:

```
gcloud compute forwarding-rules describe www-rule --region us-central1
```

![](/files/fMuxOO4Ldn7lw40tt7H5)

We can see below that every time the resource is requested, we get a response from a different server!

```
while true; do curl -m1 34.121.197.56; done
```

![](/files/nP1Kab6CWkYQ8Igc2F2D)

### Create an HTTP load balancer <a href="#step8" id="step8"></a>

> HTTP(S) Load Balancing is implemented on Google Front End (GFE). GFEs are distributed globally and operate together using Google's global network and control plane. You can configure URL rules to route some URLs to one set of instances and route other URLs to other instances. Requests are always routed to the instance group that is closest to the user, if that group has enough capacity and is appropriate for the request. If the closest group does not have enough capacity, the request is sent to the closest group that *does* have capacity.<br>
>
> To set up a load balancer with a Compute Engine backend, your VMs need to be in an instance group. The managed instance group provides VMs running the backend servers of an external HTTP load balancer. For this lab, backends serve their own hostnames.

create the load balancer template with the following command:

```
gcloud compute instance-templates create lb-backend-template \
   --region=us-central1 \
   --network=default \
   --subnet=default \
   --tags=allow-health-check \
   --image-family=debian-9 \
   --image-project=debian-cloud \
   --metadata=startup-script='#! /bin/bash
     apt-get update
     apt-get install apache2 -y
     a2ensite default-ssl
     a2enmod ssl
     vm_hostname="$(curl -H "Metadata-Flavor:Google" \
     http://169.254.169.254/computeMetadata/v1/instance/name)"
     echo "Page served from: $vm_hostname" | \
     tee /var/www/html/index.html
     systemctl restart apache2'
```

Create a managed instance group based on the template.

> [Managed instance groups](https://cloud.google.com/compute/docs/instance-groups) (MIGs) let you operate apps on multiple identical VMs. You can make your workloads scalable and highly available by taking advantage of automated MIG services, including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating

```
gcloud compute instance-groups managed create lb-backend-group \
   --template=lb-backend-template --size=2 --zone=us-central1-a
```

![](/files/9eu82vwqxzE3hyHfbarv)

Create the `fw-allow-health-check` firewall rule.

> This is an ingress rule that allows traffic from the Google Cloud health checking systems (`130.211.0.0/22` and `35.191.0.0/16`). This lab uses the target tag `allow-health-check` to identify the VMs.

```
gcloud compute firewall-rules create fw-allow-health-check \
    --network=default \
    --action=allow \
    --direction=ingress \
    --source-ranges=130.211.0.0/22,35.191.0.0/16 \
    --target-tags=allow-health-check \
    --rules=tcp:80
```

![](/files/LhhhP9wG0ZdFtqhoyDtM)

Set up a global static external IP address that people can use to reach your load balancer and take note of it:

```
gcloud compute addresses create lb-ipv4-1 \
    --ip-version=IPV4 \
    --global
    
gcloud compute addresses describe lb-ipv4-1 \
    --format="get(address)" \
    --global
```

![](/files/PlvmgFBi7YbGC9tJlgDp)

Create a health check for the load balancer:

```
gcloud compute health-checks create http http-basic-check \
    --port 80
```

![](/files/Q1PSJg4mCPPlILx3M1DR)

Create a backend service:

```
gcloud compute backend-services create web-backend-service \
    --protocol=HTTP \
    --port-name=http \
    --health-checks=http-basic-check \
    --global
```

![](/files/87jYA0VqUR99RQuglNDH)

Add your instance group as the backend to the backend service:

```
gcloud compute backend-services add-backend web-backend-service \
    --instance-group=lb-backend-group \
    --instance-group-zone=us-central1-a \
    --global
```

![](/files/Op7wDgPHVyEBw27dMRt6)

Create a [URL map](https://cloud.google.com/load-balancing/docs/url-map-concepts) to route the incoming requests to the default backend service:

```
gcloud compute url-maps create web-map-http \
    --default-service web-backend-service
```

![](/files/dq71KNM8o3rSuvZttqlW)

Create a target HTTP proxy to route requests to your URL map & Create a global forwarding rule to route incoming requests to the proxy:

```
gcloud compute target-http-proxies create http-lb-proxy \
    --url-map web-map-http

gcloud compute forwarding-rules create http-content-rule \
    --address=lb-ipv4-1\
    --global \
    --target-http-proxy=http-lb-proxy \
    --ports=80
```

![](/files/Z0HqVVIipV6nyzvfjEKn)

Visiting the static public IP we took note of earlier returns a page with the backend group that the page is being served from as shown below!

<http://34.149.196.121/>

![The page shown above is dead if you're seeing it.](/files/QEObrJdUqsHEXnnM9UAi)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://repo.4pfsec.com/google-cloud-computing/cloud-computing-fundamentals/set-up-network-and-http-load-balancers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.