GCPcloud~5 mins

TCP/UDP Load Balancer (Layer 4) in GCP - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes your app needs to handle many users at once. A TCP/UDP Load Balancer helps by spreading user traffic evenly across several servers. It works at the network level, quickly directing connections without looking inside the data.

When you want to share incoming game server traffic across multiple machines to avoid overload.

When your app uses protocols like TCP or UDP that need fast, simple routing without inspecting content.

When you want to improve availability by sending traffic only to healthy servers.

When you need to balance traffic for services like databases or custom network apps that use TCP/UDP.

When you want to handle millions of connections efficiently with low latency.

Config File - tcp_udp_load_balancer.yaml

tcp_udp_load_balancer.yaml

resources:
- name: example-tcp-udp-lb
  type: compute.v1.forwardingRule
  properties:
    loadBalancingScheme: EXTERNAL
    IPProtocol: TCP
    portRange: 80
    backendService: $(ref.example-backend-service.selfLink)
    IPAddress: $(ref.example-ip.address)
- name: example-ip
  type: compute.v1.address
  properties:
    region: us-central1
- name: example-backend-service
  type: compute.v1.backendService
  properties:
    protocol: TCP
    backends:
    - group: $(ref.instance-group.selfLink)
    healthChecks:
    - $(ref.example-health-check.selfLink)
- name: example-health-check
  type: compute.v1.healthCheck
  properties:
    tcpHealthCheck:
      port: 80
    checkIntervalSec: 5
    timeoutSec: 5
    unhealthyThreshold: 2
    healthyThreshold: 2
- name: instance-group
  type: compute.v1.instanceGroup
  properties:
    zone: us-central1-a
    instances:
    - zones/us-central1-a/instances/example-instance-1
    - zones/us-central1-a/instances/example-instance-2

This file creates a TCP load balancer in GCP.

example-ip reserves an external IP address.

example-backend-service defines the group of servers that will receive traffic.

example-health-check checks if servers are healthy on port 80.

example-tcp-udp-lb is the forwarding rule that listens on TCP port 80 and sends traffic to the backend service.

instance-group lists the actual server instances behind the load balancer.

Commands

Reserve a static external IP address for the load balancer to use.

Terminal

gcloud compute addresses create example-ip --region=us-central1

Expected OutputExpected

Created address [example-ip].

→

--region - Specifies the region where the IP address is reserved.

Create a health check that tests if backend servers respond on TCP port 80.

Terminal

gcloud compute health-checks create tcp example-health-check --port 80

Expected OutputExpected

Created [https://www.googleapis.com/compute/v1/projects/project-id/global/healthChecks/example-health-check].

→

--port - Specifies the port to check on backend servers.

Create an unmanaged instance group to hold backend server instances.

Terminal

gcloud compute instance-groups unmanaged create instance-group --zone us-central1-a

Expected OutputExpected

Created [https://www.googleapis.com/compute/v1/projects/project-id/zones/us-central1-a/instanceGroups/instance-group].

→

--zone - Specifies the zone for the instance group.

Add existing VM instances to the instance group to serve traffic.

Terminal

gcloud compute instance-groups unmanaged add-instances instance-group --instances example-instance-1,example-instance-2 --zone us-central1-a

Expected OutputExpected

Added instances [example-instance-1, example-instance-2] to instance group [instance-group].

→

--instances - Lists VM instances to add.

→

--zone - Zone of the instance group.

Create a backend service that uses the TCP protocol and the health check to monitor instances.

Terminal

gcloud compute backend-services create example-backend-service --protocol TCP --health-checks example-health-check --global

Expected OutputExpected

Created [https://www.googleapis.com/compute/v1/projects/project-id/global/backendServices/example-backend-service].

→

--protocol - Sets the protocol to TCP.

→

--health-checks - Associates the health check with this backend service.

→

--global - Creates a global backend service for external load balancing.

Attach the instance group to the backend service so it can receive traffic.

Terminal

gcloud compute backend-services add-backend example-backend-service --instance-group instance-group --instance-group-zone us-central1-a --global

Expected OutputExpected

Updated [https://www.googleapis.com/compute/v1/projects/project-id/global/backendServices/example-backend-service].

→

--instance-group - Specifies the instance group to add.

→

--instance-group-zone - Zone of the instance group.

→

--global - Indicates the backend service is global.

Create a forwarding rule that listens on TCP port 80 and sends traffic to the backend service using the reserved IP.

Terminal

gcloud compute forwarding-rules create example-tcp-udp-lb --address example-ip --global --ports 80 --backend-service example-backend-service --ip-protocol TCP

Expected OutputExpected

Creating forwarding rule...done.

→

--address - Uses the reserved static IP address.

→

--global - Creates a global forwarding rule.

→

--ports - Specifies the port to listen on.

→

--ip-protocol - Sets the protocol to TCP.

Verify the forwarding rule is created and active.

Terminal

gcloud compute forwarding-rules list

Expected OutputExpected

NAME REGION IP_ADDRESS IP_PROTOCOL PORT_RANGE TARGET example-tcp-udp-lb global 34.123.45.67 TCP 80 example-backend-service

Key Concept

If you remember nothing else from this pattern, remember: a TCP/UDP load balancer quickly directs network traffic to healthy servers without inspecting the data inside connections.

Common Mistakes

Not creating or associating a health check with the backend service.

Without health checks, the load balancer may send traffic to unhealthy or offline servers, causing failures.

Always create a health check and link it to your backend service to ensure traffic goes only to healthy instances.

Using a regional IP address but creating a global forwarding rule (or vice versa).

The IP address and forwarding rule scope must match; otherwise, the load balancer setup will fail.

Ensure the IP address and forwarding rule are both regional or both global.

Forgetting to add instances to the instance group used by the backend service.

If the instance group is empty, no servers will receive traffic, making the load balancer ineffective.

Add your VM instances to the instance group before attaching it to the backend service.

Summary

Reserve a static external IP address for the load balancer.

Create a health check to monitor backend server health.

Set up an instance group with your server instances.

Create a backend service using TCP protocol and link the health check and instance group.

Create a forwarding rule that listens on a TCP port and sends traffic to the backend service.

Verify the forwarding rule is active and correctly configured.