Creating a Network Load Balancer Backend Set

Create a backend set to create logical entities consisting of a network load balancing policy, health check policy, and a list of backend servers for a network load balancer.

For prerequisite information, see Backend Sets for Network Load Balancers.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Network load balancer. The Network load balancers page appears.
    2. Select the Compartment from the list. All network load balancers in that compartment are listed in tabular form.
    3. Select a State from the list to limit the network load balancers displayed to that state.
    4. Select the network load balancer for which you want to create a backend set. The network load balancer's Details page appears.
    5. Click Backend sets under Resources. The Backend sets list appears. All backend sets are listed in tabular form.
    6. Click Create backend set. The Create backend set dialog box appears.
    7. Enter the following:
      • Name: Specify a friendly name for the backend set. It must be unique within the load balancer, and it cannot be changed. Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.

      • IP protocol version: The load balancer listener and backend set must use the same IP protocol version.
      • Preserve source ID: Check to preserve the original source and destination header (IP addresses and ports) of each incoming packet all the way to the backend server.

      • Health check: Specify the test parameters to confirm the health of backend servers.

          • Protocol: Specify the protocol to use for health check queries:

            • HTTP
            • HTTPS
            • TCP
            • UDP
            • DNS

            Configure the health check protocol to match the application or service. See Health Check Policies.

            For both TCP and UDP, the provided data must be base64 encoded. Use any base64 encoding tool to convert the plain text strings to based64 encoded strings, and use the encoded strings for the health check configuration. For example, the following plain text string:

            this is the request data for my NLB backend health check

            is encoded as:


            The encoded string is what undergoes the health check configuration.

            The supported maximum length of the string before base64 encoding is 1024 bytes. If the string exceeds the limit, the configuration call fails with an HTTP status code 400.

          • Transport protocol: (DNS only) Specify the transport protocol used to send traffic when DNS is selected as the protocol:

            • UDP

            • TCP

          • Port: Specify the backend server port against which to run the health check. You can enter the value '0' to have the health check use the backend server's traffic port.

          • Interval in MS: Specify how often to run the health check, in milliseconds. The default is 10000 (10 seconds).

          • Timeout in MS: Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).

          • Number of retries: Specify the number of retries to try before a backend server is considered "unhealthy." This number also applies when recovering a server to the "healthy"¬†state. The default is 3.

          • Request Data: (Required for UDP, and optional for TCP only) Enter the request message included in the request. This request data is included in the single request to the backend server. The request data is compared against the response data

          • Response Data: (Required for UDP, and optional for TCP only) Enter the response message against which the health check feature sends a single request to the backend server is compared. If a match, the health check passes.

          • Status code: (HTTP and HTTPS only) Specify the status code a healthy backend server must return.

          • URL path (URI): (HTTP and HTTPS only) Specify a URL endpoint against which to run the health check.

          • Response body (regular expression): Provide a regular expression for parsing the response body from the backend server.

          • Query name: (DNS only) Provide a DNS domain name for the query.

          • Query class: (DNS only) Select from the following options:

            • IN: Internet (default)

            • CH: Chaos

          • Query type: (DNS only) Select from the following options:

            • A: Indicates a hostname corresponding IPv4 address. (default)

            • AAAA: Indicates a hostname corresponding IPv6 address.

            • TXT: Indicates a text field.

          • Acceptable response codes: Select one or more from the following options:

            • RCODE:0 NOERROR DNS query completed successfully.

            • RCODE:2 SERVFAIL Server failed to complete the DNS request.

            • RCODE:3 NXDOMAIN Domain name doesn't exist.

            • RCODE:5 REFUSED The server refused to answer for the query.

          • Fail open: (Optional) Select to have the network load balancer continue to move traffic to the backend servers in this backend set using the current configuration, even if all the backend servers' states becomes unhealthy.

          • Enable instant failover: (Required for DNS, optional for all other protocols) Select to redirect existing traffic to a healthy backend server if the current backend server becomes unhealthy. This feature doesn't work if Fail open is enabled and all backend servers become unhealthy.

      • Show advanced options: Click this link to access more options. Select the tab for the corresponding functionality:

        • Load balancing policy: Select one of the following load balancing policies:

          5-Tuple hash: This policy distributes incoming traffic based on 5-Tuple (source IP and port, destination IP and port, protocol) Hash.

          3-Tuple hash This policy ensures that requests from a particular client are always directed to the same backend server based on 3-Tuple (source IP, destination IP, protocol) Hash.

          2-Tuple hash: This policy routes incoming traffic to the same backend server based on 2-Tuple (Source/Destination) Hash.

    8. Click Create backend set.

    The backend set you created appears in the Backend set list.

  • Use the oci nlb backend-set create command and required parameters to create a network load balancer backend set:

    oci nlb backend-set create --name name --network-load-balancer-id network_load_balancer_ocid --health-checker health_checker --policy policy [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateBackendSet operation to create a backend set for a network load balancer.