SSL and TCP Proxy Load Balancers-How GCP balances the huge amount of traffic?
As in my last blog of the series-How GCP balances the huge amount of amount of traffic? Here is the new blog on SSL and TCP Proxy Load Balancer.
SSL Proxy Load Balancer
SSL proxy is a Global Load Balancing service for encrypted non-HTTP traffic. This load balancer terminates user SSL connections at the load balancing layer then balances the connections across your instances using the SSL or TCP protocols. These instances can be in multiple regions and the load balancer automatically directs traffic to the closest region that has the capacity.
SSL proxy load balancing — supports both IPv4 and IPv6 addresses for client traffic and provides intelligent routing, certificate management, security patching and SSL policies.
Intelligent routing means that this load balancer can route requests to backend locations where there is capacity.
From a certificate management perspective, you only need to update your customer-facing certificate in one place when you need to switch certificates.
Also, you can reduce the management overhead for your virtual machine instances by using self-signed certificates on your instances.
In addition, if vulnerabilities arise in the SSL or TCP stack, GCP will apply patches at the load balancer automatically in order to keep your instances safe.
Example, traffic from users in Iowa and Boston is terminated at the Global Load Balancing layer. From there, a separate connection is established to the closest backend instances. In other words, the user in Boston would reach the US East region and the user in Iowa would reach the US Central region as long as there’s enough capacity. Now, the traffic between the proxy and the backends can use SSL or TCP. That being said, I would recommend using SSL.
TCP Proxy Load Balancing
TCP proxy is a global load balancing service for — unencrypted non-HTTP traffic. This load balancer terminates your customers TCP session at the load balancing layer and then forwards the traffic to your virtual machine instances using TCP or SSL. These instances can be in multiple regions and the load balancer automatically directs traffic to the closest region that has the capacity. TCP proxy load balancing supports both IPv4 and IPv6 addresses for client traffic. Now, similar to the SSL proxy load balancer, the TCP proxy load balancer provides intelligent routing and security patching.
Read next blog about Internal Load Balancers here.