Google Cloud load balancing is deployed at the edge of Google's network in Google points of presence (POP) around the world. User traffic directed to an TCP Proxy load balancer enters the POP closest to the user and is then load balanced over Google's global network to the closest backend that has sufficient capacity available.

Cloud Armor is Google's distributed denial of service and web application firewall (WAF) detection system. Cloud Armor is tightly coupled with the Google Cloud TCP Proxy Load Balancer and allows you to interrogate incoming traffic for unwanted requests. The rate limiting feature of this service allows you to curtail traffic to backend resources based on request volume and prevents unwelcome traffic from consuming resources on your Virtual Private Cloud (VPC) network.

Google Cloud TCP/SSL proxy load balancers allow you to proxy TCP/ SSL type traffic among your backend services.

See details of the codelab at this link. In the codelab, you will create a TCP/SSL load balancer with a backend service and limit access to the load balancer to only a specific set of user clients.