Creating a Load Balancer Backend Set

Describes how to create a backend set for a load balancer.

Using the Console

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display network load balancers.

  5. Click the load balancer to which you want to add a backend.

    The Load Balancer Details dialog box appears.

  6. Click Backend Sets under the Resources menu, then click Create Backend Set.

    The Create Backend Set dialog box appears.

  7. Enter the following:

    • Name: Required. Specify a friendly name for the backend set. It must be unique within the load balancer, and it cannot be changed.

      Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.

    • Traffic Distribution Policy: Required. Choose the load balancer policy for the backend set. The available options are:

      • IP Hash

      • Least Connections

      • Weighted Round Robin

      For more information on these policies, see Load Balancer Policies.

      Note

      You cannot add a backend server marked as Backup to a backend set that uses the IP Hash policy.

    • Use SSL: Optional. Check this box to associate an SSL certificate resource with the backend set.

      The load balancer automatically detects changes and consumes the current version of the Certificates service entities (certificates, certificate authorities, and CABundles) for use in SSL configuration. See Certificates for more information on automated certificate rotations.

      If no certificate resources attached to the load balancer exist, this option is disabled.

      Note

      If you check Use SSL, the SSL Policies fields appear at the bottom of the page.

        • Certificate Resource: Select the certificate resource type from the list:

          The method of importing the certificate varies depending on the certificate resource type you select. See SSL Certificates for Load Balancers for information on how load balancers use SSL certificates.

          See Certificates for general information on using SSL with your web application firewall policy.

          • Certificate Service Managed Certificate

            Select the certificate in the specified compartment from the Certificate list. Click Change Compartment to choose a different compartment from where to select the certificate.

            Advanced options are available with this selection. Click Show Advanced Options and select the Advanced SSL tab. This option is described later in this topic.

          • Load Balancer Managed Certificate: Select one of these options to import the certificate:

            • Choose SSL Certificate File: Required. Drag and drop the certificate file, in PEM format, into the SSL Certificate field.
            • Alternatively, you can choose the Paste SSL Certificate option to paste a certificate directly into this field.

              Important

              If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

            • Specify Private Key: Optional. (Required for SSL termination.) Select (check) this box if you want to provide a private key for the certificate.

              • Choose Private Key File: Drag and drop the private key, in PEM format, into the Private Key field.

                Alternatively, you can choose the Paste Private Key option to paste a private key directly into this field.

              • Enter Private Key Passphrase: Optional. Specify the private key passphrase.

            • Verify Peer Certificate: Optional. Select this option to enable peer certificate verification. See SSL Certificates for Load Balancers for more information.

            • Verify Depth: Optional. Specify the maximum depth for certificate chain verification. See SSL Certificates for Load Balancers for more information.

    • Session Persistence: Optional. Specify how the load balancer manages session persistence.

      Important

      See Load Balancer Session Persistence for important information on configuring these settings.

      • Disable Session Persistence: Choose this option to disable cookie-based session persistence.

      • Enable Application Cookie Persistence: Choose this option to enable persistent sessions from a single logical client when the response from a backend application server includes a Set-cookie header with the cookie name you specify.

        • Cookie Name: The cookie name used to enable session persistence. Specify * to match any cookie name. Avoid entering confidential information.

        • Disable Fallback: Check this box to disable fallback when the original server is unavailable.

      • Enable Load Balancer Cookie Persistence: Choose this option to enable persistent sessions based on a cookie inserted by the load balancer.

        • Cookie Name: Specify the name of the cookie used to enable session persistence. If blank, the default cookie name is X-Oracle-BMC-LBS-Route.

          Ensure that any cookie names used at the backend application servers are different from the cookie name used at the load balancer. Avoid entering confidential information.

        • Disable Fallback: Check this box to disable fallback when the original server is unavailable.

        • Domain Name: Optional. Specify the domain in which the cookie is valid.

          This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header.

        • Path: Optional. Specify the path in which the cookie is valid. The default value is /.

        • Expiration Period in Seconds: Optional. Specify the amount of time the cookie remains valid. If blank, the cookie expires at the end of the client session.

        • Attributes

          • Secure: Specify whether the Set-cookie header contains the Secure attribute. If selected, the client sends the cookie only using a secure protocol.

            If you enable this setting, you cannot associate the corresponding backend set with an HTTP listener.

          • HTTP Only: Specify whether the Set-cookie header contains the HttpOnly attribute. If selected, the cookie is limited to HTTP requests. The client omits the cookie when providing access to cookies through non-HTTP APIs such as JavaScript channels.

    • Health Check: Required. Specify the test parameters to confirm the health of backend servers.

      • Protocol: Required. Specify the protocol to use, either HTTP or TCP.

        Important

        Configure your health check protocol to match your application or service. See Health Checks for Load Balancers for more information.

      • Port: Optional. Specify the backend server port against which to run the health check.

        Tip

        You can enter the value 0 to have the health check use the backend server's traffic port.

      • URL Path (URI): (HTTP only) Required. Specify a URL endpoint against which to run the health check.

      • Interval in ms: Optional. Specify how frequently to run the health check, in milliseconds. The default is 10000 (10 seconds).

      • Timeout in ms: Optional. Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).

      • Number of retries: Optional. Specify the number of retries to attempt before a backend server is considered "unhealthy." This number also applies when recovering a server to the "healthy" state. The default is '3.'

      • Status Code: (HTTP only) Optional. Specify the status code a healthy backend server must return.

      • Response Body Regex: (HTTP only) Optional. Provide a regular expression for parsing the response body from the backend server.

    • Show Advanced Options: Click this link to access more options. Select the tab for the corresponding functionality:

      • Advanced SSL tab: (Only present if the Certificate Service Managed Certificate certificate resource is selected.) Select one of these options if you picked Certificate Service Managed Certificate when selecting the certificate resource for the listener. See SSL Certificates for Load Balancers for information on how load balancers use SSL certificates.

        • CA Bundle: Select the certificate authority bundle in the specified compartment from the list. Click Change Compartment to choose a different compartment from where to select the certificate authority bundle.

        • Certificate Authority: Select the certificate authority in the specified compartment from the list. Click Change Compartment to choose a different compartment from where to select the certificate authority bundle.

      • TLS Version: Optional. Specify the Transport Layer Security (TLS) versions:

        • 1.0

        • 1.1

        • 1.2 (recommended)

        You can select any combination of versions. Choose the ones you want from the list. If you do not specify the TLS versions, the default TLS is version 1.2 only.

        • Select Cipher Suite - Select a set of cipher suites from the list. (default).

          All choices present in the list have at least one cipher associated with each TLS version you selected.

  8. Click Create.

After your backend set is provisioned, you must specify backend servers for the set. See Backend Servers for Load Balancers for more information.

Using the CLI

Use the oci lb backend-set create command and required parameters to create a load balancer's backend set:

oci lb backend-set create --name name --load-balancer-id load_balancer_id --health-checker-protocol [HTTP|TCP] [OPTIONS]

For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

Using the API

Run the CreateBackendSet operation to create a backend set for a load balancer.