A network endpoint group (NEG) is a configuration object that specifies a group of backend endpoints or services. With NEGs, Google Cloud load balancers can serve virtual machine (VM) instance group-based workloads, serverless workloads, and containerized workloads. NEGs let you distribute traffic to your load balancer's backends at a more granular level (for example, load balancing traffic at the Pod level instead of at the VM-level for GKE workloads).
You can configure NEGs as backends for your load balancers. Certain NEG types can also be used with Cloud Service Mesh. Use the following tables to decide which type of NEG you need for your deployment.
- Zonal NEG
- Internet NEG
- Serverless NEG
- Hybrid connectivity NEG
- Private Service Connect NEG
- Port mapping NEG
Zonal NEG
Features | Details |
---|---|
Purpose | One or more internal IP address endpoints that resolve to either Compute Engine VM instances or GKE Pods. For detailed information about this NEG and its use cases, see Zonal NEGs overview. |
NetworkEndpointType API name |
|
Number of endpoints | 1 or more |
Health checks for NEGs attached to backend services | Centralized health checks for NEGs with GCE_VM_IP_PORT and
GCE_VM_IP endpoints. |
Scope | Zonal |
Routing | VPC network |
Google Cloud products that use this NEG |
Related documentation: |
Internet NEG
Features | Details |
---|---|
Purpose | A single internet-routable endpoint that is hosted outside of Google Cloud. For detailed information about this NEG and its use cases, see Internet NEGs overview. |
NetworkEndpointType API name |
|
Number of endpoints |
Global NEGs: 1 Regional NEGs: 256 |
Health checks for NEGs attached to backend services |
Global NEGs: not supported Regional NEGs: distributed Envoy health checks |
Scope | Global or regional |
Routing | Internet |
Google Cloud products that use this NEG |
Global internet NEGs
Regional internet NEGs (
|
Serverless NEG
Features | Details |
---|---|
Purpose | A single endpoint within Google's network that resolves to an App Engine, Cloud Run functions, API Gateway, or Cloud Run service. For detailed information about this NEG and its use cases, see Serverless NEGs overview. |
NetworkEndpointType API name | SERVERLESS
FQDN belonging to an App Engine, Cloud Run functions, API Gateway, or Cloud Run service. |
Number of endpoints | 1 |
Health checks for NEGs attached to backend services | Not applicable |
Scope | Regional |
Routing | To Google APIs and Services |
Google Cloud products that use this NEG |
|
Hybrid connectivity NEG
Features | Details |
---|---|
Purpose | One or more endpoints that resolve to on-premises services, server applications in another cloud, and other internet-reachable services outside Google Cloud. |
NetworkEndpointType API name | NON_GCP_PRIVATE_IP_PORT
IP:Port belonging to a VM that is not in Compute Engine and that must be routable using hybrid connectivity. |
Number of endpoints | 1 or more |
Health checks for NEGs attached to backend services |
|
Scope | Zonal |
Routing | To an on-premises network or another Cloud provider network by way of Cloud Interconnect VLAN attachment, Cloud VPN tunnel, or Router appliance VM in a VPC network |
Google Cloud products that use this NEG |
|
Private Service Connect NEG
Features | Details |
---|---|
Purpose | A single endpoint that resolves to one of the following:
|
NetworkEndpointType API name | PRIVATE_SERVICE_CONNECT |
Number of endpoints | 1 |
Health checks for NEGs attached to backend services | Not applicable |
Scope | Regional |
Routing | Private Service Connect: Supported load balancers and targets |
Google Cloud products that use this NEG |
For more information about Private Service Connect NEGs, see About Private Service Connect backends. |
Port mapping NEG
Features | Details |
---|---|
Purpose | One or more endpoints, each of which provides a mapping from a client port of a Private Service Connect endpoint to a combination of service port and service producer VM. For detailed information about this NEG and its use cases, see About Private Service Connect port mapping. |
NetworkEndpointType API name | GCE_VM_IP_PORTMAP |
Number of endpoints | 1 or more |
Health checks for NEGs attached to backend services | Not applicable |
Scope | Regional |
Routing | To a service producer VPC network through a connection between a Private Service Connect endpoint and a service attachment. |
Google Cloud products that use this NEG | Private Service Connect port mapping |