Oracle Cloud Infrastructure Documentation

Network Load Balancer

A network load balancer, which is present on a public subnet, enables you to connect to MySQL Studio running on the same instance as a DB system over the internet. However, it is a security risk to make the DB system accessible over the internet. You must restrict the authorized public IP addresses to a single IP address or a small range of IP addresses, and use in-transit encryption. It is recommended to use a VPN connection.

Connecting to MySQL Studio

Use the network load balancer, which is present on a public subnet, to connect to the MySQL Studio application running on the same instance as your DB system over the internet.

Using the Console

Do the following to connect to MySQL Studio running on the same instance as your DB system over the internet, that is, using a public IP address:

  1. Create a network security group in the VCN to allow traffic from your local machine to the network load balancer. See Creating a Network Security Group.
  2. Create a network load balancer to redirect traffic to the DB system. See Creating a Network Load Balancer.
  3. Configure the backend of the load balancer to route traffic to the DB system. See Configuring the Backend of the Network Load Balancer.

    Do not add more than one DB system in the backend of the load balancer. Writing data to multiple backends results in having inconsistent data across DB systems. If you need public access to more DB systems, create one load balancer for each DB system.

  4. Add ingress rules to the public security list of the VCN to allow traffic to the MySQL Studio port. See Adding Ingress Rules for a Network Load Balancer.

    If the DB system is in a different subnet, add ingress rules to that subnet. You can view the subnet of your DB system in the DB system details page. Also, ensure you configure Source CIDR to include the load balancer IP address and specify the correct port in Destination port range.

  5. Connect to MySQL Studio using the public IP address of the network load balancer from the browser: 
    https://<NLBPublicIPAddress>

Creating a Network Security Group

Create a network security group (NSG) to allow traffic from your local machine to the network load balancer.

Using the Console

Use the Console to create a network security group.

  1. Open the navigation menu, select Networking, and then select Virtual cloud networks.
  2. Select the compartment from the Compartment list.
  3. From the list of VCNs, click the name of the VCN to open the Virtual cloud network details page.
  4. In the Virtual cloud network details page, open the Security tab.
  5. In the Network security groups section, click Create network security group.
  6. In the Create network security group panel, under Basic info, provide the following information:
    • Name: Specify a name of the network security group. For example, MySQLNSG
    • Create in compartment: Select the compartment where you want to create the network security group.
  7. Under Add security rules, provide the following information:
    • Stateless: Do not select.
    • Direction: Select Ingress.
    • Source type: Select CIDR.
    • Source CIDR: Specify the IP address of the machine from where you want to connect to MySQL Studio. You should narrow down the range to more specific IP addresses. For example:
      • 120.0.0.0/24: Allows traffic from 120.0.0.0 to 120.0.0.255 IP addresses, that is, a total of 256 IP addresses.
      • 120.0.2.24/32: Allows traffic from 120.0.2.24 IP address only.
    • IP protocol: Select TCP.
    • Source port range: Enter All.
    • Destination port range: Enter443. This is to allow HTTPS connection from the Source CIDR.
    • Description: (Optional) Specify a description of the network security group.
  8. Click Create.
A network security group, MySQLNSG is created.

Creating a Network Load Balancer

Create a network load balancer on the public subnet to redirect traffic to the DB system.

Using the Console

Use the Console to create a network load balancer.

  1. Open the navigation menu, select Networking, and then select Network load balancer.
  2. Choose your compartment from the Compartment list.
  3. Click Create network load balancer.
  4. In the Create network load balancer panel, on the Add details section, provide the following details:
    • Load balancer name: Specify a name for the network load balancer.
    • Choose visibility type: Select Public.
    • Assign a public IP address: Select Reserved IPv4 address, and select one of the following:
      • Select existing reserved IP address: Select an existing reserved IP address.
      • Create new reserved IP address: Create a new reserved IP address from one of your IP pools.
        • Public IP name: Specify the IP address from your IP pools.
        • Create in compartment: Select the compartment where you want to create the network load balancer.
        • Create in IP Pool in <Compartment>: Select the IP pool.
    • Choose Networking:
      • Virtual cloud network in <Compartment>: Select the same VCN as the DB system. You can view the VCN details in the DB system details page.
      • Subnet in <Compartment>: Select the public subnet of the VCN. The subnet need not be same as the DB system.
      • Use network security groups to control traffic: Switch on the toggle, and select the network security group you had created earlier, MySQLNSG.
  5. Click Next.
  6. Configure listener:
    • Listener name: Specify a listener name.
    • Specify the type of traffic your listener handles: Select TCP.
    • Ingress traffic port: Select Specify the port.
    • Specify the maximum timeout for TCP in seconds: Enter 120.
    • Enter the port: Enter 443.
  7. Click Next.
  8. Choose backends:
    • Backend set name: Specify a backend set name.
    • Select backends:
      • Add backends: Do not add backend servers.
      • Preserve source IP: Switch off the toggle.
    • Specify health check policy:
      • Protocol: Select TCP.
      • Port: Enter the port number assigned to the MySQL Studio endpoint. By default, port number 8443 is assigned to the MySQL Studio endpoint.
      • You do not need to change the default value of other fields.
  9. Click Next.
  10. Review your settings, and click Create network load balancer.
Once the network load balancer is created, ensure that the Overall health and Backend sets health is OK (green).

Related Topics

Configuring the Backend of the Network Load Balancer

Configure the backend of the network load balancer to route traffic to the DB system. Do not add more than one DB system in the backend of the load balancer. Writing data to multiple backends results in having inconsistent data across DB systems. If you need public access to more DB systems, create one load balancer for each DB system.

Using the Console

Use the Console to configure the backend of the load balancer.

  1. Open the navigation menu, select Networking, and then select Network load balancer.
  2. Choose your compartment from the Compartment list.
  3. From the list of load balancers, click the name of your load balancer to open the Network load balancer details page.
  4. In the Network load balancer details page, open the Backend sets tab.
  5. Click the name of the backend set, which you had created earlier, to open the Backend sets page.
  6. Open the Backends tab.
  7. Click Add backends.
  8. In the Add backends panel, provide the following information:
    • Backend type: Select IP addresses.
    • IP address: Specify the private IP address of the DB system on which MySQL Studio is enabled. You can find the private IP address of the DB system and the port details under Endpoint section of the DB system details page.
      Note

      Do not add a read replica load balancer endpoint as a backend server.
    • Port: Specify the port number assigned to the MySQL Sudio endpoint. The default port assigned to MySQL endpoint is 8443.
    • Weight: Specify a weight for the backend server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted 3 receives 3 times the number of new connections as a server weighted 1.
  9. Click Add backends.