This document shows examples of using traffic management for some specific use cases. Many other use cases are possible.
The document contains examples for global external Application Load Balancers.
Global external Application Load Balancers use the EXTERNAL_MANAGED
load balancing scheme
and global load balancing components, such as the forwarding rule, URL map, and
backend service.
For information about traffic management with a classic Application Load Balancer, see Traffic management overview for a classic Application Load Balancer.
For information about traffic management with regional external Application Load Balancers, see Traffic management overview for regional external Application Load Balancers.
In addition to the advanced routing features described on this page, certain Application Load Balancers integrate with Service Extensions to let you inject custom logic into the load balancing data path by configuring Service Extensions callouts.
Before you begin
Make sure that you understand how traffic management works. For more information, read Traffic management overview for global external Application Load Balancers.
Configure and test traffic management
Within your chosen configuration environment, you set up traffic management by using YAML configurations. A URL map and a backend service each has its own YAML file. Depending on the chosen feature, you need to write either a URL map YAML file, a backend service YAML file, or both.
For help writing these YAML files, you can use the examples on this page and the Cloud Load Balancing API documentation.
The Google Cloud console is not supported.
The global URL map API and the global backend service API documentation provides a full list of fields, including semantics regarding relationships, restrictions, and cardinality.
You can add configuration tests to a URL map to ensure that your URL map routes requests as intended. You can experiment with different URL map rules and run as many tests as needed to be confident that the map routes traffic to the appropriate backend service or backend bucket. For details, see Add tests to a URL map. If you want to test new changes to a URL map without actually deploying the map, see Validate the URL map configuration.
Map traffic to a single service
Send all traffic to a single service. Make sure to replace the placeholders.
defaultService: global/backendServices/BACKEND_SERVICE_1
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
name: URL_MAP_NAME
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
Split traffic between two services
Split traffic between two or among multiple services. Make sure to replace the placeholders.
defaultService: global/backendServices/BACKEND_SERVICE_1
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
name: URL_MAP_NAME
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: 2
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 95
- backendService: global/backendServices/BACKEND_SERVICE_2
weight: 5
Configure a URL redirect
The following example returns a configurable 3xx response code. The example also
sets the Location
response header with the appropriate URI, replacing the host
and path as specified in the redirect action.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
urlRedirect:
hostRedirect: "new-host-name.com" # Omit to keep the requested host
pathRedirect: "/new-path" # Omit to keep the requested path; mutually exclusive to prefixRedirect
prefixRedirect: "/newPrefix" # Omit to keep the requested path; mutually exclusive to pathRedirect
redirectResponseCode: FOUND
stripQuery: True
Mirror traffic
In addition to forwarding the request to the selected backend service, you can send an identical request to the configured mirror backend service on a fire and forget basis. The load balancer doesn't wait for a response from the backend to which it sends the mirrored request. Mirroring is useful for testing a new version of a backend service. You can also use it to debug production errors on a debug version of your backend service, rather than on the production version.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
requestMirrorPolicy:
backendService: global/backendServices/BACKEND_SERVICE_2
Traffic mirroring is supported when both backend services have managed instance groups, zonal NEGs, or hybrid NEGs backends. It is not supported for internet NEGs, serverless NEGs, and Private Service Connect backends.
Mirroring can't be configured for only a specific portion of requests. Even if
you split traffic between multiple weighted backend services, the mirror
backend service receives all the requests. However, you can use custom headers
to record which backend service was used to serve the original request. The
following example adds a custom header called x-weighted-picked-backend
to all
client requests. For the header value, use the name of the backend service that
served the original request.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 95
headerAction:
requestHeadersToAdd:
- headerName: x-weighted-picked-backend
headerValue: BACKEND_SERVICE_1
replace: True
- backendService: global/backendServices/BACKEND_SERVICE_2
weight: 5
headerAction:
requestHeadersToAdd:
- headerName: x-weighted-picked-backend
headerValue: BACKEND_SERVICE_2
replace: True
requestMirrorPolicy:
backendService: global/backendServices/BACKEND_SERVICE_3
Rewrite the requested URL
Rewrite the hostname portion of the URL, the path portion of the URL, or both, before sending a request to the selected backend service. Make sure to replace the placeholders.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
urlRewrite:
hostRewrite: "new-host-name.com" # Omit to keep the requested host
pathPrefixRewrite: "/new-path/" # Omit to keep the requested path
Retry a request
Configure the conditions under which the load balancer retries failed requests, how long the load balancer waits before retrying, and the maximum number of retries permitted.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
retryPolicy:
retryConditions: 502, 504
numRetries: 3
perTryTimeout:
seconds: 1
nanos: 500000000
Specify the route timeout
Specify the timeout for the selected route. Timeout is computed from the time the request is fully processed until the response is fully processed. Timeout includes all retries. Make sure to replace the placeholders.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
timeout:
seconds: 30
nanos: 0
Configure fault injection
Introduce errors when servicing requests to simulate failures, including high latency, service overload, service failures, and network partitioning. This feature is useful for testing the resiliency of a service to simulated faults.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
faultInjectionPolicy:
delay:
fixedDelay:
seconds: 10
nanos: 0
percentage: 25
abort:
httpStatus: 503
percentage: 50
Configure CORS
Configure cross-origin resource sharing (CORS) policies to handle settings for enforcing CORS requests.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
weight: 100
corsPolicy:
allowOrigins: [ "http://my-domain.com" ]
allowMethods: [ "GET", "POST" ]
allowHeaders: [ "Authorization", "Content-Type" ]
maxAge: 1200
allowCredentials: true
Add and remove request and response headers
Add and remove request headers before sending a request to the backend service. Also add and remove response headers after receiving a response from the backend service.
