Managing Backend Sets

This topic describes how to create and delete backend sets for use with a load balancer. For information about managing load balancers, see Managing Load Balancers.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  you should work in.

For administrators: For a typical policy that gives access to load balancers and their components, see Let network admins manage load balancers.

Also, be aware that a policy statement with inspect load-balancers gives the specified group the ability to see all information about the load balancers. For more information, see Details for Load Balancing.

If you're new to policies, see Getting Started with Policies and Common Policies.

Working with Backend Sets

A backend set is a logical entity defined by a load balancing policy, a health check policy, and a list of backend servers. To create a backend set, you must specify a load balancing policy and health check script, and then add a list of backend servers (Compute instances). SSL and session persistence configuration is optional. A backend set must be associated with one or more listeners for the load balancer to work.

You cannot delete a backend set used by an active listener.

Changing the load balancing policy of a backend set temporarily interrupts traffic and can drop active connections.

For background information on the Oracle Cloud Infrastructure Load Balancing, see Overview of Load Balancing.

Click Backend Sets under Resources in the Load Balancer Details page to display the Backend Sets page. This page contains a button for creating new backend sets.

Health Status

The Load Balancing service provides health status indicators that use your health check policies to report on the general health of your load balancers and their components. You can see health status indicators on the Console List and Details pages for load balancers, backend sets, and backend servers. You also can use the Load Balancing API to retrieve this information.

For general information about health status indicators, see Editing Health Check Policies.

Backend Set Health Summary

The Console list of a load balancer's backend sets provides health status summaries that indicate the overall health of each backend set. Health status indicators have four levels. The meaning of each level is:

  • OK: All backend servers in the backend set return a status of OK.
  • WARNING: Both of the following conditions are true:

    • Half or more of the backend set's backend servers return a status of OK.
    • At least one backend server returns a status of WARNING, CRITICAL, or UNKNOWN.
  • CRITICAL: Fewer than half of the backend set's backend servers return a status of OK.
  • UNKNOWN: At least one of the following conditions is true:

    • More than half of the backend set's backend servers return a status of UNKNOWN.
    • The system could not retrieve metrics for any reason.
    • The backend set does not have a listener attached.

For guidance on detecting and correcting common issues, see Health Status.

Backend Set Health Details

The backend set Details page provides the same Overall Health status indicator found in the load balancer's list of backend sets. It also includes counters for the Backend Health status values reported by the backend set's child backend servers.

The health status counter badges indicate the following:

  • The number of child entities reporting the indicated health status level.
  • If a counter corresponds to the overall health, the badge has a fill color.
  • If a counter has a zero value, the badge has a light gray outline and no fill color.

Creating Backend Sets

To create a backend set
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. Click Backend Sets under the Resources menu, then click Create Backend Set.

    The Create Backend Set dialog box appears.

  4. Enter the following:

    • Name: Required. Specify a friendly name for the backend set. It must be unique within the load balancer, and it cannot be changed.

      Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.

    • Traffic Distribution Policy: Required. Choose the load balancer policy for the backend set. The available options are:

      • IP Hash
      • Least Connections
      • Weighted Round Robin

      For more information on these policies, see How Load Balancing Policies Work.

      Tip

      You cannot add a backend server marked as Backup to a backend set that uses the IP Hash policy.
    • Use SSL: Optional. Check this box to associate an SSL certificate bundle with the backend set.

      If there are no certificate bundles attached to the load balancer, this option is disabled.

      Note

      If you check Use SSL, the SSL Policies fields appear at the bottom of the page.
      • Certificate Name: Required. Select the certificate bundle to use. You can choose any certificate bundle that is attached to the current load balancer. See Managing SSL Certificates for more information.
      • Verify Peer Certificate: Optional. Select this option to enable peer certificate verification.
      • Verify Depth: Optional. Specify the maximum depth for certificate chain verification.
    • Session Persistence: Optional. Specify how the load balancer manages session persistence.

      Important

      See Session Persistence for important information on configuring these settings.
      • Disable Session Persistence: Choose this option to disable cookie-based session persistence.
      • Enable Application Cookie Persistence: Choose this option to enable persistent sessions from a single logical client when the response from a backend application server includes a Set-cookie header with the cookie name you specify.

