Oracle Cloud Infrastructure Documentation

NLB Frontend Configuration

On Private Cloud Appliance, in the context of network load balancers (NLB), the term frontend refers to the components that a client can see and send requests to. The entry point of client requests is the outward-facing floating IP address of the NLB.

Three main configuration tasks are needed for the NLB frontend:
  • Type (public or private)
  • Policy (the number of tuples used for the hash value)
  • Listeners (Port number and other parameters that the NLB uses when waiting for traffic)

See Managing Network Load Balancers.

NLB Types

On Private Cloud Appliance, there are two types of network load balancers (NLBs): public and private.

Private NLBs use a private IP address to serve as the entry point for incoming traffic. The load balancing service requires only one subnet to host both the primary and secondary load balancers. However, the NLB is only accessible from within the VCN that contains the host subnet, or as further restricted by security rules.

Public NLBs use a public IP address and accept traffic from a network location outside of Private Cloud Appliance. However, the public NLB must be deployed in a public subnet of a VCN that has an internet gateway (IGW) correctly configured.

NLB Policies

On Private Cloud Appliance, a network load balancer (NLB) policy acts on an n-tuple mapped to an IP hash instead of directly on the packet header. A tuple is an ordered and finite list of elements. For an NLB, these elements to be hashed are drawn from the fields in a packet header. The n indicates how many fields the tuple contains.

Hashing generates a smaller number of bits than used in the concatenated fields before the hashing algorithm is applied. Packets that have the same hash value are treated the same way by the NLB. The more tuples that are used for the load balancing policy, the more processing required for each load balanced packet, but the wider the range of values that can be used by the NLB to distribute traffic.

For compatibility with OCI, these NLB policies can be selected:

  • 5-Tuple Hash: a default policy based on a hash on 5 fields in the TCP/IP header (source IP, source port, destination IP, destination port, protocol)

  • 3-Tuple Hash: a default policy based on a hash on 3 fields in the TCP/IP header (source IP, destination IP, protocol)

  • 2-Tuple Hash: a default policy based on a hash on 2 fields in the TCP/IP header (source IP, destination IP)

However, due to implementation differences, any selected NLB policy in Private Cloud Appliance is always mapped internally to an IP hash based only on the source IP address of an incoming request. The NLB routes requests from the same client to the same backend server as long as that server is available. This policy honors server weight settings when establishing the initial connection.

NLB Listeners

On Private Cloud Appliance, a listener is a logical entity at the ingress side of the network load balancer (NLB) setup. This key component detects incoming traffic on the NLB IP address. It listens for requests from clients using a particular protocol and port. Requests are then routed to the appropriate backend servers based on the rules defined in the NLB configuration. You must configure a listener.

When you create a listener, ensure that the VCN security rules let the listener accept traffic.
Note

To accommodate high-volume traffic, we recommend that you use stateless security rules for NLB subnets. For more information, see Virtual Firewall.

See Managing NLB Listeners.