Why to use internal load balancer if we already have an external load balancer?

Question

In my project, we already have an external load balancer. However, there are several teams within the organisation which uses our internal load balancer. I want to know why do we need internal load balancer if we already have a public-facing external load balancer? Please elaborate.

Answer 1

Using an internal LB has the advantage of shorter routes / less hops. Depending on your network routers and the origin of the request (which might be part of the same VPN, but not on GCP if you use VPC Peering), the network packages could get routed to the internet and then back to your GCP VPC. This increases the network latency and of course increases the security risk as your network packages are leaving your private network (or Googles network).

Answer 2

I answer here to your question in the comment because it's too long for a comment

Things are internal, other are external. For examples

• You have an external TCP/UDP load balancer
• Your external Load Balancer accepts connexion on port 443 and redirects them to your backend with NGINX installed on it
• Your backend needs a MongoDB database. You install your database on a compute and your choose to abstract the VM IP and to use your Load Balancer
• You define a new backend on your external load balancer on the port 27017

RESULT: Because the load balancer is external, your MongoDB is publicly exposed on the port 27017.

If you use an internal load balancer, it's not the case, and you increase the security. Only the web facing port is open (443), the rest is not accessible from internet, only by your in your project.

Answer 3

You should check the documentation and then decided if your use case requires using internal load balancer or not. Below you can find links to the Google Cloud documentation and an example.

At first, have a look at the documentation Choosing a load balancer:

To decide which load balancer best suits your implementation of Google Cloud, consider the following aspects of Cloud Load Balancing:

• Global versus regional load balancing
• External versus internal load balancing
• Traffic type

After that, have a look at the documentation Cloud Load Balancing overview section Types of Cloud Load Balancing:

External load balancers distribute traffic coming from the Internet to your Google Cloud Virtual Private Cloud (VPC) network. Global load balancing requires that you use the Premium Tier of Network Service Tiers. For regional load balancing, you can use Standard Tier.

Internal load balancers distribute traffic to instances inside of Google Cloud.

and

The following diagram illustrates a common use case: how to use external and internal load balancing together. In the illustration, traffic from users in San Francisco, Iowa, and Singapore is directed to an external load balancer, which distributes that traffic to different regions in a Google Cloud network. An internal load balancer then distributes traffic between the us-central-1a and us-central-1b zones.

More information you can find at the documentation.

UPDATE Have a look at the possible use cases for internal HTTP(S) load balancer and for internal TCP/UDP load balancer and check if they're suitable for you and if using them could improve your service.

It's not required to use internal load balancer if you don't need it.