1. Concepts Guide
  2. Network Load Balancing Overview
  3. Frontend Configuration

Frontend Configuration

In the context of network load balancers, the term frontend refers to the components that a client can see and send requests to. The entry point of client requests is the outward-facing floating IP address of the network load balancer.

Three main configuration tasks are needed for the network load balancer frontend:
  • Type (public or private)
  • Policy (the number of tuples used for the hash value)
  • Listeners (Port number and other parameters that the network load balancer uses when waiting for traffic)

Network Load Balancer Types

There are two types of network load balancers (NLBs): public and private.

Private NLBs use a private IP address to serve as the entry point for incoming traffic. The load balancing service requires only one subnet to host both the primary and secondary load balancers. However, the NLB is only accessible from within the VCN that contains the host subnet, or as further restricted by security rules.

Public NLBs use a public IP address and accept traffic from a network location outside the Oracle Private Cloud Appliance. However, the public NLB must be deployed in a public subnet of a VCN that has an internet gateway (IGW) correctly configured.

Load Balancing Policies

A network load balancer policy acts on an n-tuple mapped to an IP hash instead of directly on the packet header. A tuple is an ordered and finite list of elements. For a network load balancer, these elements to be hashed are drawn from the fields in a packet header. The n indicates how many fields the tuple contains.

Allowed network load balancer policies include:
  • A default policy based on a hash on 5 fields in the TCP/IP header (called "5-Tuple Hash")
    • Source IP address
    • Source port
    • Destination IP address
    • Destination port
    • Protocol
  • A policy based on a hash on 3 fields in the TCP/IP header (called "3-Tuple Hash")
    • Source IP address
    • Destination IP address
    • Protocol
  • A policy based on a hash on 2 fields in the TCP/IP header (called "2-Tuple Hash"
    • Source IP address
    • Destination IP address

Hashing generates a smaller number of bits than used in the concatentated fields before the hashing algorithms isd applied. Packets that have the same hash value are treated the same way by the network load balancer.

The more tuples that are used for the load balancing policy, the more processing required for each load balanced packet, but the wider the range of values that can be used by the NLB to distribute traffic.

The IP hash is the "policy in action." The network load balancer uses an incoming requst's tuple information as a hashing key to consistently route traffic to the same backend server. This ensures that requests froma particualr client are always directed to the same backend server if that backend server remains available.

Listeners

A listener is a logical entity at the ingress side of the network load balancer setup. This key component detects incoming traffic on the network load balancer IP address. It listens for requests from clients using a particular protocol and port. Requests are then routed to the appropriate backend servers based on the rules defined in the network load balancer configuration. You must configure a listener.

When you create a listener, ensure that the VCN security rules let the listener accept traffic.

Note:

To accommodate high-volume traffic, Oracle strongly recommends that you use stateless security rules for network load balancer subnets. For more information, see the section Virtual Firewall in the chapter Virtual Networking Overview.