Oracle Cloud Infrastructure Documentation

Creating a Load Balancer Backend Set

Create logical entities consisting of a load balancing policy, health check policy, and a list of backend servers for a load balancer.

For prerequisite information, see Backend Sets for Load Balancers.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.

    2. Select the Compartment from the list. All load balancers in that compartment are listed in tabular form.

    3. Select a State from the list to limit the load balancers displayed to that state.

    4. Click the load balancer to which you want to add a backend. The load balancer's Details page appears.

    5. Click Backend sets under Resources. The Backend Sets list appears. All backend sets are listed in tabular form.

    6. Click Create backend set. The Create backend set dialog box appears.

    7. Complete the following:

      • Name: Enter a friendly name for the backend set. It must be unique within the load balancer, and it can't be changed. Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names can't contain spaces.

      • Traffic distribution policy: Choose the load balancer policy for the backend set. The available options are:

        • IP hash

        • Least connections

        • Weighted round robin

        You can't add a backend server marked as Backup to a backend set that uses the IP Hash policy. For more information on these policies, see Load Balancer Policies.

      • Use SSL: Select to associate an SSL certificate resource with the backend set.

        The load balancer automatically detects changes and consumes the current version of the Certificates service entities (certificates, certificate authorities, and CABundles) for use in SSL configuration. See Certificates for more information on automated certificate rotations.

        If no certificate resources attached to the load balancer exist, this option is disabled.

        Certificate resource: Select the certificate resource type from the list:

        The method of importing the certificate varies depending on the certificate resource type you select. See SSL Certificates for Load Balancers for information on how load balancers use SSL certificates.

        See Certificates for general information on using SSL with your web application firewall policy.

        • Certificate service managed certificate

          Select the CA bundle or Certificate authority option, and then select your choice from the associated list. Click Change compartment to choose a different compartment from which to select the CA bundle or certificate authority.

          Advanced options are available with this selection. Click Show advanced options and select the Advanced SSL tab. This option is described later in this topic.

        • Load balancer managed certificate: Select one of these options to import the certificate:

          Choose SSL certificate file: Drag the certificate file, in PEM format, into the SSL certificate field. Alternatively, you can choose the Paste SSL certificate option to paste a certificate directly into this field.

          If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

          Specify private key: (Required for SSL termination.) Select to provide a private key for the certificate.

          Choose private key file: Drag the private key, in PEM format, into the Private key field.

          Enter private key passphrase: Specify the private key passphrase. Alternatively, you can choose the Paste private key option to paste a private key directly into this field.

          Verify peer certificate: Select this option to enable peer certificate verification. See SSL Certificates for Load Balancers for more information.

          Verify depth: Optional. Specify the maximum depth for certificate chain verification. See SSL Certificates for Load Balancers for more information.

      • Session persistence: Specify how the load balancer manages session persistence. See Load Balancer Session Persistence for important information on configuring these settings.

        • Disable session persistence: Choose this option to disable cookie-based session persistence.

        • Enable application cookie persistence: Choose this option to enable persistent sessions from a single logical client when the response from a backend application server includes a Set-cookie header with the cookie name you specify.

          • Cookie name: The cookie name used to enable session persistence. Specify * to match any cookie name.

          • Disable fallback: Check this box to disable fallback when the original server is unavailable.

        • Enable load balancer cookie persistence: Choose this option to enable persistent sessions based on a cookie inserted by the load balancer.

          • Cookie name: Specify the name of the cookie used to enable session persistence. If blank, the default cookie name is X-Oracle-BMC-LBS-Route.

            Ensure that any cookie names used at the backend application servers are different from the cookie name used at the load balancer.

          • Disable fallback: Check this box to disable fallback when the original server is unavailable.

          • Domain name:: Specify the domain in which the cookie is valid.

            This attribute has no default value. If you don't specify a value, the load balancer doesn't insert the domain attribute into the Set-cookie header.

          • Path: Specify the path in which the cookie is valid. The default value is /.

          • Expiration period in seconds: Specify the amount of time the cookie remains valid. If blank, the cookie expires at the end of the client session.

          • Attributes

            Secure: Specify whether the Set-cookie header contains the Secure attribute. If selected, the client sends the cookie only using a secure protocol.

            If you enable this setting, you can't associate the corresponding backend set with an HTTP listener.

            HTTP only: Specify whether the Set-cookie header contains the HttpOnly attribute. If selected, the cookie is limited to HTTP requests. The client omits the cookie when providing access to cookies through non-HTTP APIs such as JavaScript channels.

      • Health check: Specify the test parameters to confirm the health of backend servers.

        • Protocol: Specify the protocol to use, either HTTP or TCP. Configure your health check protocol to match your application or service. See Health Checks for Load Balancers for more information.

        • Port: (Optional) Specify the backend server port against which to run the health check. You can enter the value 0 to have the health check use the backend server's traffic port.

        • Force plaintext health checks: (HTTP only) (Optional) Check to send the health check to the backend server without SSL. This option is only available when the backend server has its protocol is set to HTTP. It has no effect when the backend server does not have SSL enabled. When SSL is disabled, health checks are always plaintext.

        • Interval in milliseconds: (Optional) Specify how frequently to run the health check, in milliseconds. The default is 10000 (10 seconds).

        • Timeout in milliseconds: (Optional) Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).

        • Number of retries: (Optional) Specify the number of retries to attempt before a backend server is considered "unhealthy." This number also applies when recovering a server to the "healthy" state. The default is '3.'

        • Status code: (HTTP only) (Optional) Specify the status code a healthy backend server must return.

        • URL path (URI): (HTTP only) Specify a URL endpoint against which to run the health check.

        • Response body regex: (HTTP only) (Optional) Provide a regular expression for parsing the response body from the backend server.

      • Show advanced options: Click this link to access more options. Select the tab for the corresponding functionality:

        • Advanced SSL tab: (Only present if the Certificate Service Managed Certificate certificate resource is selected.) Select one of these options if you picked Certificate Service Managed Certificate when selecting the certificate resource for the listener. See SSL Certificates for Load Balancers for information on how load balancers use SSL certificates.

          CA bundle: Select the certificate authority bundle in the specified compartment from the list. Click Change compartment to choose a different compartment from where to select the certificate authority bundle.

          Certificate authority: Select the certificate authority in the specified compartment from the list. Click Change compartment to choose a different compartment from where to select the certificate authority bundle.

        • TLS version: Optional. Specify the Transport Layer Security (TLS) versions: 1.0, 1.1, 1.2 (recommended), and 1.3

          You can select any combination of versions. Choose the ones you want from the list. If you don't specify the TLS versions, the default TLS is version 1.2 only.

          Select cipher suite: Select a set of cipher suites from the list. All choices present in the list have at least one cipher associated with each TLS version you selected.

    8. Click Create.

    After your backend set is provisioned, you must specify backend servers for the set. See Backend Servers for more information.

  • Use the oci lb backend-set create command and required parameters to create a load balancer's backend set:

    oci lb backend-set create --name name --load-balancer-id load_balancer_id --health-checker-protocol [HTTP|TCP] [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateBackendSet operation to create a backend set for a load balancer.