Load Balancer Management

Learn how to create and manage Load Balancer resources to provide automated traffic distribution from one entry point to multiple servers reachable from your virtual cloud network (VCN).

For the purposes of access control, you must specify the compartment where you want the load balancer to reside. Consult an administrator in your organization if you're not sure which compartment to use. For information about compartments and access control, see Managing Compartments.

When you create a load balancer within your VCN, you get a public or private IP address, and provisioned total bandwidth. If you need another IP address, you can create another load balancer.

A public load balancer in a region with multiple availability domains requires one public regional subnet or two public AD-specific subnets to host the primary load balancer and a standby. In the latter case, each AD-specific subnet must reside in a separate availability domain. A public load balancer in a region with only one availability domain requires a single public subnet to host the primary load balancer and a standby. For more information on VCNs and subnets, see Networking Overview. You can associate the public IPv4 address with a DNS name from any vendor. You can use the public IP address as a front end for incoming traffic. The load balancer can route data traffic to any backend server that is reachable from the VCN.

A private load balancer requires only one subnet to host the primary load balancer and a standby. The private IP address is local to the subnet. The load balancer is accessible only from within the VCN that contains the associated subnet, or as further restricted by your security list rules. The load balancer can route data traffic to any backend server that is reachable from the VCN.

The essential components for load balancing include:

  • A load balancer with pre-provisioned bandwidth.

  • A backend set  with a health check policy. See Backend Set Management for more information.

    .
  • Backend servers for your backend set. See Backend Server Management for more information.

  • One or more listeners . See Listener Management for more information.

  • Load balancer subnet security rules to allow the intended traffic. To learn more about these rules, see Security Rules.

    Note

    To accommodate high-volume traffic, Oracle strongly recommends that you use stateless security rules for your load balancer subnets. See Stateful Versus Stateless Rules for more information.

Optionally, you can associate your listeners with SSL server certificate bundles to manage how your system handles SSL traffic. See SSL Certificate Management for more information.

For information about the number of load balancers you can have, see Service Limits.

Prerequisites

To implement a working load balancer, you need:

  • For a public load balancer in a region with multiple availability domains , you need a VCN with a public regional subnet or at least two public AD-specific subnets. In the latter case, each AD-specific subnet must reside in a separate availability domain. For more information on subnets, See VCNs and Subnets and Public IP Address Ranges.

    Note

    You cannot specify a private subnet for your public load balancer.

  • For a public load balancer in a region with only one availability domain, you need a VCN with at least one public subnet.

  • For a private load balancer in any region, you need a VCN with at least one private subnet.

  • Two or more backend servers (Compute instances) running your applications. For more information on Compute instances, see Creating an Instance.

Private IP Address Consumption

A public load balancer created in one public regional subnet consumes two private IPv4 addresses from the host subnet. The primary and secondary load balancers reside within the same subnet. Each load balancer requires a private IPv4 address from that subnet. The Load Balancing service assigns a floating public IPv4 address, which does not come from the host subnet. If the load balancer is enabled for IPv6, it receives an IPv6 address from the host subnet.

A public load balancer created in two public AD-specific subnets consumes two private IP addresses, one from each host subnet. The primary and secondary load balancers reside within different subnets. Each load balancer requires one private IP address from its host subnet. The Load Balancing service assigns a floating public IPv4 address, which does not come from the host subnets. If the load balancer is enabled for IPv6, it is assigned an IPv6 address from the host subnet.

A private load balancer created in a single subnet consumes three private IP addresses from the host subnet. The primary and secondary load balancers reside within the same subnet. Each load balancer requires a private IP address from that subnet. The floating private IP address also comes from the host subnet. Internet communication with a load balancer enabled for IPv6 and created in a private subnet is prohibited. You can't create a globally routable IPv6-enabled load balancer in a private subnet.

Configuration Changes and Service Disruption

For a running load balancer, some configuration changes lead to service disruptions. The following guidelines help you understand the effect of changes to your load balancer.

  • Operations that add, remove, or modify a backend server create no disruptions to the Load Balancing service.

  • Operations that edit an existing health check policy create no disruptions to the Load Balancing service.

  • Operations that trigger a load balancer reconfiguration can produce a brief service disruption with the possibility of some terminated connections.

Creating Load Balancers

Create a Load Balancer resource.

Use one of the following methods to create a load balancer.

To create a load balancer using the Console

Use the OCI Console to create a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Choose a Compartment you have permission to work in under List Scope.

    Note

    If you select a different compartment in the Management tab (under Advanced Options), that compartment contains the load balancer you are creating instead of the compartment specified here.

  3. Click Create Load Balancer.

    The Select Load Balancer Type appears.

  4. Select Load Balancer and click Create Load Balancer.

    The Create Load Balancer dialog box appears. Creating a load balancer consists of the following sections:

    • Add Details

    • Choose Backends

    • Configure Listener

    • Manage Logging

    By default, the Add Details page appears first.

  5. Run each of the following workflows in order. You can return to a previous page by clicking Previous.

    Step 1 - Add Details

    Specify the attributes of the load balancer.

