2 Creating Load Balancers
You can create and manage one or more load balancers for your Oracle Public Cloud Infrastructure as a Service (IaaS) environment. The load balancer creation process ensures you have a secure, reliable, and efficient system for routing requests to your applications and services.
Topics
Typical Workflow for Creating a Load Balancer
Each time you create a new load balancer, you perform a set of steps to define the characteristics and behavior of the load balancer.
Step | Description | More Information |
---|---|---|
Create an IP network |
Create an IP network by providing a name, IP address prefix, IP network exchange, and description. The address range of the IP network is determined by the IP address prefix that you specify while creating the IP network. |
Creating an IP Network |
Identify the servers and applications that you want to load balance. |
This workflow assumes you have already created Oracle Cloud Infrastructure Compute Classic instances and have a set of servers and applications that you can assign to a load balancer. |
|
Create a vNICset |
A vNICset is a collection of one or more vNICs. |
Creating Virtual NIC Sets |
Create the load balancer and define basic properties |
Provide a name and basic properties for the load balancer. When you complete this step, the new load balancer appears on the Balancers page in the Compute console. |
|
Obtain and import a digital certificate |
If you plan to use a secure, Secure Socket Layer (SSL) connection between the load balancer and the host computers that connect to the load balancer, or between the load balancer and the origin servers, then you must obtain and import a valid digital certificate. |
|
Add any specific policies to the load balancer |
Optionally, you can assign policies to the new load balancer. Each policy defines a specific behavior or policy for specific types of requests that the load balancer receives. |
|
Create the server pools for the load balancer |
Each server pool identifies a set of servers (or Compute instances). When a load balancer listener receives a request, the load balancer routes the request to the server pool. |
|
Create the listeners for the load balancer |
The listeners define the virtual host, port, and protocol that the load balancer will use to listen for new requests. |
|
Add the IP addresses of the load balancer to the Security IP list you created for the Compute instances in the server pool. |
The security IP list identifies the IP addresses that can access the Compute instances. You should have already configured your IP network so HTTP requests can be received by the Compute instances, but this step ensures the load balancer IP is recognized by the Compute instances. |
Adding the Load Balancer IP Addresses to the IP Security List |
Verify the load balancer |
After you complete these steps, it’s important to verify that the load balancer has been configured correctly before you put into production service. |
Creating an IP Network
An IP network allows you to define an IP subnet in your account. The address range of the IP network is determined by the IP address prefix that you specify while creating the IP network.
Creating Virtual NIC Sets
A vNIC is a virtualized Network Interface Card. A Virtual NIC Set, or vNICset, is a collection of one or more vNICs. vNICsets are useful when you want to use multiple vNICs for the same action. For example, you use vNICsets to specify multiple vNICs as a source or a destination in a security rule. You can also use vNICsets in routes to specify multiple vNICs as the next hop destination for that route.
Creating a Load Balancer Using QuickStarts
QuickStarts gives you the fastest, easiest way to create a load balancer.
To complete this task, you must have the Oracle Load Balancer Service Administrator role. See About Oracle Load Balancer Cloud Service Roles. If the required role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
-
Click the Network tab in the Oracle Compute Cloud Service console.
-
Click the Load Balancers tab in the left pane, and then click Load Balancers.
The Load Balancers page displays any existing load balancers you have already created.
If you created a new load balancer recently and it is not appearing on the Load Balancers page, click to refresh the list of load balancers.
-
To create a new load balancer using QuickStarts, click the QuickStarts button.
The Create Load Balancer page is displayed.
-
Enter details for the following fields:
Load Balancer
-
Name - Unique identifier for the load balancer. You must follow these conventions for the Name field:
-
It can contain only alphanumeric characters, hyphens, and underscores.
-
First and last characters cannot be hyphen or underscore.
-
It must not be more than 30 characters.
-
Period is not supported.
-
-
IP Networks - Select the IP network to be associated with the load balancer. The IP network should be pre-created as described in Creating an IP Network in Using Oracle Cloud Infrastructure Compute Classic.
Note:
You can configure your PaaS service instance and load balancer associated with it in same IP network or in the IP networks connected through an IP network exchange. You must create an IP network, create a load balancer in that IP network, and while creating the PaaS service instance choose the same IP network (or some other IP network that's connected through an IP network exchange to the IP network intended to be used for the PaaS instance).
See Managing IP Network Exchanges in Using Oracle Cloud Infrastructure Compute Classic.
-
Scheme - Select a scheme for the load balancer:
-
Internet-facing - This scheme allows you to create an internet-facing load balancer in a given IP network using Oracle Cloud Infrastructure Load Balancing Classic. This option enables you to add a load balancer to your own IP network, while assigning a internet addressable IP address to the load balancer. This allows your application to be accessible over the internet but at the same time protects the communication between the load balancer and the applications by putting both in the same IP network. In this scheme, the load balancer is typically terminating SSL as well, since the backend traffic is protected inside an IP network, no further encryption is necessary.
-
Internal - This scheme allows you to create an internal load balancer in a given IP network using Oracle Cloud Infrastructure Load Balancing Classic. This option enables you to add a load balancer to your own IP network for the sole consumption of other clients inside the same network. Since in this scheme, end to end communications from the client to the balancer and subsequently to the applications are all inside the same IP network, the traffic is entirely protected from the internet. In this scheme, encryption and SSL termination is no longer necessary.
-
Listener
-
Port - The port on which the load balancer is listening.
Supported port numbers are
1
to65535
, excluding port number22
. The port number cannot be modified after the listener is created. -
Balancer Protocol - The transport protocol that will be accepted for all incoming requests to the selected load balancer listener.
-
Select HTTP to listen for non-secure HTTP requests.
