Listener Management

Learn how to use listeners to check for incoming traffic on the load balancer's IP address.

A listener is a logical entity that checks for incoming traffic on the load balancer's IP address. To handle TCP, HTTP, and HTTPS traffic, you must configure at least one listener per traffic type. When you create a listener, you must ensure that your VCN's security rules allow the listener to accept traffic.

Tip

To accommodate high-volume traffic, Oracle strongly recommends that you use stateless security rules for your load balancer subnets.

You can have one SSL certificate bundle per listener. You can configure two listeners, one each for ports 443 and 8443, and associate SSL certificate bundles with each listener. For more information about SSL certificates for load balancers, see SSL Certificate Management.

Click Listeners under Resources in the Load Balancer Details page to display the Listeners page. This page contains a button for creating listeners.

Creating Listeners

Create a listener for a Load Balancer resource.

Use one of the following methods to create a listener for a selected load balancer.

To create a listener using the Console

Use the OCI Console to create a listener for a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display load balancers.

  5. Select the load balancer for which you want to create a listener.

    The Load Balancer Details dialog box appears.

  6. Click Listeners under Resources.

    The Listeners list appears. All listeners are listed in tabular form.

  7. Click Create Listener.

    The Create Listener dialog box appears.

  8. Enter the following:

    • Name: Required. Specify a friendly name for the listener. The name must be unique, and cannot be changed.

    • Hostname: Optional. Select up to 16 virtual hostnames for this listener.

      Note

      To apply a virtual hostname to a listener, the name must be part of the load balancer's configuration. If the load balancer has no associated hostnames, you can create one on the Hostnames page. See Hostname Management for more information.

    • Protocol: Required. Specify the protocol to use, either HTTP or TCP.

    • Port: Required. Specify the port on which to listen for incoming traffic.

    • Use SSL: Optional. Check this box to associate an SSL certificate bundle with the listener. The following settings are required to enable SSL handling. See SSL Certificate Management for more information.

      • Certificate Name: The friendly name of the SSL certificate bundle to use.

      • Verify Peer Certificate: Optional. Select this option to enable peer certificate verification.

      • Verify Depth: Optional. Specify the maximum depth for certificate chain verification.

    • Backend Set: Required. Specify the default backend set to which the listener routes traffic.

    • Idle Timeout in Seconds: Optional. Specify the maximum idle time in seconds. This setting applies to the time allowed between two successive receive or two successive send network input/output operations during the HTTP request-response phase.

      Note

      The maximum value is 7200 seconds. For more information, see Connection Management.

    • Choose either a Routing Policy or a Path Route Set.

      • Routing Policy: Optional. Specify the name of the routing policy that applies to this listener's traffic.

      • Path Route Set: Optional. Specify the name of the set of path-based routing rules that applies to this listener's traffic.

        Note

        • To apply a path route set to a listener, the set must be part of the load balancer's configuration.

        • To remove a path route set from an existing listener, choose None as the Path Route Set option. The path route set remains available for use by other listeners on this load balancer.

    • Show Advanced Options: Click to display the following options:

      • TLS Version: Specify the Transport Layer Security (TLS) version(s):

        • 1.0

        • 1.1

        • 1.2 (recommended)

        You can select any combination of versions. Choose the ones you want from the list. If you do not specify the TLS versions, the default TLS is version 1.2 only.

        • Select Cipher Suite - Select a set of cipher suites from the list. (default).

          All choices present in the list have at least one cipher associated with each TLS version you selected.

      • Click Show Cipher Suite Details to display the individual ciphers the selected cipher suite contains.

      • Server Order Preference: Select Enable to give preference to the server ciphers over the client.

  9. Click Create Listener.

When you create a listener, you must also update your VCN's security rules to allow traffic to that listener.

To create a listener using the CLI

Use the command line interface (CLI) to create a listener for a Load Balancer resource.

Enter the following command:

oci lb listener create --name name --default-backend-set-name default_backend_set_name --load-balancer-id load_balancer_id --port port --protocol protocol [OPTIONS]

See the CLI online help for a list of options:

oci lb listener create --help

See oci lb listener create for a complete description of the command.

To create a listener using the API

Use the API to create a listener for a Load Balancer resource.

Run the CreateListener method to create a listener for a load balancer. See CreateListener for a complete description.