    • Load Balancer Name: Required. Accept the default name or specify a friendly name for the load balancer. It does not have to be unique, but it cannot be changed in the Console. You can, however, change it with the API.

    • Choose Visibility Type: Specify whether your load balancer is public or private.

      • Public: Choose this option to create a public load balancer. You can use the assigned public IP address as a front end for incoming traffic and to balance that traffic across all backend servers.

      • Private: Choose this option to create a private load balancer. You can use the assigned private IP address as a front end for incoming internal VCN traffic and to balance that traffic across all backend servers.

    • Choose IP Address Type: Specify whether the public IP address is reserved or ephemeral.

      • Ephemeral IP Address: Choose this option to let Oracle specify an ephemeral IP address for you from the Oracle IP pool. This is the default.

      • Reserved IP Address: Choose this option to specify an existing reserved IP address by name, or to create a new reserved IP address by assigning a name and selecting a source IP pool for the address. If you don't select a user-created pool, the default Oracle IP pool is used.

      See Public IP Addresses for more information.

    • Bandwidth: The Bandwidth shape options are the following:

      • Flexible Shapes: Specify Minimum Bandwidth and Maximum Bandwidth values to create an upper and lower size range for the load balancer's bandwidth shape. Possible sizes range from 10 Mbps to 8,000 Mbps. You can use the slider to specify the value or enter it directly into the box to the left of each slider.

        The minimum bandwidth reflects the amount of bandwidth that is always available to provide instant readiness for the workloads.

        The maximum bandwidth is the upper amount of bandwidth the load balancer supports during time of peak workload.

        If you want to specify a fixed shape size, for example 500 Mbps, set the minimum and maximum sliders to the same value.

        If you are creating the load balancer as a paid account user, you can create various shape options based on your limits and later adjust the bandwidth by changing the shape after the load balancer has been created. You can view your service limits and quotas in the Console by navigating to Governance > Limits, Quotas and Usage. Select "LbaaS" from the Service list. Your bandwidth size options are listed. See Service Limits for more information.

        Billing is per minute for your load balancer base instance, plus a bandwidth usage fee. If the actual usage is below or equal to your specified minimum bandwidth, you are billed for the minimum bandwidth. If actual usage exceeds the minimum bandwidth, you are billed for the actual bandwidth used for that minute.

        The Always Free option is incorporated into your paid account in your home region. The first 10 Mbps of your bandwidth is free, and is indicated as such on your bill.

        Note

        Government accounts using pre-paid dynamic (fixed) shape sizes run the risk of overage charges when flexible bandwidth shapes exceed the predetermined size. Update government accounts to the flexible load balancer SKU, with the appropriate bandwidth quantity, in their contract before using the flexible load balancer feature.

        If you are using non-universal credit SKUs, ensure that your contract includes the shape you are updating to so you can prevent incurring overage charges.

      • Always Free: If you are creating the load balancer as an Always Free user, you can only select the Always Free (10 Mbps) option. Switching away from Always Free prompts you to upgrade to a paid account.

        Always Free shape options are not available to Government accounts.

        Note

        If you are creating a load balancer in an Always Free tenancy, the Always Free feature is enabled by default, and only Always Free shape options are available. Upgrading is the only way an Always Free tenancy can select a bandwidth shape option other than the default Always Free size. For more information about Always Free resources, including other capabilities and limitations, see Oracle Cloud Infrastructure Free Tier.

      You can adjust the bandwidth shape to a different size after you have completed creating the load balancer. See Changing the Load Balancer Bandwidth Shape: for more information.

    • Enable IPv6 Address Assignment Available only in the US Government Cloud. Specify whether the load balancer supports IPv6 addresses for incoming requests.

      Note

      • When you create a load balancer, you can optionally choose to have an IPv4/IPv6 dual-stack configuration. When you choose the IPv6 option, the Load Balancing service assigns both an IPv4 and an IPv6 address to the load balancer. The load balancer receives client traffic sent to the assigned IPv6 address. The load balancer uses only IPv4 addresses to communicate with backend servers. The load balancer and the backend servers do not use IPv6 communication.

      • IPv6 address assignment occurs only at load balancer creation. You cannot assign an IPv6 address to an existing load balancer.

      • Only VCNs in the US Government Cloud currently support IPv6 addressing. For more information about Oracle Cloud Infrastructure's IPv6 implementation, see IPv6 Addresses.

    • Choose Networking

      If the current compartment contains at least one VCN, the Console provides a list of VCNs for you to choose from.

      • Virtual Cloud Network in <compartment>: Required. Specify a VCN for the load balancer.

        By default, the Console shows a list of VCNs in the compartment you’re currently working in. Click the Change Compartment link to select a VCN from a different compartment.

      • Subnet in <compartment>: Required. Select an available subnet. For a public load balancer, it must be a public subnet.

        By default, the Console shows a list of subnets in the compartment you’re currently working in. Click the Change Compartment link to select a subnet from a different compartment.

        Note

        In addition to public or private, subnets can be either regional or AD-specific. Oracle recommends using regional subnets. For more information, see Overview of VCNs and Subnets.

