Load Balancers

Load balancing is the method of sharing a workload equally among servers. It prevents clients from overwhelming certain servers and helps the service to scale.

There are two types of load balancers:

• Load Balancer as a Service (LBaaS): This type of load balancer operates at all protocol layers, including the application. When the term "load balancer" (LB) appears without qualification, the statement refers to LBaaS.
• Network Load Balancer (NLB): This type of load balancer operates on protocol layers, below the application itself, at the Network Layer. The term "network load balancer" (NLB) is always used to refer to a network load balancer, not LBaaS.
• The verb "load balancing" is used to refer to the actions of both LBs and NLBs. More information is provided to distinguish the statement's applicability.
• LBaaS and NLBs are covered in different chapters in this guide. Make sure you refer to the correct chapter when seeking LB or NLB information.

LBaaS on the Oracle Private Cloud Appliance provides automated traffic distribution from one entry point to multiple servers reachable from the virtual cloud network (VCN). The service offers a load balancer with a choice of using a public or private IP address, and various load balancing policies.

When you create an LB using the OCI CLI, you can either configure all the resources at the same time or create a minimal LB and supply other configuration details later. In other words, more than the basic LB is needed to assemble the complete LB after creation. These other components are added by editing the LB resources.

The two type of load balancers are:

• Private: A private load balancer is isolated from the network outside the Oracle Private Cloud Appliance and security is therefore easier. A private load balancer gets a private IP address assigned from the address block that serves as the entry point for incoming traffic.
• Public: A public load balancer accepts traffic from a network location outside of the appliance. Because of this outside traffic, a public load balancer is deployed in a public subnet of a VCN that has an internet gateway (IGW) configured. The service assigns the load balancer a public IP address that serves as the entry point for incoming traffic. You can associate the public IP address with a friendly DNS name through any DNS provider, but a public IP address must be available in order for public load balancer provisioning to succeed.

This chapter creates load balancers with minimal information, using the Compute Web UI or OCI CLI, and then supplies the details for the other resources. An implied order can be used in the way things are configured in the Compute Web UI (which differs from the LB resource listing) because some items must be configured before use in other places (for example, virtual hostnames are needed to complete listener configuration). After initial load balancer configuration, the order used in this chapter is:

• Cipher Suites and SSL Certificates
• Backend Sets and Backend Servers
• Virtual Hostnames
• Path Route Sets
• Listeners

This chapter also includes other parameters and commands that relate to these major configuration steps that aren't LB resources. They include:

• Backend-set health check
• Backend (server) health check
• LB health policy

This isn't an exhaustive list.

In addition, many configuration steps are processed as work requests. Work requests are tasks that can take some time to complete and therefore are tracked as they are processed and displayed as separate line items or OCI CLI output. For example, the act of creating an LB or cipher suite is a work request that records and displays start and finish times, state (succeeded, failed, and so on), and other relevant details. Work requests are part of the Compute Web UI LB resource list.

The status of a work request, such as "Succeeded," isn't the same as completion of the provisioning of the resource. In other words, load balancer creation can "succeed" while provisioning is still in progress.

For general information about LBaaS, see the Oracle Private Cloud Appliance Concepts Guide.

Creating a Private Load Balancer

When creating a load balancer (LB), you have two main options:

1. You can provide minimal information when creating the LB, and then "assemble" the components of the LB after the LB is created, such as the backend set or other parameters.

2. You can provide all information when creating the LB.

This topic creates a private load balancer with minimal information. You need to assemble other components to complete the LB after creation. These are added by editing the LB resources.

For access control reasons, you must select the compartment where you want the LB to reside. The load balancer doesn't have to be in the same compartment as the VCN or backend set. If you aren't sure which compartment to use, put the load balancer in the same compartment as the VCN.

You must specify a display name for the load balancer. It doesn't have to be unique, and you can change it.