There are restrictions on valid values for headerName
and headerValue
.
For details, see How custom headers
work.
defaultService: global/backendServices/BACKEND_SERVICE_1
name: global-lb-map
hostRules:
- hosts:
- '*'
pathMatcher: matcher1
pathMatchers:
- defaultService: global/backendServices/BACKEND_SERVICE_1
name: matcher1
routeRules:
- matchRules:
- prefixMatch: /PREFIX
priority: PRIORITY # 0 is highest
routeAction:
weightedBackendServices:
- backendService: global/backendServices/BACKEND_SERVICE_1
headerAction:
requestHeadersToAdd:
- headerName: header-1-name
headerValue: header-1-value
replace: True
requestHeadersToRemove:
- header-2-name
- header-3-name
responseHeadersToAdd:
- headerName: header-4-name
headerValue: header-4-value
replace: True
responseHeadersToRemove:
- header-5-name
- header-6-name
Configure outlier detection
Specify the criteria for eviction of unhealthy backend VMs or endpoints in NEGs, along with criteria defining when a backend or endpoint is considered healthy enough to receive traffic again. Make sure to replace the placeholders.
loadBalancingScheme: EXTERNAL_MANAGED
localityLbPolicy: RANDOM
name: global/backendServices/BACKEND_SERVICE_1
outlierDetection:
baseEjectionTime:
nanos: 0
seconds: 30
consecutiveErrors: 5
consecutiveGatewayFailure: 3
enforcingConsecutiveErrors: 2
enforcingConsecutiveGatewayFailure: 100
enforcingSuccessRate: 100
interval:
nanos: 0
seconds: 1
maxEjectionPercent: 50
successRateMinimumHosts: 5
successRateRequestVolume: 100
successRateStdevFactor: 1900
Set up traffic splitting: detailed steps
This example demonstrates the following steps:
Create distinct templates for different services.
Create instance groups for those templates.
Create routing rules that set up 95% / 5% traffic splitting.
Send curl commands showing that the traffic split percentages roughly match the configuration.
These instructions assume the following:
A target proxy and forwarding rule have been created, along with a URL map named
global-lb-map
.The URL map sends all traffic to one backend service, called
red-service
, which is the default backend service.You set up an alternate path that sends 5% of the traffic to
blue-service
and 95% of traffic togreen-service
.A path matcher is used.
You are using Cloud Shell or another environment with bash installed.
Define the services
The following bash function creates a backend service, including the instance template and the managed instance group.
These instructions assume that an HTTP health check (global-lb-basic-check
) has
been created. For instructions, see one of the following pages:
- Setting up a global external Application Load Balancer with a Compute Engine backend
- Setting up a global external Application Load Balancer with a backend bucket
- Setting up a global external Application Load Balancer with hybrid connectivity
- Setting up a global external Application Load Balancer with with Cloud Run, App Engine, or Cloud Run functions
function make_service() { local name="$1" local region="$2" local zone="$3" local network="$4" local subnet="$5" local subdir="$6" www_dir="/var/www/html/$subdir" (set -x; \ gcloud compute instance-templates create "${name}-template" \ --region="$region" \ --network="$network" \ --subnet="$subnet" \ --tags=allow-ssh,load-balanced-backend \ --image-family=debian-12 \ --image-project=debian-cloud \ --metadata=startup-script="#! /bin/bash apt-get update apt-get install apache2 -y a2ensite default-ssl a2enmod ssl sudo mkdir -p $www_dir /bin/hostname | sudo tee ${www_dir}index.html systemctl restart apache2"; \ gcloud compute instance-groups managed create \ "${name}-instance-group" \ --zone="$zone" \ --size=2 \ --template="${name}-template"; \ gcloud compute backend-services create "${name}-service" \ --load-balancing-scheme=EXTERNAL_MANAGED \ --protocol=HTTP \ --health-checks=global-lb-basic-check \ --global \ gcloud compute backend-services add-backend "${name}-service" \ --balancing-mode='UTILIZATION' \ --instance-group="${name}-instance-group" \ --instance-group-zone="$zone" \ --global) }
Create the services
Call the function to make three services, red
, green
, and blue
. The
red
service acts as the default service for requests to /
. The green
and
blue
services are both set up on /prefix
to handle 95% and 5% of the traffic,
respectively.