      • Subnet (2 of 2) in <compartment>: Required for a public load balancer when you specify an AD-specific subnet for Subnet. Select a second public subnet. The second subnet must reside in a separate availability domain from the first subnet.

        Note

        • If you chose to create a private load balancer under Visibility Type, the form prompts you to select only one subnet.

        • If you are working in a region that includes only one availability domain, a second subnet is not required. The form prompts you to select only one subnet.

      If the current compartment contains no virtual cloud networks, the Load Balancing service offers to create a VCN for you.

      • Virtual Cloud Network in <compartment>: When the current compartment contains no virtual cloud networks, the list is disabled. The system offers to create a VCN for you.

        If you want to use an existing VCN in another compartment, click the Change Compartment link and choose that compartment from the list.

        Virtual Cloud Network Name: Optional, when the system creates a VCN for you. Specify a friendly name for the new cloud network. It doesn't have to be unique, and it cannot be changed later in the Console (but you can change it with the API). Avoid entering confidential information.

        If you do not specify a name for the new VCN, the system generates a name for you.

    • Use Network Security Groups to Control Traffic: Check this box if you want to add your load balancer to a network security group (NSG). For more information about NSGs, see Network Security Groups.

      • Network Security Groups in <compartment>: Choose an NSG to add your load balancer to.

        By default, the Console shows a list of NSGs in the compartment you’re currently working in. Click the Change Compartment link to select an NSG from a different compartment.

      • (Optional) Click + Another Network Security Group to add your load balancer to another NSG.

      Tip

      You can change the NSGs that your load balancer belongs to after you create it. On the Load Balancer Details page, click the Edit link that appears beside the list of associated network security groups.

    • Show Advanced Options: Click this link to display the following options:

      • Management:

        • Create in Compartment: Optionally, you can select a different compartment to host the load balancer. The compartment you select here overrides the compartment listed under Scope selected when first creating the load balancer.

      • Tagging: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.

    Note

    The following describes the Dynamic Shapes feature, which is only available to certain legacy customer accounts:

    Dynamic Shapes: Choose one of the following predefined shape sizes.

    • 10 Mbps

    • 100 Mbps

    • 400 Mbps

    • 8,000 Mbps

    If you are creating the load balancer as a paid account user, you can create various shape options based on your limits and later adjust the bandwidth by changing the shape after the load balancer has been created. You can view your service limits and quotas in the Console by navigating to Governance > Limits, Quotas and Usage. Select "LbaaS" from the Service list. Your bandwidth size options are listed. See Service Limits for more information. You can also select the Always Free option if your one free tier account has not already been used.

    You can adjust the bandwidth shape to a different size after you have completed creating the load balancer. See Changing the Load Balancer Bandwidth Shape for more information.

    If you adjust a dynamic size value to a flexible size using the sliders, you cannot revert to a dynamic shape of any size. You can achieve the effect of having a dynamic (fixed) size by setting the minimum and maximum sliders to the same size.

    Step 2 - Choose Backends

    A load balancer distributes traffic to backend servers within a backend set. A backend set is a logical entity defined by a load balancing policy, a list of backend servers (Compute instances), and a health check policy.

    The load balancer creation workflow creates one backend set for your load balancer. Optionally, you can add backend sets and backend servers after you create the load balancer.

    • Specify a Load Balancing Policy: Required. Choose the load balancer policy for the backend set. The available options are:

      • Weighted Round Robin: This policy distributes incoming traffic sequentially to each server in a backend set list.

      • IP Hash: This policy ensures that requests from a particular client are always directed to the same backend server.

      • Least Connections: This policy routes incoming request traffic to the backend server with the fewest active connections.

      For more information on these policies, see Load Balancing Policies.

    • Select Backend Servers: Optional. Add backend servers to the backend set. Click Add Backends to select resources from a list of available Compute instances.

      Important

      When you add backend servers, the Load Balancing service automatically creates security list rules for you. If you prefer to create security list rules manually, click Show Advanced Options and choose the option to Manually configure security list rules after the load balancer is created.

      • Add Backends: Select (check) the instances you want to include in the load balancer's backend set.

        To select instances from a different compartment, use the Change Compartment link and choose a compartment from the list.

        After you select the instances you want to add from the current compartment, click Add Selected Backends.

        Tip

        • You can choose instances from one compartment at a time. After you add instances from one compartment, you can choose Add More Backends to add instances from another compartment.

        • You cannot add a backend server marked as Backup to a backend set that uses the IP Hash policy.

      After you add instances to the backend set, they appear in the Select Backend Servers table. You can:

      • Specify the server Port to which the load balancer must direct traffic. The default is port 80.

      • Click the Actions icon (Actions icon) for a server and choose Delete to remove it from the backend set.

    • Specify Health Check Policy: Required. Specify the test parameters that confirm the health of your backend servers.

      • Protocol: Required. Specify the protocol to use for health check queries, either HTTP or TCP.

        Important

        Configure your health check protocol to match your application or service. See Health Check Management for more information.

      • Port: Optional. Specify the backend server port against which to run the health check.

        Tip

        You can enter the value '0' to have the health check use the backend server's traffic port.

      • Interval in ms: Optional. Specify how frequently to run the health check, in milliseconds. The default is 10000 (10 seconds).

