You are configuring a new application that will be exposed behind an external load balancer with both IPv4 and IPv6 addresses and support TCP pass-through on port 443. You will have backends in two regions: us-west1 and us-east1. You want to serve the content with the lowest possible latency while ensuring high availability and autoscaling. Which configuration should you use?
To meet the requirements of supporting both IPv4 and IPv6 addresses, TCP pass-through on port 443, lowest possible latency, high availability, and autoscaling, the best configuration is to use global TCP Proxy Load Balancing with backends in both regions. Global TCP Proxy Load Balancing supports TCP pass-through without SSL offloading and can provide global load balancing and cross-region failover, ensuring low latency by automatically routing traffic to the closest backend. Network Load Balancing, while supporting TCP pass-through, operates on a regional scope and would not natively support the required global load balancing functionality.
TCP pass-through = A, B and C is wrong, because they make ssl offloading. In this requirement, only Letter D is possible. External LB with support a TCP pass-through. https://cloud.google.com/load-balancing/docs/choosing-load-balancer https://cloud.google.com/load-balancing/docs/network
Agreed
I am not sure about this answer... using the decision tree I can see that the TCP Global Load Balancer doesn't makes SSL offload, and is global which is what we required in this case to connect multiple regions backends. Also the LB is responsible for selecting the closest region, and I don't remember to have DNS-Based load balancing in Google (maybe I am wrong).
Agreed. States pass-through all other options are proxy based load balancers. See this architecture for an example of geo-location based DNS load balancing and regional load balancers: https://cloud.google.com/architecture/global-load-balancing-architectures-for-dns-routing-policies
TCP Global Load balancer allows to have multiple regions backend and is responsible of to select the client closest regions. I don't remember a DNS-Based load balancing solution in Google, so I think that the correct answer is the B.
global TCP Proxy Load Balancing with backends in both regions, is the correct option because it supports TCP pass-through on port 443 while providing global load balancing and cross-region failover with low latency. Option D can also be correct but it needs extra efforts of creating two LB whereas Global TCP can do same thing for you.
It's D, pass-through is a requirement. https://cloud.google.com/load-balancing/docs/choosing-load-balancer
Option B, using global TCP Proxy Load Balancing with backends in both regions, is the correct option because it supports TCP pass-through on port 443 while providing global load balancing and cross-region failover with low latency. Option A, global SSL Proxy Load Balancing, does not support TCP pass-through and is limited to IPv4 clients. Option C, global external HTTP(S) Load Balancing, does not support TCP pass-through and is designed for content-based routing based on HTTP(S) headers and URIs. Option D, using Network Load Balancing in both regions, does not provide global load balancing or cross-region failover and relies on DNS resolution to direct traffic to the closest region, which may not be accurate or consistent.
Please read the question accordingly and look at GCP load-balancing chart. External TCP/UDP network load balancer support TCP-Passthrough
for sure D https://cloud.google.com/architecture/global-load-balancing-architectures-for-dns-routing-policies?hl=fr
The only answer that supports TCP passthrough is D, which is shown here: https://cloud.google.com/architecture/global-load-balancing-architectures-for-dns-routing-policies
• B. Use global TCP ***** Proxy Load Balancing with backends in both regions. External TCP Proxy Load Balancing lets you use a single IP address for all users worldwide. The external TCP proxy load balancer automatically routes traffic to the backends that are closest ***** to the user. With Premium Tier, External TCP Proxy Load Balancing can be configured as a global load balancing service.
B is correct. Global TCP Proxy does not do SSL offloading according to the docs, allows for pass through. Also picks closest back end. https://cloud.google.com/load-balancing/docs/choosing-load-balancer#lb-decision-tree
the best option for you is B. Use global TCP Proxy Load Balancing with backends in both regions. A. Use global SSL Proxy Load Balancing with backends in both regions: This option only supports IPv4 clients and does not allow TCP pass-through for port 443. C. Use global external HTTP(S) Load Balancing with backends in both regions: This option does not support TCP pass-through for port 443 because it performs content-based routing based on HTTP(S) headers and URIs. D. Use Network Load Balancing in both regions, and use DNS-based load balancing to direct traffic to the closest region: This option does not provide global load balancing or cross-region failover because it uses regional unicast IP addresses instead of a single anycast IP address. It also relies on DNS resolution to direct traffic to the closest region, which may not be accurate or consistent.
External TCP/UDP load balancer is the answer. So Answer D is correct. The external LB must support TCP pass-through. Only TCP/UDP external LB does.
option D is network LB which is regional
"IPv6 traffic is not supported with regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, regional external proxy Network Load Balancers, and internal passthrough Network Load Balancers." https://cloud.google.com/load-balancing/docs/ipv6?hl=en#limitations
D. The scope of a network load balancer is regional, not global. This means that a network load balancer cannot span multiple regions. Within a single region, the load balancer services all zones.
sorry it's B based on above
tcp proxy LB has global scope, network has regional scope, So option B
Not clear solution. Could somebody tell what is the correct asnwer? Thanks
TCP Proxy Load Balancing (TPLB) is a type of global load balancing that can be used for non-HTTP traffic that doesn't require SSL offloading. TPLB is implemented on Google Front Ends (GFEs) and can distribute TCP traffic to virtual machine (VM) instances in the Google Cloud VPC network. The load balancer automatically routes traffic to the closest backend instance to the user, even if those backends are in multiple regions. TPLB also supports both IPv4 and IPv6 addresses for client traffic