make_service red us-west1 us-west1-a lb-network backend-subnet "" make_service green us-west1 us-west1-a lb-network backend-subnet /prefix make_service blue us-west1 us-west1-a lb-network backend-subnet /prefix
Create the URL map
Console
- Go to the Load balancing page in the Google Cloud console.
Go to Load balancing - Click the global-lb-map link.
- Click Edit .
Configure the new routing rules
- Under Routing rules, select Advanced host, path and route rule.
- Under New hosts and path matcher, create the default action by
setting the Service to
red-service
. - Click Done.
- Click Add hosts and path matcher.
- In the Hosts field, enter the IP address of your load balancer's forwarding rule.
Paste the following YAML content into the Path matcher box:
defaultService: global/backendServices/red-service name: matcher1 routeRules: - priority: 2 matchRules: - prefixMatch: /PREFIX routeAction: weightedBackendServices: - backendService: global/backendServices/green-service weight: 95 - backendService: global/backendServices/blue-service weight: 5
Click Done.
Click Update.
gcloud
Export the existing URL map using the
gcloud compute url-maps export
command:gcloud compute url-maps export global-lb-map \ --destination=global-lb-map-config.yaml \ --global
Update the URL map file
global-lb-map-config.yaml
by adding this to the end of the file:hostRules: - hosts: - '*' pathMatcher: matcher1 pathMatchers: - defaultService: global/backendServices/red-service name: matcher1 routeRules: - priority: 2 matchRules: - prefixMatch: /PREFIX routeAction: weightedBackendServices: - backendService: global/backendServices/green-service weight: 95 - backendService: global/backendServices/blue-service weight: 5
Update the URL map using the
gcloud compute url-maps import
command:gcloud compute url-maps import global-lb-map \ --global \ --source=global-lb-map-config.yaml
Test the configuration
To test the configuration, first ensure that requests to the
load balancer's IP address set up earlier are handled by the default red
configuration.
Then check to make sure that requests sent to
FORWARDING_RULE_IP_ADDRESS/prefix
are split as expected.
Set up session affinity based on HTTP_COOKIE
Traffic control lets you configure session affinity based on a provided
cookie. To configure HTTP_COOKIE based session affinity for a backend service
named red-service
, follow these directions.
Use the
gcloud compute backend_services export
command to get the backend service configuration.gcloud compute backend-services export red-service \ --destination=red-service-config.yaml \ --global
Update the
red-service-config.yaml
file as follows:sessionAffinity: 'HTTP_COOKIE' localityLbPolicy: 'RING_HASH' consistentHash: httpCookie: name: 'http_cookie' path: '/cookie_path' ttl: seconds: 100 nanos: 0 minimumRingSize: 10000
In the
red-service-config.yaml
file, delete the following line:sessionAffinity: NONE
Update the backend service configuration file:
gcloud compute backend-services import red-service \ --source=red-service-config.yaml \ --global
Troubleshooting
Use this information for troubleshooting when traffic is not being routed according to the route rules and traffic policies that you configured.
For information about logging and monitoring, see External HTTP(S) logging and monitoring.
Symptoms:
- Increased traffic to services in rules above the rule in question.
- An unexpected increase in 4xx and 5xx HTTP responses for a given route rule.
Solution: Check the order of your route rules. Route rules are interpreted in the order in which they are specified.
Route rules within a URL map are interpreted in the order in which they are specified. This is different from the way that path rules are interpreted by longest prefix match. For a path rule, the global external Application Load Balancer only selects a single path rule; however, when you use route rules, more than one might apply.
When you define route rules, check to be sure that rules at the top of the list don't inadvertently route traffic that would otherwise have been routed by a subsequent route rule. The service that receives misdirected traffic would likely reject requests, and the service in your route rules would receive reduced traffic or no traffic at all.