      • Timeout in ms: Optional. Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).

      • Number of retries: Optional. Specify the number of retries to attempt before a backend server is considered "unhealthy." This number also applies when recovering a server to the "healthy" state. The default is 3.

      • Status Code: (HTTP only) Optional. Specify the status code a healthy backend server must return.

      • URL Path (URI): (HTTP only) Required. Specify a URL endpoint against which to run the health check.

      • Response Body Regex: (HTTP only) Optional. Provide a regular expression for parsing the response body from the backend server.

    • Use SSL: Optional. Check to apply SSL to the load balancer backend. If you select this option, complete the following:

      Important

      If optimal security is required, it is your responsibility to always use HTTPS for traffic between the load balancer and the backend set.

      • SSL Certificate: Select one of these options:

        • Choose SSL Certificate File: Drag and drop the certificate file into the SSL Certificate field. Alternatively, click Select Files and navigate your system to where you can select the certificate file for upload. Certificate files must be in PEM format and must have the .pem, .cer, or .crt file extensions.

          Important

          If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

        • Paste SSL Certificate: Copy and paste a certificate directly into this field.

      • Specify CA Certificate: Optional. (Recommended for backend SSL termination configurations.) Check this box if you want to provide a CA certificate. See SSL Certificate Management for more information.

      • Specify Private Key: Optional. (Required for SSL termination.) Check this box if you want to provide a private key for the certificate.

    • Show Advanced Options: Click this link to access more options. Select the tab for the corresponding functionality:

      • Backend Set Name: Specify a name for the backend set. It must be unique within the load balancer, and it cannot be changed. If you do not specify a name, the Load Balancing service creates one for you.

        Use only alphanumeric characters, dashes ("-"), and underscores ("_") for backend set names. Backend set names cannot contain spaces. Avoid entering confidential information.

      • Security List: Choose to manually configure subnet security list rules to allow the intended traffic or allow the system to create security list rules for you. To learn more about these rules, see Parts of a Security Rule.

        • Manually configure security list rules after the load balancer is created: When you choose this option, you must configure security list rules after load balancer creation.

        • Automatically add security list rules: Default. When you choose this option, the Load Balancing service creates security list rules for you.

          The system displays a table for egress rules and a table for ingress rules. Each table lets you choose the security list that applies to the relevant subnet.

          You can choose whether to apply the proposed rules for each affected subnet.

      • Session Persistence: Specify how the load balancer manages session persistence.

        Important

        See Session Persistence for important information on configuring these settings.

        • Disable Session Persistence: Choose this option to disable cookie-based session persistence.

        • Enable Application Cookie Persistence: Choose this option to enable persistent sessions from a single logical client when the backend application server response includes a Set-cookie header with the cookie name you specify.

          • Cookie Name: The cookie name used to enable session persistence. Specify * to match any cookie name. Avoid entering confidential information.

          • Disable Fallback: Check this box to disable fallback when the original server is unavailable.

        • Enable Load Balancer Cookie Persistence: Choose this option to enable persistent sessions based on a cookie inserted by the load balancer.

          • Cookie Name: Specify the name of the cookie used to enable session persistence. If blank, the default cookie name is X-Oracle-BMC-LBS-Route.

            Ensure that any cookie names used at the backend application servers are different from the cookie name used at the load balancer. Avoid entering confidential information.

          • Disable Fallback: Check this box to disable fallback when the original server is unavailable.

          • Domain Name: Optional. Specify the domain in which the cookie is valid.

            This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header.

          • Path: Optional. Specify the path in which the cookie is valid. The default value is /.

          • Expiration Period in Seconds: Optional. Specify the amount of time the cookie remains valid. If blank, the cookie expires at the end of the client session.

          • Attributes

            • Secure: Specify whether the Set-cookie header must contain the Secure attribute. If selected, the client sends the cookie only using a secure protocol.

              If you enable this setting, you cannot associate the corresponding backend set with an HTTP listener.

            • HTTP Only: Specify whether the Set-cookie header must contain the HttpOnly attribute. If selected, the cookie is limited to HTTP requests. The client omits the cookie when providing access to cookies through non-HTTP APIs such as JavaScript channels.

      • SSL Policy: Specify the type of cipher suite to use:

        • TLS Version: Required. Specify each of the Transport Layer Security (TLS) versions you want:

          • 1.0

          • 1.1

          • 1.2 (recommended. Required if using HTTP/2)

          You can select any combination of versions.

          • Specify the Cipher Suite: Required. Choose one of the following options:

            • Select Cipher Suite: Select a set of cipher suites from the list. (default).

              All cipher suites listed have at least one cipher from each of the TLS versions you selected.

            • Create Custom Cipher Suite: Add ciphers to a new suite.

              Perform the following:

              1. Enter the name of the customer cipher suite in the Suite Name field.

              2. Click Choose Ciphers.

                The Select Ciphers page appears.

              3. Check each cipher that you want to include in the suite.

                The TLS versions associated with each cipher are listed in the Version column. Ensure that any cipher you choose is compatible with the TLS versions you previously chose.

