Creating Policies for a Load Balancer

Oracle Load Balancer Cloud Service provides advanced features that you can configure by attaching specific policies to the load balancer.

After you create a load balancer as described in Creating a Load Balancer, you can add policies to the load balancer.

To complete this task, you must have at least the Oracle Load Balancer Service Read Write Privileges role. See About Oracle Load Balancer Cloud Service Roles. If the required role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Click the Network tab in the Oracle Compute Cloud Service console.
  2. Click the Load Balancers tab in the left pane, and then click Load Balancers.
    The Load Balancers page displays any existing load balancers you have already created.

    If you created a new load balancer recently and it is not appearing on the Load Balancers page, click Refresh icon to refresh the list of load balancers.

  3. Click Update icon available in the dashboard next to the load balancer to which you want you modify. Select the Update option.
    The Overview page of the load balancer is displayed.
  4. Click the Policies tab in the left pane.
    The Policies page with a list of any existing policies is displayed.
  5. Click Create Policy.
    The Create Policy dialog displays.
  6. Enter details for the following fields:
    • Policy Type - Select a policy type from the drop-down list:
      • Application Cookie Stickiness Policy

      • CloudGate Policy

      • Load Balancer Cookie Stickiness Policy

      • Load Balancing Mechanism Policy

      • Rate Limiting Request Policy

      • Redirect Policy

      • Resource Access Control Policy

      • Set Request Header Policy

      • SSL Negotiation Policy

      • Trusted Certificate Policy

      For information about these policies, see About Load Balancer Policies.

    • Name - Unique identifier for the policy.
      You must follow these conventions for the Name field:
      • It can contain only alphanumeric characters, hyphens, and underscores.

      • First and last characters cannot be hyphen or underscore.

      • It must not be more than 30 characters.

      Note that you cannot change the name of a policy after you create it.

    • Depending on the policy type you select, you may need to provide additional information as follows:
      • Application Cookie Stickiness Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • App Cookie Name - Name of the application cookie used to control how long the load balancer will continue to route requests to the same origin server.

      • CloudGate Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Virtual Hostname for Policy Attribution - Host name needed by CloudGate to enforce OAuth policies.

      • Load Balancer Cookie Stickiness Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Cookie Expiration Period - The time period, in seconds, after which the cookie should be considered stale. If the value is zero or negative the stickiness session lasts for the duration of the browser session.

      • Load Balancing Mechanism Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Load Balancing Mechanism - Select the type of load balancing mechanism for distributing client requests across multiple origin servers:
          • Round Robin - In Round Robin mechanism the load balancer forwards requests sequentially to the available origin servers—the first request to the first origin server in the pool, the second request to the next origin server, and so on. After it sends a request to the last origin server in the pool, it starts again with the first origin server.

          • IP Hash - In IP Hash mechanism a hash-function is used to determine which server should be selected for the next request based on the client’s IP address. This can be used to achieve IP based session stickiness.

          • Least Connections - In Least Connections mechanism when a client request is processed, the load balancer assesses the number of connections that are currently active for each origin server, and forwards the request to the origin server with the least number of active connections.

          If no option is specified, the Round Robin mechanism is selected by default.
      • Rate Limiting Request Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Zone Name - Name of the shared memory zone.

        • Requests Per Second - Maximum number of requests per second.

        • Burst Size - The number of requests that can be delayed until it exceeds the maximum number specified as burst size in which case the request is terminated with an error 503 (Service Temporarily Unavailable).

          Note:

          Burst size should be a positive integer value between 1 and 10.
        • Delay Excessive Requests - Select this option if you don't want to delay excessive requests while requests are being limited.

        • Logging Level - Select the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing:

          • Info

          • Notice

          • Warn

          • Error

          If no option is specified, the logging level is set to Warn by default.

        • Rate Limiting Criteria - Select the criteria based on which requests will be throttled:
          • Server - can be used to limit the requests processed by the virtual server.

