Exam Professional Cloud Network Engineer topic 1 question 120 discussion

TCP pass-through = A, B and C is wrong, because they make ssl offloading. In this requirement, only Letter D is possible. External LB with support a TCP pass-through. https://cloud.google.com/load-balancing/docs/choosing-load-balancer https://cloud.google.com/load-balancing/docs/network

In Google Cloud, the global TCP pass-through load balancer

B is correct TCP LB do passthrough DNS will add latency even we said its okay the use NLB :>

am going for B. Global HTTP(S) SSL termination takes place at the load balancer and unencrypted traffic sent to the backend web servers.

TCP Proxy Load Balancing (TPLB) is a type of global load balancing that can be used for non-HTTP traffic that doesn't require SSL offloading. TPLB is implemented on Google Front Ends (GFEs) and can distribute TCP traffic to virtual machine (VM) instances in the Google Cloud VPC network. The load balancer automatically routes traffic to the closest backend instance to the user, even if those backends are in multiple regions. TPLB also supports both IPv4 and IPv6 addresses for client traffic

Not clear solution. Could somebody tell what is the correct asnwer? Thanks

It's D, pass-through is a requirement. https://cloud.google.com/load-balancing/docs/choosing-load-balancer

The only answer that supports TCP passthrough is D, which is shown here: https://cloud.google.com/architecture/global-load-balancing-architectures-for-dns-routing-policies

tcp proxy LB has global scope, network has regional scope, So option B

for sure D https://cloud.google.com/architecture/global-load-balancing-architectures-for-dns-routing-policies?hl=fr

"IPv6 traffic is not supported with regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, regional external proxy Network Load Balancers, and internal passthrough Network Load Balancers." https://cloud.google.com/load-balancing/docs/ipv6?hl=en#limitations

global TCP Proxy Load Balancing with backends in both regions, is the correct option because it supports TCP pass-through on port 443 while providing global load balancing and cross-region failover with low latency. Option D can also be correct but it needs extra efforts of creating two LB whereas Global TCP can do same thing for you.

External TCP/UDP load balancer is the answer. So Answer D is correct. The external LB must support TCP pass-through. Only TCP/UDP external LB does.

Option B, using global TCP Proxy Load Balancing with backends in both regions, is the correct option because it supports TCP pass-through on port 443 while providing global load balancing and cross-region failover with low latency. Option A, global SSL Proxy Load Balancing, does not support TCP pass-through and is limited to IPv4 clients. Option C, global external HTTP(S) Load Balancing, does not support TCP pass-through and is designed for content-based routing based on HTTP(S) headers and URIs. Option D, using Network Load Balancing in both regions, does not provide global load balancing or cross-region failover and relies on DNS resolution to direct traffic to the closest region, which may not be accurate or consistent.

the best option for you is B. Use global TCP Proxy Load Balancing with backends in both regions. A. Use global SSL Proxy Load Balancing with backends in both regions: This option only supports IPv4 clients and does not allow TCP pass-through for port 443. C. Use global external HTTP(S) Load Balancing with backends in both regions: This option does not support TCP pass-through for port 443 because it performs content-based routing based on HTTP(S) headers and URIs. D. Use Network Load Balancing in both regions, and use DNS-based load balancing to direct traffic to the closest region: This option does not provide global load balancing or cross-region failover because it uses regional unicast IP addresses instead of a single anycast IP address. It also relies on DNS resolution to direct traffic to the closest region, which may not be accurate or consistent.

D. The scope of a network load balancer is regional, not global. This means that a network load balancer cannot span multiple regions. Within a single region, the load balancer services all zones.

B is correct. Global TCP Proxy does not do SSL offloading according to the docs, allows for pass through. Also picks closest back end. https://cloud.google.com/load-balancing/docs/choosing-load-balancer#lb-decision-tree