              4. Deselect any ciphers you want to exclude.

                Note

                Assign at least one cipher to a cipher suite you create. You cannot create a cipher suite that contains no ciphers.
              5. Click Select. Then select that custom cipher suite (or whatever suite you want to use) from the Select Cipher Suite list.

            • Click Show Cipher Suite Details to display the individual ciphers the selected cipher suite contains.

    Step 3 - Configure Listener

    Complete the following:

    • Listener Name: Required. Specify a friendly name for the listener. The name must be unique, and cannot be changed. Avoid entering confidential information.

      If you do not specify a name, the Load Balancing service creates one for you.

    • Specify the type of traffic your listener handles: Required. Specify the protocol to use. Choices are:

      • HTTPS

      • HTTP/1.0

      • HTTP/1.1

      • HTTP/2

      • TCP

    • Specify the port your listener monitors for ingress traffic: Required. Specify the port. Defaults are:

      • 443 for HTTPS

      • 80 for HTTP/1.0, 1.1

      • 443 for HTTP/2

      • 22 for TCP

    • If you chose the HTTPS or HTTP/2 protocols, or if you chose the TCP protocol and selected the Use SSL check box

      • Choose SSL Certificate File: Required. Drag and drop the certificate file, in PEM format, into the SSL Certificate field.

        Alternatively, you can choose the Paste SSL Certificate option to paste a certificate directly into this field.

        Important

        If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

      • Specify CA Certificate: Optional. (Recommended for backend SSL termination configurations.) Select (check) this box if you want to provide a CA certificate. See SSL Certificate Management for more information.

        • Choose CA Certificate File: Drag and drop the CA certificate file, in PEM format, into the CA Certificate field.

          Alternatively, you can choose the Paste CA Certificate option to paste a certificate directly into this field.

      • Specify Private Key: Optional. (Required for SSL termination.) Select (check) this box if you want to provide a private key for the certificate.

        • Choose Private Key File: Drag and drop the private key, in PEM format, into the Private Key field.

          Alternatively, you can choose the Paste Private Key option to paste a private key directly into this field.

        • Enter Private Key Passphrase: Optional. Specify the private key passphrase.

    • Use SSL: Required for HTTPS and HTTP/2, optional for TCP, not available for HTTP. Check to apply SSL to the load balancer listener. If you select this option, complete the following:

      • SSL Certificate: Select one of these options:

        • Choose SSL Certificate File: Drag and drop the certificate file into the SSL Certificate field. Alternatively, click Select Files and navigate your system to where you can select the certificate file for upload. Certificate files must be in PEM format and must have the .pem, .cer, or .crt file extensions.

          Important

          If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.

        • Paste SSL Certificate: Copy and paste a certificate directly into this field.

      • Specify CA Certificate: Optional. (Recommended for backend SSL termination configurations.) Check this box if you want to provide a CA certificate. See SSL Certificate Management for more information.

      • Specify Private Key: Optional. (Required for SSL termination.) Check this box if you want to provide a private key for the certificate.

    • Show Advanced Options: Click this link to access more options. Select the tab for the corresponding functionality:

      • Timeout tab: Specify the maximum idle time in seconds. This setting applies to the time allowed between two successive receive or two successive send network input/output operations during the HTTP request-response phase.

        Note

        The maximum value is 7200 seconds. For more information, see Connection Management.

      • SSL Policy tab: Specify the type of cipher suite to use:

        • TLS Version: Required. Specify the Transport Layer Security (TLS) versions:

          • 1.0

          • 1.1

          • 1.2 (recommended)

            The HTTP/2 protocol only supports TLS 1.2.

          You can select any combination of versions. Choose the ones you want from the list.

          • Specify the Cipher Suite: Required. Choose one of the following options:

            • Select Cipher Suite: Select a predefined set of cipher suites. (default).

              Pick a choice from the Select Cipher Suite list. All cipher suites listed have at least one cipher from each of the TLS versions you selected.

              The HTTP/2 protocol only supports a default cipher. You cannot change it.

            • Create Custom Cipher Suite: Add ciphers to a new suite.

              Perform the following:

              1. Enter the name of the customer cipher suite in the Suite Name field.

              2. Click Choose Ciphers.

                The Select Ciphers page appears.

              3. Check each cipher that you want to include in the suite.

                The TLS versions associated with each cipher are listed in the Version column. Ensure that any cipher you choose is compatible with the TLS versions you previously chose.

              4. Deselect any ciphers you want to exclude.

                Note

                Assign at least one cipher to a cipher suite you create. You cannot create a cipher suite that contains no ciphers.

              5. Click Select. Then select that custom cipher suite (or whatever suite you want to use) from the Select Cipher Suite list.

            • Click Show Cipher Suite Details to display what ciphers the selected cipher suite contains.

        • Server Order Preference: Select Enable to give preference to the server ciphers over the client.

    Step 4 - Manage Logging

    Enabling error and access logs are optional, but recommended. Reviewing these logs can help you with diagnosing and fixing issues with your backend servers. Standard limits, restrictions, and rates apply when enabling the logging feature. See Log Management for general information on how the Load Balancing service uses logging.