          • Remote Address - can be used to limit the processing rate of requests coming from a single IP address.

          Note:

          Rate limiting criteria is immutable. It cannot be modified once the policy is created.
        • HTTP Error Code - The status code to return in response to rejected requests. You can specify any status code between 405 to 599. The HTTP error code is set to 503 by default.

        • Zone Memory Size (MB) - Size of the shared memory occupied by the zone. The default value for zone memory size is 10 MB.

      • Redirect Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Redirect URI - When this policy is attached to a listener, all requests served by that listener will be redirected to the specified URI.

        • Response Code - The exact 3xx response code to use when redirecting.

      • Resource Access Control Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Disposition - The fundamental disposition of security rules.

        • Permitted Clients - Set of IP address or CIDR ranges identifying clients from which requests must be accepted by the load balancer.

        • Denied Clients - Set of IP address or CIDR ranges identifying clients from which requests must be denied by the load balance.

      • Set Request Header Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Header Name - The name of the HTTP header to be added to the request before proxying to the origin servers. The header name must conform to relevant HTTP RFC guidelines. You can specify any header including standard headers like HOST. Header names are not case-sensitive.

        • Value - The header value to be added to the request. If multi-valued, multi-line, or special formatting values are used, then appropriate custom transport encoding should also be used. The value is set as-is in the header. The header value must conform to the length restrictions as per HTTP RFC guidelines.

        • Action When Header Exists - Select an action to be taken when a header exists in the request:
          • NOOP - Take no action if the header exists already.

          • Prepend - Add the provided header value to the existing header, but insert it before the existing header content.

          • Append - Add the provided header value to the existing header, but insert it after the existing header content.

          • Overwrite - Remove any existing value in the header and replace it with the provided header information.

          • Clear - Clear any existing header information from the request.

          If no action is specified, the Overwrite action is performed.
        • Action When Header Value Is - The specified action is taken only when the header exists in the request and the value of the header matches the value in this field.

        • Action When Header Value Is Not - The specified action is taken only when the header exists in the request and the value of the header does not match the value in this field.

      • SSL Negotiation Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • SSL Protocol - Click this field and select the specific security protocols supported for incoming secure client connections to the selected listener.

        • SSL Cipher - Click this field and select the SSL ciphers supported for incoming secure client connections to the selected listener. The server certificate you are using for this listener should have been created using a signing algorithm based on the ciphers selected in this field. See About Load Balancer Digital Certificates.

        • Port - The load balancer port for the the SSL protocols and the SSL ciphers. Supported port numbers are 1 to 65535, excluding port number 22.

        • Server Order Preference - Use this option to enable or disable the server order preference for secure connections to this listener.

          During the SSL connection negotiation process, the client and the load balancer present a list of ciphers and protocols that they each support, in order of preference. By default, the first cipher on the client's list that matches any one of the load balancer's ciphers is selected for the SSL connection.

          If Server Order Preference is not enabled, the order of ciphers presented by the client is used to negotiate connections between the client and the load balancer. If the Server Order Preference is enabled, then the load balancer selects the first cipher in its list that is in the client's list of ciphers. This ensures that the load balancer determines which cipher is used for SSL connection. The default policy has Server Order Preference enabled.

      • Trusted Certificate Policy

        • Name - Enter a unique name for this policy, so you can easily identify it in the list of load balancer policies or reference it in a REST API call.

        • Trusted Certificate URI - Select a trusted certificate from the drop-down menu.

          The list in the drop-down menu contains the trusted certificates you have obtained or created and imported so they are available to the load balancer.

          This policy is required when you are configuring a secure connection between the load balancer and the origin servers in the server pool. In this scenario, you have configured the application server or Web server software on the origin servers to accept only secure HTTPS or SSL connections.

          See About Load Balancer Digital Certificates.

  7. Click Create.

    A new policy is created. If the newly created policy is not appearing in the Policies tab, click Refresh icon available in the dashboard to refresh the list of policies.