Oracle Cloud Infrastructure Documentation

Creating a Network Load Balancer

Create a network load balancer to provide automated traffic distribution from one entry point to multiple servers in a backend set.

For prerequisite information, see Network Load Balancer Management.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Network load balancer. The Network load balancers page appears.
    2. Choose a Compartment you have permission to work in under List scope.
    3. Click Create network load balancer. The Create network load balancer dialog box appears. Creating a network load balancer leads you through the following sections:

      • Add details

      • Configure listener

      • Choose backends

      • Review and create

      By default, the Add details page appears first. Run each of the following workflows in order. You can return to a previous page by clicking Previous.

    4. Specify the Load balancer name. Enter a name for the network load balancer or accept the default name.Avoid entering confidential information.
    5. Select the Choose visibility type. Specify whether your network load balancer is public or private:

      • Public: Choose this option to create a public network load balancer. You can use the assigned public IP address as a front end for incoming traffic and to balance that traffic across all backend servers. The Public IP address can be either an ephemeral address assigned by Oracle or a reserved IP address you defined earlier.

      • Private: Choose this option to create a private network load balancer. You can use the assigned private IP address as a front end for incoming internal VCN traffic and to balance that traffic across all backend servers.

    6. Select Allow IPv6 address assignment to enable a dual-stack IPv4/IPv6 implementation for your network load balancer.
    7. Assign a public IP address. This is required if you selected the Public option for the network load balancer's visibility type. Select one of the following options:

      • Ephemeral IPv4 address: Automatically assigns an IPv4 address from the Oracle pool. These IP addresses are temporary and only exist for the lifetime of the instance.

      • Reserved IPv4 address: Select an existing reserved IP address or create a new one from one of your IP pools. These IP addresses persistent and exist beyond the lifetime of the instance to which it is assigned. You can unassign the IP address and subsequently reassign it to another instance at any point.

    8. Continue to the Choose networking section. If your current compartment contains one or more virtual cloud networks (VCNs) that you want to use with your network load balancer, skip to the next step. All available VCNs in your current compartment are displayed in the Virtual cloud network in <compartment> list.

      When the current compartment contains no virtual cloud networks, the list is disabled. The system offers to create a VCN for you. Enter a name for the new VCN in the Virtual cloud network name box. Avoid entering confidential information. If you do not specify a name for the new VCN, the system generates a name for you.

      If you want to use an existing VCN in another compartment, click the Change Compartment link and choose that compartment from the list.

    9. Select a virtual cloud network (VCN) from the Virtual cloud network in <compartment> list. By default, the Console shows a list of VCNs in the compartment you’re currently working in. Click the Change compartment link to select a VCN from a different compartment.
    10. Select a subnet from the Subnet in <compartment> list. Select an available subnet. For a public load balancer, you must select a public subnet.

      By default, the Console shows a list of subnets in the compartment you’re currently working in. Click Change compartment to select a subnet from a different compartment.

    11. Select Use network security groups to control traffic if you want to add your load balancer to a network security group (NSG). Complete the following steps. For more information about NSGs, see Network Security Groups.

      • Select an NSG from the Network security groups in <compartment> list.

        By default, the Console shows a list of NSGs in the compartment you’re currently working in. Click the Change compartment link to select an NSG from a different compartment.

      • Click + Another network security group to add your load balancer to another NSG.

      Tip

      You can change the NSGs that your load balancer belongs to after you create it. On the Network load balancer details page, click the Edit link that appears beside the list of associated network security groups.
    12. Click Show advanced options to access more options.
    13. Click the Management tab to create your network load balancer in the compartment you select from the Create in compartment list. The compartment you select here overrides the compartment listed under Scope selected when first creating the network load balancer.
    14. Click Tagging to apply metadata tags to your network load balancer. See Overview of Tagging for descriptions of this feature and its associated fields. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace.
      Note

      If you are not sure about whether to apply tags, then skip this option (you can apply tags later) or ask your administrator.

      Complete the following:

      • Tag namespace

      • Tag key

      • Value

      Click +Additional tag to add another tag. Click X to remove the associated tag.

    15. Click Next. The Configure Listener page appears.
    16. Enter a unique name for the listener in the Listener Name box. If you do not specify a name, the Network Load Balancer service creates one for you. Once created, the listener name cannot be changed.
    17. Specify the type of traffic your listener handles: Specify the protocol to use from the following protocols:

      • Public network load balancers:

        • UDP

        • TCP

        • UDP/TCP

      • Private network load balancers

        • UDP

        • TCP

        • TCP/UDP/ICMP

        • UDP/TCP

    18. Select the IP protocol version from the following options:

      • IPv4

      • IPv6

      This step is required if you previously enabled the IPv6 Address Assignment option. The load balancer listener and backend set must use the same IP protocol version.
    19. Select the Ingress traffic port to specify the port your listener monitors for ingress traffic depending on the traffic type. Select one of the following options:

      • Public network load balancers:

        • Use any port: This option uses a 0 or wildcard as the port.