    • Error Logs: Optional. Enter the following:

      • Compartment: Select the compartment within which the log file resides from the list.

      • Log Group: Select an existing log group from the list or click Create New Group where you can enter the name and description of a new logging group within which your log resides.

      • Log Name: Enter the name of the log.

      • Log Retention: Select the time period in months each error logging entry is to be retained from the list.

      See Managing Logs and Log Groups for more information on log and log groups, including naming syntax guidelines.

      Note

      By default, error logging is enabled. Disable this feature if you do not want to pay the associated fees.

    • Access Logs: Optional. Slide to enable feature. Enter the following:

      • Compartment: Select the compartment within which the log file resides from the list.

      • Log Group: Select an existing log group from the list or click Create New Group where you can enter the name and description of a new logging group within which your log resides.

      • Log Name: Enter the name of the log.

      • Log Retention: Select the time period in months each access logging entry is to be retained from the list.

      See Managing Logs and Log Groups for more information on log and log groups, including naming syntax guidelines.

  6. Click Submit.

After the system provisions the load balancer, details appear in the load balancer list. To view more details, click the load balancer name.

Note

The following describes the Dynamic Shapes feature, which is only available to certain legacy customer accounts:

Dynamic Shapes: Choose one of the following predefined shape sizes.

  • 10 Mbps

  • 100 Mbps

  • 400 Mbps

  • 8,000 Mbps

If you are creating the load balancer as a paid account user, you can create various shape options based on your limits and later adjust the bandwidth by changing the shape after the load balancer has been created. You can view your service limits and quotas in the Console by navigating to Governance > Limits, Quotas and Usage. Select "LbaaS" from the Service list. Your bandwidth size options are listed. See Service Limits for more information. You can also select the Always Free option if you have not used your one free tier account.

You can adjust the bandwidth shape to a different size after you have completed creating the load balancer. See Changing the Load Balancer Bandwidth Shape for more information.

If you adjust a dynamic size value to a flexible size using the sliders, you cannot revert to a dynamic shape of any size. You can achieve the effect of having a dynamic (fixed) size by setting the minimum and maximum sliders to the same size.

To create a load balancer using the CLI

Use the command line interface (CLI) to create a Load Balancer resource.

Enter the following command:

oci lb load-balancer create --compartment-id compartment_id --display-name display_name --shape-name shape_name --subnet-id subnet_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer create --help

See oci lb load-balancer create for a complete description of the command.

To create a load balancer using the API

Use the API to create a Load Balancer resource.

Run the CreateLoadBalancer method to create a load balancer. See CreateLoadBalancer for a complete description.

Listing Load Balancers

List the Load Balancer resources in your OCI tenancy.

Use one of the following methods to display a list of load balancers in your tenancy.

To list the load balancers using the Console

Use the OCI Console to list the Load Balancer resources in your OCI tenancy.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

To list the load balancers using the CLI

Use the command line interface (CLI) to list the Load Balancer resources in your OCI tenancy.

Enter the following command:

oci lb load-balancer list --compartment-id compartment_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer list --help

See oci lb load-balancer list for a complete description of the command.

To list the load balancers using the API

Use the API to list the Load Balancer resources in your OCI tenancy.

Run the ListLoadBalancers method to create a load balancer. See ListLoadBalancers for a complete description.

Getting Load Balancer Details

Get the details of a Load Balancer resource.

Use one of the following methods to display the details of a selected load balancer.

To get the details of a load balancer using the Console

Use the OCI Console to get the details of a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Select the load balancer whose details you want to get.

    The Load Balancer Details dialog box appears.

    The Details page contains information about the load balancer, both general information and links to its resources. Some items in the page are read-only, while other items allow you to edit and update the load balancer's configuration. See Editing Load Balancers.

To get the details of a load balancer using the CLI

Use the command line interface (CLI) to get the details of a Load Balancer resource.

Enter the following command:

oci lb load-balancer get --load-balancer-id load_balancer_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer get --help

See oci lb load-balancer get for a complete description of the command.

To get the details of a load balancer using the API

Use the API to get the details of a Load Balancer resource.

Run the GetLoadBalancer method to create a load balancer. See GetLoadBalancer for a complete description.

Editing Load Balancers

Update a Load Balancer resource.

Use one of the following methods to edit and update a selected load balancer.

To edit a load balancer using the Console

Use the OCI Console to update a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Click the load balancer that you want to edit.

    The Load Balancer Details dialog box appears.

  6. Click the various links under Resources to edit different aspects of the load balancer as wanted.

    See Creating Load Balancers for details on specific configurations.

To edit a load balancer using the CLI

Use the command line interface (CLI) to update a Load Balancer resource.

Enter the following command:

oci lb load-balancer update --load-balancer-id load_balancer_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer update --help

See oci lb load-balancer update for a complete description of the command.

To edit a load balancer using the API

Use the API to update a Load Balancer resource.

Run the UpdateLoadBalancer method to edit a load balancer. See UpdateLoadBalancer for a complete description.

Terminating Load Balancers

Terminate a Load Balancer resource.

Use one of the following methods to terminate a selected load balancer.

To terminate a load balancer using the Console

Use the OCI Console to terminate a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Click the load balancer you want to terminate.

