Back to feed
GCP·Cloud Load Balancingfeature·
AI Insights

SNI-based routing for proxy Network Load Balancers is now available in Preview.

SNI-based routing for proxy Network Load Balancers is now available in Preview.

You can now route TLS traffic based on Server Name Indication (SNI) hostnames by using the new TLSRoute resource. The load balancer inspects the initial unencrypted ClientHello message to extract the SNI hostname and route connections to the appropriate backend service. This feature provides pure TLS passthrough without terminating the connection at the load balancer. Key benefits include:

• End-to-end encryption: Clients can establish secure mTLS or TLS sessions directly with origin servers. • Role-oriented management: The TLSRoute API lets platform administrators to manage frontend infrastructure while service owners manage their own routes and backends independently. • Simplified IP management: Consolidate multiple services behind a single Private Service Connect (PSC) endpoint, reducing IPv4 address exhaustion.

This feature is available for regional and cross-region proxy Network Load Balancers.

For more information, see:

Create a regional external proxy Network Load Balancer load balancer with TLS routesCreate a regional internal proxy Network Load Balancer load balancer with TLS routesCreate a cross-region internal proxy Network Load Balancer load balancer with TLS routes

Read original announcement

More from Cloud Load Balancing

Published service backends let you configure supported load balancers or regional Cloud Service Mesh to route traffic...Apr 10, 2026Certificate Manager certificates are available in Google Cloud console while provisioning a load balancer.Apr 5, 2026Other: Backend Cloud Storage buckets are available for regional external Application Load Balancers, regional internal...Feb 24, 2026Backend mutual TLS (mTLS) and backend authenticated TLS is now Generally available for cross-region internal Application Load Balancers.Feb 23, 2026