        • Select the Port: Enter the port you want to use.

      • Private network load balancers:

        • Use any port: This option uses a 0 or wildcard as the port.

        • Select the Port: (UDP, TCP, and UDP/TCP only) Enter the port you want to use.

    20. Click Next. The Choose Backends page appears.

      A load balancer distributes traffic to backend servers within a backend set. A backend set is a logical entity defined by a load balancing policy, a list of backend servers (compute instances), and a health check policy.

      The load balancer creation workflow creates one backend set for your load balancer. Optionally, you can add backend sets and backend servers after you create the load balancer.

    21. Select the IP protocol version from the following options:

      • IPv4

      • IPv6

      This step is required if you previously enabled the IPv6 Address Assignment option. The load balancer listener and backend set must use the same IP protocol version. You must select the option previously chosen for the listener.
    22. Specify the Backend Set Name. Enter a name for the backend set or accept the default name.Avoid entering confidential information.
    23. Click Add Backends under Select Backends. The Add compute instance backends dialog box appears. Complete the following:

      • Instance in <compartment>: Select the instance you want to include in the load balancer's backend set contained in the selected compartment. To select instances from a different compartment, use the Change Compartment link and choose a compartment from the list.

      • IP address: Select one of the available IP addresses for the instance you selected from the list.

      • Availability domain: Displays the availability domain for the instance you selected.

      • Port: Enter the communication port for the backend server.

      • Weight: Enter the load balancing policy weight number assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic.

      • Click +Another backend to add another backend. Click X to remove a backend entry.

      Click Add backends when have set up all the backends you want to add. The Add compute instance backends dialog box closes.

      After you add instances to the backend set, they appear in the Select backend servers table. You can perform the following tasks:

      • Update the server Port to which the load balancer must direct traffic. The default is port 80.

      • Update the server Weight that specifies the proportion of incoming traffic the backend handles. The higher the number, the more traffic is received.

      • Remove any instance by checking it and clicking Remove. You can also select Remove from the Action menu at the end of an instance entry.

    24. Select Preserve Source IP to preserve the original source and destination header (IP addresses and ports) of each incoming packet all the way to the backend server. See Enabling Network Load Balancer Source/Destination Preservation for more information on this feature.
    25. Specify the test parameters that confirm the health of your backend servers under Specify Health Check Policy. See Health Check Policies for Network Load Balancers for more information on this feature. Complete the following settings:

      • Protocol: Specify the protocol to use for health check queries, either HTTP or TCP.

        Important

        Configure your health check protocol to match your application or service. See Health Check Policies for Network Load Balancers.

      • Port: Specify the backend server port against which to run the health check.

        Tip

        You can enter the value '0' to have the health check use the backend server's traffic port.

      • Interval in MS: Specify how frequently to run the health check, in milliseconds. The default is 10000 (10 seconds).

      • Timeout in MS: Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).

      • Number of retries: Specify the number of retries to attempt before a backend server is considered "unhealthy." This number also applies when recovering a server to the "healthy" state. The default is 3.

      • Status code: Specify the status code a healthy backend server must return.

      • URL path (URI): Specify a URL endpoint against which to run the health check.

      • Response body regex: Provide a regular expression for parsing the response body from the backend server.

    26. Click Show advanced options to access more options.
    27. Click the Security list tab to choose to manually configure subnet security list rules to allow the intended traffic or allow the system to create security list rules for you. To learn more about these rules, see Parts of a Security Rule.

      Choose one of the following options:

      • Manually configure security list rules after the load balancer is created: When you choose this option, you must configure security list rules after load balancer creation.

      • Automatically add security list rules: Default. When you choose this option, the Load Balancer service creates security list rules for you.

        The system displays a table for egress rules and a table for ingress rules. Each table lets you choose the security list that applies to the relevant subnet.

        You can choose whether to apply the proposed rules for each affected subnet.

    28. Click the Load balancing policy tab. Select one of the following load balancing policies:

      • 5-Tuple hash: Routs incoming traffic based on 5-Tuple (source IP and port, destination IP and port, protocol) hash.

      • 3-Tuple hash: Routs incoming traffic based on 3-Tuple (source IP, destination IP, protocol) hash.

      • 2-Tuple hash: Routs incoming trafficr based on 2-Tuple (source IP Destination, destination IP) hash.

    29. Click Next. The Review and create page appears.
    30. Review the contents of the Review and create page. If necessary, edit settings or return to previous screens to add information.

      When the settings are fully verified, click Create network load balancer.

    The network load balancer you created appears in the Network load balancer page.

  • Use the oci nlb network-load-balancer create command and required parameters to create a network load balancer:

    oci nlb network-load-balancer create --compartment-id compartment_ocid --display-name display_name --subnet-id subnet_ocid [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateNetworkLoadBalancer operation to create a network load balancer.