    The Load Balancer Details page appears.

  6. Click Terminate.

    Alternatively, click the Actions icon (Actions icon) associated with the load balancer you want to delete and then click Terminate.

  7. Confirm the deletion when prompted.

To terminate a load balancer using the CLI

Use the command line interface (CLI) to terminate a Load Balancer resource.

Enter the following command:

oci lb load-balancer delete --load-balancer-id load_balancer_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer delete --help

See oci lb load-balancer delete for a complete description of the command.

To terminate a load balancer using the API

Use the API to terminate a Load Balancer resource.

Run the DeleteLoadBalancer method to terminate a load balancer. See DeleteLoadBalancer for a complete description.

Moving Load Balancers Between Compartments

Change the compartment of a Load Balancer resource.

Use one of the following methods to move a load balancer to a different compartment. See Managing Compartments for information about compartments and access control.

To move a load balancer between compartments using the Console

Use the OCI Console to change the compartment of a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Click the Actions icon (Actions icon) associated with the load balancer you want to move, then click Move Resource.

    The Move Resource dialog box appears.

  6. Choose the destination compartment from the list.

  7. Click Move Resource.

To move a load balancer between compartments using the CLI

Use the command line interface (CLI) to change the compartment of a Load Balancer resource.

Enter the following command:

oci lb load-balancer change-compartment --compartment-id compartment_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer change-compartment --help

See oci lb load-balancer change-compartment for a complete description of the command.

To move a load balancer between compartments using the API

Use the API to change the compartment of a Load Balancer resource.

Run the ChangeLoadBalancerCompartment method to change the compartment of a load balancer. See ChangeLoadBalancerCompartment for a complete description.

Changing the Load Balancer Bandwidth Shape

Change a load balancer's bandwidth shape.

If you are not an Always Free user, you can adjust the size of the bandwidth to one of the other predefined sizes.

Note

Always Free users cannot change the bandwidth of a load balancer. Upgrade to a different account if you want to increase your bandwidth size.

To change a load balancer's bandwidth shape using the Console

Use the OCI Console to change a load balancer's bandwidth shape.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Click the load balancer whose bandwidth you want to change.

    The selected load balancer's Details page appears.

  6. Click Update Shape.

    The Update Shape dialog box appears. The options displayed vary on what type of existing bandwidth size option you are using.

    • Changing a flexible shape: Enter the values for the Minimum Bandwidth and Maximum Bandwidth shape sizes you want changed.

      Note

      Using flexible bandwidth shapes for Government accounts can result in overages if the pre-paid shape sizes are exceeded.

      If you want to specify a dynamic shape size, for example 500 Mbps, set the minimum and maximum sliders to the same value.

    • Changing a dynamic shape: Select the new bandwidth of the load balancer from the Choose Shape Size list. The existing bandwidth size of the load balancer is unavailable to select.

      You can switch from a dynamic shape size to a flexible shape by checking the Use a Flexible Load Balancer option and specifying your shape size using the minimum and maximum sliders (see Changing a flexible shape).

      Note

      After you have switched to a flexible shape, you cannot revert to a dynamic shape.

  7. Click Save Changes.

    Changing the bandwidth size of the load balancer requires resetting all existing sessions of the load balancer.

  8. Click Confirm to continue.

    The Details page reappears.

To change a load balancer's bandwidth shape using the CLI

Use the command line interface (CLI) to change a load balancer's bandwidth shape.

Enter the following command:

oci lb load-balancer update-load-balancer-shape --load-balancer-id load_balancer_id --shape-name shape_name [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer update-load-balancer-shape --help

See oci lb load-balancer update-load-balancer-shape for a complete description of the command.

To change a load balancer's bandwidth shape using the API

Use the API to change a load balancer's bandwidth shape.

Run the UpdateLoadBalancerShape method to change the bandwidth of a load balancer. See UpdateLoadBalancerShape for a complete description.

Listing Load Balancer Health Status Summaries

List the health status summaries for all Load Balancer resources in a specified compartment.

Use one of the following methods to display a list of health status summaries for a load balancers in a specified compartment.

To list the load balancer health status summaries using the Console

Use the OCI Console to list all the heath status summaries of the Load Balancer resources in a specified compartment in your tenancy.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Review the Overall Health column in the list for a summary of each load balancer.

    See Health Status Indicators for descriptions of the load balancer health indicators.

To list the load balancer health status summaries using the CLI

Use the command line interface (CLI) to list the health status summaries for the Load Balancer resources in your tenancy.

Enter the following command:

oci lb load-balancer-health list --compartment-id compartment_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer-health list --help

See oci lb load-balancer-health list for a complete description of the command.

To list the load balancer health status summaries using the API

Use the API to list the health status summaries for the Load Balancer resources in your tenancy.

Run the ListLoadBalancerHealths method to display a list of health status summaries for a network load balancer. See ListLoadBalancerHealths for a complete description.

See Health Status Indicators for descriptions of the load balancer health indicators.

Getting Load Balancer Health Details

Get the health status details of a Load Balancer resource.

The following table lists the health status indicators and their meanings.