Using the Compute Web UI

1. Open the Navigation Menu. Under Networking, click Load Balancers.

2. Click the Create Load Balancer button to open the Create Load Balancer dialog.

3. Enter the following information:

   • Name: Enter a descriptive name for the LB.

   • Create in Compartment: Select the compartment in which to create the LB.

   • Visibility Type: Click Private Load Balancer. The LB receives a private IP address from the hosting subnet. The LB acts a front end for internal incoming traffic visible only within the VCN.

   • Subnet: Select the name of the VNC and Subnet for the LB from the pull-down menus.

   • Network Security Group: You can take the Default (the Enable Network Security Groups box is cleared), or assign an available NSG to the load balancer. If the choices show None Available, you can add an NSG with the +Add Network Security Group option.

4. Click the Create Load Balancer button in the dialog. To display the details of the new LB, click view the LB.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

2. Enter the lb load-balancer create command using minimal private LB options. To list all details of the new LB, use the lb load-balancer get command.

   Note:

   For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci lb load-balancer create --compartment-id compartment_OCID \
   --display-name name-of-load-balancer --is-private true \ 
   --shape-name 400Mbps --subnet-ids [subnets_complex_ type]

   Example:

   $ oci lb load-balancer create --compartment-id compartment_OCID --display-name Private_LB1 \
   --is-private true --shape-name 400Mbps --subnet-ids '["ocid1.subnet.unique_ID", \
    "ocid1.subnet.unique_ID"]'
   
   {
     "data": {
       "backend-sets": {},
       "certificates": {},
       "compartment-id": "ocid1.tenancy....….….….uniqueID"",
       "defined-tags": null,
       "display-name": "Private_LB1",
       "freeform-tags": null,
       "hostnames": {},
       "id": "ocid1.loadbalancer....….….….uniqueID"",
       "ip-addresses": null,
       "is-private": true,
       "lifecycle-state": "ACTIVE",
       "listeners": {},
       "network-security-group-ids": null,
       "path-route-sets": {},
       "routing-policies": null,
       "rule-sets": {},
       "shape-details": null,
       "shape-name": "400Mbps",
       "ssl-cipher-suites": {},
       "subnet-ids": [
         "ocid1.subnet....….….….uniqueID-1"",
         "ocid1.subnet....….….….uniqueID-2""
         ],
       "system-tags": null,
       "time-created": "2022-08-10T19:10:31+00:00"
     },
   "etag": "00c648d7-b654-4583-b7bf-k5oed55"
   }

Creating a Public Load Balancer

When creating a load balancer (LB), you have two main options:

1. You can provide minimal information when creating the LB, and then "assemble" the components of the LB after creation, such as the backend set or other parameters.

2. You can provide all information when creating the LB.

This topic creates a public load balancer with minimal information. Other components are need to assemble the complete LB after creation. These are added by editing the LB resources.

For access control reasons, you must select the compartment where you want the LB to reside. The load balancer doesn't have to be in the same compartment as the VCN or backend set. If you aren't sure which compartment to use, put the load balancer in the same compartment as the VCN.

You must specify a display name for the load balancer. It does not have to be unique, and you can change it.

Using the Compute Web UI

1. Open the Navigation Menu. Under Networking, click Load Balancers.

2. Click the Create Load Balancer button to open the Create Load Balancer dialog.

3. Enter the following information:

   • Name: Enter a descriptive name for the LB.

   • Create in Compartment: Select the compartment in which to create the LB.

   • Visibility Type: Click Public Load Balancer. The LB receives a public IP address accessible from the internet and acts as a front end for all incoming traffic.

   • Select Public IP: You can select the public IP address to use from the pull-down menu. If the pull-down menu displays "None Available" or if you don't select a public IP from the list, the public load balancer automatically assigns an available public IP from the Public IP range configured.

   • Subnet: Select the name of the VNC and Subnet for the LB from the pull-down menus.

