Oracle Cloud Infrastructure Documentation

Upgrade might impact Load Balancer as a Service functionality

The first upgrade after May 2025, changes the Load Balancer as a Service (LBaaS) to a new background implementation. As a result, a few features are either different or no longer available. An existing configuration that's no longer supported in the new implementation, can have a negative impact on the software upgrade.

Details

Before the first upgrade after May 2025, if you use the Load Balancer service, review the following issues, and act if needed:

  • Response body regex parsing (Bug: 37629014 )

    If you have a Load Balancer configured with regular expression (regex) parsing of backend responses for health status information, that won't work after the upgrade. Health status reporting is limited to response codes.

    Workaround: Unconfigure the optional regex setting (--response-body-regex) for the response from the backend servers.

  • Cipher suites (Bug: 37461876)

    In the new Load Balancer implementation, weaker cipher suites have been removed. Going forward, SSL/TLS connections can be secured with these cipher suites:

    AES128-GCM-SHA256, AES256-GCM-SHA384, 
ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, 
ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, 
AES128-SHA, AES256-SHA, DES-CBC3-SHA, 
ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES256-SHA, 
ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, 
PSK-AES128-CBC-SHA, PSK-AES256-CBC-SHA

    Workaround: Ensure that your Load Balancer configuration is using the latest cipher suites. If necessary, change the existing Load Balancer configurations.

  • Cookie-based session persistence (Bug: 37473362)

    For existing load balancers, session persistence between clients and backend servers can be enabled using either application cookies or load balancer cookies. These are no longer supported after upgrade.

    Workaround: Unconfigure cookie-based session persistence. Or, load balancer cookies can be preserved on the condition that the load balancing policy is set to IP hash before the upgrade.

  • Server order preference

    The SSL parameter to prioritize server ciphers over client ciphers isn't supported.

For more information, see Load Balancer as a Service.