        • Cookie Name: The cookie name used to enable session persistence. Specify * to match any cookie name. Avoid entering confidential information.
        • Disable Fallback: Check this box to disable fallback when the original server is unavailable.
      • Enable Load Balancer Cookie Persistence: Choose this option to enable persistent sessions based on a cookie inserted by the load balancer.

        • Cookie Name: Specify the name of the cookie used to enable session persistence. If blank, the default cookie name is X-Oracle-BMC-LBS-Route.

          Ensure that any cookie names used at the backend application servers are different from the cookie name used at the load balancer. Avoid entering confidential information.

        • Disable Fallback: Check this box to disable fallback when the original server is unavailable.
        • Domain Name: Optional. Specify the domain in which the cookie is valid.

          This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header.

        • Path: Optional. Specify the path in which the cookie is valid. The default value is /.
        • Expiration Period in Seconds: Optional. Specify the amount of time the cookie remains valid. If blank, the cookie expires at the end of the client session.
        • Attributes

          • Secure: Specify whether the Set-cookie header should contain the Secure attribute. If selected, the client sends the cookie only using a secure protocol.

            If you enable this setting, you cannot associate the corresponding backend set with an HTTP listener.

          • HTTP Only: Specify whether the Set-cookie header should contain the HttpOnly attribute. If selected, the cookie is limited to HTTP requests. The client omits the cookie when providing access to cookies through non-HTTP APIs such as JavaScript channels.
    • Health Check: Required. Specify the test parameters to confirm the health of backend servers.

      • Protocol: Required. Specify the protocol to use, either HTTP or TCP.

        Important

        Configure your health check protocol to match your application or service.
      • Port: Optional. Specify the backend server port against which to run the health check.

        Tip

        You can enter the value '0' to have the health check use the backend server's traffic port.
      • URL Path (URI): (HTTP only) Required. Specify a URL endpoint against which to run the health check.
      • Interval in ms: Optional. Specify how frequently to run the health check, in milliseconds. The default is 10000 (10 seconds).
      • Timeout in ms: Optional. Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).
      • Number of retries: Optional. Specify the number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. The default is '3'.
      • Status Code: (HTTP only) Optional. Specify the status code a healthy backend server must return.
      • Response Body Regex: (HTTP only) Optional. Provide a regular expression for parsing the response body from the backend server.
    • SSL Policy: Optional. Specify the type of cipher suite to use:

      Note

      You must check Use SSL for the SSL Policy features to be displayed.
      • TLS Version: Optional. Specify the Transport Layer Security (TLS) version(s):
        • 1.0
        • 1.1
        • 1.2 (recommended)

        You can select any combination of versions. Choose the ones you want from the list. If you do not specify the TLS versions, the default TLS is version 1.2 only.

        • Select Cipher Suite - Select a set of cipher suites from the list. (default).

          All choices present in the list have at least one cipher associated with each TLS version you selected.

      • Click Show Cipher Suite Details to display the individual ciphers the selected cipher suite contains.
  5. Click Create.

After your backend set is provisioned, you must specify backend servers for the set. See Managing Backend Servers for more information.

Editing Backend Sets

To edit a backend set
Caution

Updating the backend set temporarily interrupts traffic and can drop active connections.

When you edit a backed set, you can choose a new load balancing policy and modify the SSL configuration.

  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. Click Backend Sets under the Resources menu, then click the name of the backend set you want to edit.
  4. Click Edit Backend Set.
  5. Edit the backend set configuration changes as wanted.

    See Creating Backend Sets for details on specific configurations.

  6. Click Submit.

If you want to modify the backend set's health check policy, see Editing Health Check Policies.

If you want to add or remove backend servers from the backend set, see Managing Backend Servers.

Deleting Backend Sets

To delete a backend set
Tip

You cannot delete a backend set used by an active listener. First, remove any backend sets you want to delete from the associated listeners.
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. Click Backend Sets under the Resources menu.
  4. Click the the Actions icon (three dots) associated with the backend set you want to delete, then click Delete.
  5. Confirm when prompted.