   • Network Security Group: You can take the Default (the Enable Network Security Groups box is cleared), or assign an available NSG to the load balancer. If None Available, you can add an NSG with the +Add Network Security Group option.

4. Click the Create Load Balancer button in the dialog. To display the details of the new LB, view the LB.

Using the OCI CLI

1. Gather the information that you need to run the command:

   • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

2. Enter the lb load-balancer create command using minimal private LB options. To list all details of the new LB, use the lb load-balancer get command.

   Note:

   For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci lb load-balancer create ---compartment-id compartment_OCID 
   --display-name name-of-load-balancer --shape-name 400Mbps --is-private false 
   --subnet-ids [subnets_complex_ type]

   Example:

   $ oci lb load-balancer create --compartment-id compartment_OCID --display-name Private_LB1 \
   --shape-name 400Mbps --is-private true --subnet-ids '["ocid1.subnet.unique_ID", \
    "ocid1.subnet.unique_ID"]'
   
   {
     "data": {
       "backend-sets": {},
       "certificates": {},
       "compartment-id": "ocid1.tenancy....….….….uniqueID"",
       "defined-tags": null,
       "display-name": "Public_LB1",
       "freeform-tags": null,
       "hostnames": {},
       "id": "ocid1.loadbalancer....….….….uniqueID"",
       "ip-addresses": <public_ip_address>,
       "is-private": false,
       "lifecycle-state": "ACTIVE",
       "listeners": {},
       "network-security-group-ids": null,
       "path-route-sets": {},
       "routing-policies": null,
       "rule-sets": {},
       "shape-details": null,
       "shape-name": "400Mbps",
       "ssl-cipher-suites": {},
       "subnet-ids": [
         "ocid1.subnet....….….….uniqueID-1"",
         "ocid1.subnet....….….….uniqueID-2""
         ],
       "system-tags": null,
       "time-created": "2022-08-10T19:10:31+00:00"
     },
   "etag": "00c648d7-b654-4583-b7bf-k5oed55"
   }

Editing a Load Balancer

You can change load balancer (LB) properties, such as the name of the LB.

Using the Compute Web UI

1. Open the Navigation Menu. Under Networking, click Load Balancers.

2. Select the name of the LB that you want to edit.

3. Click Edit, or click the box with three-dot pull-down menu under Actions, then select Edit to open the Edit Load Balancer window.

4. Make allowable changes to the LB in the pop-up window. The following properties can be edited:

   • Name: Change the name of the LB.

5. Click Update Load Balancer to update the LB properties.

Using the OCI CLI

1. Gather the information you need to run the command:

   • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

   • LB OCID (oci lb load-balancer list --compartment-id compartment_OCID)

2. Run the update command.

   Note:

   For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci lb load-balancer update --load-balancer-id loadbalancer_OCID \
    --display-name name-of-load-balancer  

   Example:

   $ oci lb load-balancer update \
    --load-balancer-id ocid1.loadbalancer.unique_ID \
    --display-name Private_load_balancer_3
   
   {
     "data": {
       "backend-sets": {},
       "certificates": {},
       "compartment-id": "ocid1.compartment....….….….uniqueID"",
       "defined-tags": null,
       "display-name": "Private_load_balancer_3",
       "freeform-tags": null,
       "hostnames": {},
       "id": "ocid1.loadbalancer....….….….uniqueID"",
       "ip-addresses": null,
       "is-private": true,
       "lifecycle-state": "ACTIVE",
       "listeners": {},
       "network-security-group-ids": null,
       "path-route-sets": {},
       "routing-policies": null,
       "rule-sets": {},
       "shape-details": null,
       "shape-name": "IGNORE",
       "ssl-cipher-suites": {},
       "subnet-ids": [
         "ocid1.subnet....….….….uniqueID-1"",
         "ocid1.subnet....….….….uniqueID-2""
         ],
       "system-tags": null,
       "time-created": "2022-08-10T19:10:31+00:00"
     },
   "etag": "00c648d7-b654-4583-b7bf-k5oed55"
   }

Viewing Load Balancer Details

You can view a list of existing load balancers and view their details.