Listing Listeners

List the listeners for a Load Balancer resource.

Use one of the following methods to display a list of listeners for a selected load balancer.

To list the listeners using the Console

Use the OCI Console to list the listeners for a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display load balancers.

  5. Select the load balancer containing the listeners that you want to list.

    The Load Balancer Details dialog box appears.

  6. Click Listeners under Resources.

    The Listeners list appears. All listeners are listed in tabular form.

Getting Listener Details

Get the details of a listener for a Load Balancer resource.

Use one of the following methods to display the details of a listener for a selected load balancer.

To get the details of a listener using the Console

Use the OCI Console to get the details of a listener for a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display load balancers.

  5. Select the load balancer containing the listeners that you want to list.

    The Load Balancer Details dialog box appears.

  6. Click Listeners under Resources.

    The Listeners list appears. All listeners are listed in tabular form.

    The following details are displayed for each listener:

    • Name

    • Protocol

    • Port

    • Cipher Suite

    • Backend Set

    • Routing Policy

    • Path Route Set

    • Hostnames

    • Use SSL

Editing Listeners

Update a listener for a Load Balancer resource.

Use one of the following methods to edit and update the settings of a listener for a selected load balancer.

To edit a listener using the Console

Use the OCI Console to update a listener for a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display load balancers.

  5. Select the load balancer whose listener you want to edit.

    The Load Balancer Details dialog box appears.

  6. Click Listeners under Resources.

    The Listeners list appears. All listeners are listed in tabular form.

  7. Click the Actions icon (Actions icon) associated with the listener set you want to edit and click Edit.

    The Edit Listener dialog box appears.

  8. Edit the listener settings. See Creating Listeners for details on specific configurations.

  9. Click Update Listener.

To edit a listener using the CLI

Use the command line interface (CLI) to update a listener for a Load Balancer resource.

Enter the following command:

oci lb lister update --load-balancer-id load-balancer_id --listener-name listener_name --default-backend-set-name default_backend_set_name --port port --protocol protocol [OPTIONS]

See the CLI online help for a list of options:

oci lb listener update --help

See oci lb listener update for a complete description of the command.

To edit a listener using the API

Use the API to update a listener for a Load Balancer resource.

Run the UpdateListener method to edit a listener for a load balancer. See UpdateListener for a complete description.

Deleting Listeners

Delete a listener from a Load Balancer resource.

Use one of the following methods to delete a listener from a selected load balancer.

To delete a listener using the Console

Use the OCI Console to delete a listener from a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Load Balancer under Type to only display load balancers.

  5. Select the load balancer whose listener you want to delete.

    The Load Balancer Details dialog box appears.

  6. Click Listeners under Resources.

    The Listeners list appears. All listeners are listed in tabular form.

  7. Click the Actions icon (Actions icon) associated with the listener set you want to delete and click Delete.

  8. Confirm the deletion when prompted.

To delete a listener using the CLI

Use the command line interface (CLI) to delete a listener from a Load Balancer resource.

Enter the following command:

oci lb lister delete --load-balancer-id load-balancer_id --listener-name listener_name [OPTIONS]

See the CLI online help for a list of options:

oci lb listener delete --help

See oci lb listener delete for a complete description of the command.

To delete a listener using the API

Use the API to delete a listener from a Load Balancer resource.

Run the DeleteListener method to edit a listener for a load balancer. See DeleteListener for a complete description.

Enabling Listeners to Accept Traffic

Use one of the following methods to enable a listener to accept traffic for a selected Load Balancer resource.

To enable a listener to accept traffic using the Console

Use the OCI Console to enable a listener to accept traffic for a Load Balancer resource.

To enable a listener to accept traffic, update your VCN's security rules:

  1. Open the navigation menu, click Networking, and then click Virtual Cloud Networks.

    The list of VCNs in the current compartment appears.

  2. Click the name of the VCN containing your load balancer, and then click Security Groups or Security Lists.

    A list of the security groups or lists in the cloud network appears.

  3. Click the name of the NSG or security list that applies to your load balancer.

  4. Add or edit the existing rules to allow access from the appropriate resources.

    An NSG's security rules appear on the Network Security Group Details page. From there you can add, edit, or remove rules.

    The Security List Details page provides access to separate tables in which you can add or edit Ingress Rules or Egress Rules.

    For details on rule configuration, see Security Rules.