-
Select HTTPS to listen only for secure HTTP requests sent over SSL or TLS.
-
-
Security Certificates - The server security certificate. If the balancer protocol is set to HTTPS then at least one security certificate must be specified. If you want to secure the client connections to the load balancer, then import a server security certificate. Click Import Security Certificate and enter details for the fields as described in Importing a Load Balancer Digital Certificate.
-
Server Protocol - The protocol to be used for routing traffic to the origin servers in the server pool. Select an option from the drop-down list.
Server Protocol Use this protocol to... HTTP
Route HTTP or HTTPS requests to the origin servers using the non-secure HTTP protocol.
HTTPS
Route HTTP or HTTPS requests to the origin servers using the secure HTTPS protocol.
If you select this option, you must also configure a Trusted Certificate Policy. For more information, see About Load Balancer Policies
-
Trusted Certificate - If you want to secure the connections between the load balancer and the origin servers in the server pool, then import a trusted certificate. Click Import Security Certificate and enter details for the fields as described in Importing a Load Balancer Digital Certificate.
-
Virtual Hosts - The listener accepts only URI requests that include the host names listed in this field. These host names must exist in the DNS used to reach the load balancer.
To initially test your load balancer, enter the value of the Canonical Host Name load balancer property.
Later, if you map the load balancer canonical host name to a custom domain name, you can update this property with the actual virtual host names to accept on this listener.
Server Pool
-
Servers - You must add at least one server to the server pool. You can select a server from the list of instances provided in the drop-down list, or you can add the server details manually.
If you are selecting a server from the drop-down list, you must first select the server instance and then enter the Port the server is listening on.
If you are adding the server details manually, you must add it in the following format:
<Host DNS Name>:Port
or
<Host IP Address>:Port
Note:
After you add servers to the Servers field, you can double-click a server to enable or disable it, or you can right click to display a context menu of operations to perform on the servers in the field.
Servers can be added to a server pool at any point of time. However, a server pool cannot have more than 20 servers. Servers can be removed from a server pool and can be re-assigned later to another server pool or the same server pool.
-
-
Click Create.
A new load balancer is created. If the newly created load balancer does not appear in the Load Balancers tab, click to refresh the list of load balancers.
If you selected the internal scheme for the load balancer then the newly created load balancer is enabled by default. If you selected the internet-facing scheme for the load balancer then the newly created load balancer is disabled by default. To enable the load balancer, go to the Load Balancers tab and click next to the load balancer that you want to enable. Select the Enable option.
Note:
-
If you selected the IP networks option when creating the load balancer then two listeners (one HTTP and the other HTTPS on ports 80 and 443 respectively) are created by default.
-
If your load balancer was created by Oracle PaaS Service Manager (PSM) then certain parameters of the resources (load balancer, listener, server pool, etc) cannot be modified after the resource creation.
Creating a Load Balancer
When you create a load balancer, you provide a name and the basic properties of the load balancer. Later, you must define server pools, create at least one listener, and optionally define the policies for the load balancer.
To complete this task, you must have the Oracle Load Balancer Service Administrator role. See About Oracle Load Balancer Cloud Service Roles. If the required role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Importing a Load Balancer Digital Certificate
After you obtain a digital certificate, you must import it, so the load balancers you create can access the certificates. This operation uploads the certificate to the server, so it can be listed in the Oracle Compute Cloud Service console.
Creating Server Pools for a Load Balancer
Before you can use a load balancer, you must define one or more servers (also known as origin servers) to which the load balancer routes its requests. This set of origin servers is called a server pool. When a request is received on one of the load balancer listeners, the load balancer routes that request to an origin server in the pool.
Before you can add a server pool, you must create a load balancer, as described in Creating a Load Balancer.
To complete this task, you must have at least the Oracle Load Balancer Service Read Write Privileges role. See About Oracle Load Balancer Cloud Service Roles. If the required role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Creating Listeners for a Load Balancer
A listener defines a virtual host, port that the load balancer is listening on. It also defines the protocol accepted on the listening port. At least one enabled listener is required for a load balancer. You can configure multiple listeners on a single load balancer.
Before you can add a listener, you must create a load balancer, as described in Creating a Load Balancer.
To complete this task, you must have at least the Oracle Load Balancer Service Operations role. See About Oracle Load Balancer Cloud Service Roles. If the required role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Creating Policies for a Load Balancer
Oracle Load Balancer Cloud Service provides advanced features that you can configure by attaching specific policies to the load balancer.
After you create a load balancer as described in Creating a Load Balancer, you can add policies to the load balancer.
To complete this task, you must have at least the Oracle Load Balancer Service Read Write Privileges role. See About Oracle Load Balancer Cloud Service Roles. If the required role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Configuring Load Balancer General Properties
When you create a load balancer, you change the name of the load balancer and set some general properties of the load balancer.
Adding the Load Balancer IP Addresses to the IP Security List
The security IP list identifies the IP addresses that can access the Compute instances in your server pool. Before a load balancer can route requests to the Compute instances, you must modify the security IP list for the compute instances so it includes the IP addresses of the load balancer.
You should have already configured your IP network so HTTP requests can be received by the Compute instances, but this step ensures the load balancer IP addresses are recognized by the Compute instances. See Managing Security IP Lists in Using Oracle Compute Cloud Service (IaaS).
For more information about the load balancer IP addresses, see About the Load Balancer IP Addresses and Canonical Host Name.
Verifying a Load Balancer Configuration
When you finish initially configuring a new load balancer, it is important to verify that the load balancer is working properly and routing requests to the origin servers, based on your configuration settings.
To verify a load balancer you just configured, open your browser and enter one of the virtual host URLs that you created the load balancer listeners. Verify that the URL returns the files or applications it should. If you receive an error, review the log files for specific errors.