Exam Professional Cloud Network Engineer topic 1 question 79 discussion

Im pretty sure if this was an exam question then the expected answer would be B (NW load balancer) 1) the question says external TCP which is either TCP proxy or Network LB. 2) The question does NOT state anything about LB being regional or global, so there is no harm in choosing Network Load balancer instead of TCP proxy 3) TCP proxy is not a pass through LB, but network LB is. So, Network LB preserves the client IP by default. NOTE: It is still possible to preserve the client IP via TCP proxy if you use a Proxy Protocol. So, if the question statement was ''External GLOBAL Tcp LB" then i would say the answer is TCP Proxy. But with all we have in the statement, Network LB is a safe answer! Peace :)

You can understand which LB we should use in this situation. The correct answer is "D". External -> no SSL offload -> Global LB -> TCP Proxy https://cloud.google.com/load-balancing/docs/choosing-load-balancer#flow_chart There is one important point to note. By default, the original(source) client IP address and port information is not preserved. We can preserve this information by using the PROXY protocol. https://cloud.google.com/load-balancing/docs/tcp#target-proxies

Why is B the correct answer? The question specifically asks for "preserving the source IP address." TCP Proxy Load Balancer (D) terminates the connection at the proxy and forwards a new request to the backend, meaning it does not preserve the original source IP. Network Load Balancer (B) is a pass-through load balancer that maintains the original layer 3 payload, including the source IP address. Final Answer: ✅ B. Network Load Balancer If source IP preservation is the requirement, Network Load Balancer (B) is the correct choice. 🚀

my first thought was Network LB, but then I went back and re-read the question. It was deploying glbal external lb. theorefore D While a Network Load Balancer does preserve the source IP address, it's typically used for regional deployments. For a global external TCP load balancing solution, you would actually need a TCP Proxy Load Balancer. Global reach: TCP Proxy Load Balancers are designed for global applications, utilizing Google's global network to distribute traffic efficiently. Source IP preservation: Even though it's a proxy, the TCP Proxy Load Balancer includes a feature called "Proxy Protocol" which allows you to preserve the original source IP address. This information is passed to the backend instances, enabling them to see the client's real IP.

cant be D. TCP/SSL proxy load balancer: While TCP/SSL proxy load balancers can handle TCP and SSL traffic, they do not preserve the original source IP address as they terminate the client connections at the proxy and create new connections to the backend instances.

it's B. it's talking about keeping the ORIGINAL LAYER 3 payload source IP. In the case of TCP/SSL Proxy, when using the PROXY protocol, the payload is NOT preserved. A new connection is established with a new source IP, since the PROXY protocol operates at layer 4, by adding a header with the client IP at the start of TCP connection.

Public facing (external) passthrough network load balancer is required, so B.

When the IP address of the remote endpoint needs to be preserved, in tandem with TLS connections, there's only solution: B) passthrough load balancers. https://cloud.google.com/load-balancing/docs/choosing-load-balancer#proxy-pass-through https://cloud.google.com/load-balancing/docs/passthrough-network-load-balancer A) and D) are not correct because the original source address is be lost at TCP connection level (even though it may be somewhere in PROXY information or in some HTTP header), C) is not external.

ans is B as D does proxy for tcp connection

D. TCP/SSL proxy load balancer When you use a TCP/SSL proxy load balancer, it preserves the source IP address of the original layer 3 payload. This is because TCP/SSL proxy load balancer terminates the incoming TCP connection and establishes a new one to the backend instance, while retaining the original source IP address in the payload. In contrast, other types of load balancers may modify the source IP address of the payload, making it difficult to track the origin of the request.

• D. TCP/SSL ***** proxy load balancer Network load balancers are regional in nature and only support backends in the same region as their configured frontends. However, packets to network load balancers can still be sent from anywhere on the internet regardless of whether the IP address of the load balancer is in the Premium Tier or the Standard Tier. If the IP address of the load balancer is in the Premium Tier, the traffic traverses Google's high quality global backbone with the intent that packets enter and exit a Google edge peering point as close as possible to the client. If the IP address of the load balancer is in the Standard Tier, the traffic enters and exits the Google network at a peering point closest to the Google Cloud region where the load balancer is configured.

The correct answer is "D". External -> no SSL offload -> Global LB -> TCP Proxy https://cloud.google.com/load-balancing/docs/choosing-load-balancer#flow_chart By default, the original(source) client IP address and port information is not preserved. We can preserve this information by using the PROXY protocol. https://cloud.google.com/load-balancing/docs/tcp#target-proxies

https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp#proxy-protocol D is right Set PROXY protocol for retaining client connection information External TCP Proxy Load Balancing terminates TCP connections from the client and creates new connections to the instances. By default, the original client IP and port information is not preserved. To preserve and send the original connection information to your instances, enable PROXY protocol (version 1). This protocol sends an additional header that contains the source IP address, destination IP address, and port numbers to the instance as a part of the request.

D is right

DDDDDDDDDDD

Answer is B! https://cloud.google.com/load-balancing/docs/choosing-load-balancer If google says so, who are we to argue ;)

I think the picture is much better to make a decision about which one be good. https://cloud.google.com/load-balancing/images/choose-lb.svg