Level

Color

Description

Critical

Red

At least one backend set associated with the load balancer returns a status of Critical.

Warning

Yellow

All the following conditions are true:

  • At least one backend set associated with the load balancer returns a status of Warning or Pending.

  • No backend sets return a status of Critical.

  • The load balancer life-cycle state is Active.

Incomplete

Yellow

Any one of the following conditions is true:

  • No backend sets are defined for the load balancer.

  • All the following conditions are true:

    • More than half of the backend sets associated with the load balancer return a status of Incomplete.

    • None of the backend sets return a status of Warning or Critical.

    • The load balancer life-cycle state is Active.

Pending

Yellow

Any one of the following conditions is true:

  • The load balancer life-cycle state is not Active.

  • All the following conditions are true:

    • More than half of the backend sets associated with the load balancer return a status of Pending.

    • None of the backend sets return a status of Warning or Critical.

    • The load balancer life-cycle state is Active.

  • The system could not retrieve metrics for any reason.

OK

Green

All backend sets associated with the load balancer return a status of OK.

Use one of the following methods to display the health details of a selected load balancer.

To get load balancer health details using the Console

Use the OCI Console to get the health details of a Load Balancer resource.

  1. Open the navigation menu, click Networking, and then click Load Balancers.

  2. Select the Compartment from the list.

    All load balancers and network load balancers in that compartment are listed in tabular form.

  3. (optional) Select a State from the list to limit the load balancers displayed to that state.

  4. (optional) Uncheck Network Load Balancer under Type to only display load balancers.

  5. Click the load balancer that you want to edit.

    The Load Balancer Details dialog box appears.

  6. View the Overall Health and Backend Sets Health indicators.

    See Getting Load Balancer Health Details for descriptions of the load balancer health indicators.

To get load balancer health details using the CLI

Use the command line interface (CLI) to get the health status of a Load Balancer resource.

Enter the following command:

oci lb load-balancer-health get --load-balancer-id load_balancer_id [OPTIONS]

See the CLI online help for a list of options:

oci lb load-balancer-health get --help

See oci lb load-balancer-health get for a complete description of the command.

See Getting Load Balancer Health Details for descriptions of the load balancer health indicators.

To get load balancer health details using the API

Use the API to get the health details for a Load Balancer resource.

Run the GetLoadBalancerHealth method to display the health details for a load balancer. See GetLoadBalancerHealth for a complete description.

See Getting Load Balancer Health Details for descriptions of the load balancer health indicators.

Tagging Load Balancers

Learn how to add metadata to Load Balancer resources, which enables you to define keys and values and associate them with resources.

You can apply tags to your Load Balancer resources to help you organize them according to your business needs. Apply tags at the time you create a network load balancer, or update the network load balancer with tags later. For more information about applying tags, see Tagging Overview.

Note

If you are not sure whether to apply tags, ask your administrator for guidance.

To apply tags at create using the Console

Use the OCI Console to add metadata to a Load Balancer resource when you create it.

  1. Begin the steps for creating a load balancer using the OCI Console as described in Creating Load Balancers.

  2. At the end of Step 1 - Add Details, click Show Advanced Options.

    The advanced options appear.

  3. Click the Tagging tab.

  4. Complete the following. See Tagging Overview for descriptions of these fields.

    • Tag Namespace

    • Tag Key

    • Value

  5. Click +Additional Tag to add another tag. Click X to remove the associated tag.

  6. Click Next to continue with the network load balancer creation.

To apply tags at create using the CLI
To apply tags at create using the API

Use the API to add metadata to a Load Balancer resource when you create it.

Run the CreateLoadBalancer method to create a load balancer. Include the definedTags and freeformTags attributes and their values. See CreateLoadBalancer for a complete description of these attributes.

To apply tags at update using the Console

Use the OCI Console to add metadata to a Load Balancer resource when you update it.

  1. Begin the steps for editing a load balancer using the OCI Console as described in Editing Load Balancers.

  2. In the Details page of the selected load balancer, click Add Tags.

    Alternatively, click the Actions icon (Action icon) for the load balancer to which you want to add tags, and then click Add Tags.

    The Add One or More Tags To This Resource dialog box appears.

  3. Complete the following:

    • Tag Namespace

    • Tag Key

    • Value

    See Tagging Overview for descriptions of these fields.

  4. Click +Additional Tag to add another tag. Click X to remove the associated tag.

  5. Click Add Tags.

    The dialog box closes and you are returned to the Details page.

To apply tags at update using the CLI

Use the command line interface (CLI) to add metadata to a Load Balancer resource when you update it.

Use the --defined-tags or --freeform-tags options when running the following command:

oci lb load-balancer update --load-balancer-id load_balancer_id [--defined-tags | --freeform-tags] tags [OPTIONS]

See the CLI online help for more information on these options:

oci lb load-balancer update --help

See oci lb load-balancer update for a complete description of the command, including the tagging options.

To apply tags at update using the API

Use the API to add metadata to a Load Balancer resource when you update it.

Run the UpdateLoadBalancer method to create a network load balancer. Include the definedTags and freeformTags attributes and their values. See UpdateLoadBalancer for a complete description of these attributes.