Using the Compute Web UI

1. Open the Navigation Menu. Under Networking, click Load Balancers.

2. Click the name of the Compartment for which you want to list existing load balancers.

3. If the load balancer exists, you can view its details in one of two ways:

   1. Click the hyperlink Name of the load balancer.
   2. Select or highlight the Name of the load balancer, click the three-dots icon in the Actions pull-down menu, and select View Detail.

Using the OCI CLI

1. Gather the information you need to run the command:

   • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

   • LB OCID (oci lb load-balancer list --compartment-id compartment_OCID)

2. Run the get command.

   Use the LB OCID to list the details for the LB in the specified compartment.

   Note:

   For information about optional parameters, run the command with the --help option.

   Syntax (entered on a single line):

   oci lb load-balancer get --load-balancer-id loadbalancer_OCID 

   Example:

   $ oci lb load-balancer get –-load-balancer-id ocid1.loadbalancer.unique_ID 
    
   {
     "data": {
       "backend-sets": {
         "http_backend_set": {
           "backends": [
           {
             "backup": false,
             "drain": false,
             "ip-address": "10.120.0.17",
             "name": "10.120.0.17:2000",
             "offline": false,
             "port": 2000,
             "weight": 1
           },
           {
             "backup": false,
             "drain": false,
             "ip-address": "10.120.0.5",
             "name": "10.120.0.5:2000",
             "offline": false,
             "port": 2000,
             "weight": 1
           }
           ],
         "health-checker": {
           "interval-in-millis": 10000,
           "port": 80,
           "protocol": "HTTP",
           "response-body-regex": "^Health*",
           "retries": 3,
           "return-code": 200,
           "timeout-in-millis": 3000,
           "url-path": "/health/"
          },
          "lb-cookie-session-persistence-configuration": null,
          "name": "http_backend_set",
          "policy": "ROUND_ROBIN",
          "session-persistence-configuration": null,
          "ssl-configuration": null
        },
        "lb_backend_set": {
          "backends": [
          {
            "backup": false,
            "drain": false,
            "ip-address": "10.0.0.14",
            "name": "10.0.0.14:8080",
            "offline": false,
            "port": 8080,
            "weight": 1
          },
          {
            "backup": false,
            "drain": false,
            "ip-address": "10.0.0.15",
            "name": "10.0.0.15:8080",
            "offline": false,
            "port": 8080,
            "weight": 1
          },
          {
            "backup": false,
            "drain": false,
            "ip-address": "10.0.0.18",
            "name": "10.0.0.18:8080",
            "offline": false,
            "port": 8080,
            "weight": 1
          },
          {
            "backup": false,
            "drain": false,
            "ip-address": "10.0.0.5",
            "name": "10.0.0.5:8080",
            "offline": false,
            "port": 8080,
           "weight": 1
          }
          ],
        "health-checker": {
        "interval-in-millis": 10000,
        "port": 8080,
        "protocol": "HTTP",
        "response-body-regex": "HEALTHY",
        "retries": 3,
        "return-code": 200,
        "timeout-in-millis": 3000,
        "url-path": "/healthcheck"
      },
      "lb-cookie-session-persistence-configuration": null,
      "name": "lb_backend_set",
      "policy": "LEAST_CONNECTIONS",
      "session-persistence-configuration": null,
      "ssl-configuration": null
      }
    },
    "certificates": {},
    "compartment-id": "ocid1.tenancy...….….….uniqueID",
    "defined-tags": null,
    "display-name": "example_load_balancer",
    "freeform-tags": null,
    "hostnames": {},
    "id": "ocid1.loadbalancer.oc1.pca..….….….uniqueID",
    "ip-addresses": null,
    "is-private": true,
    "lifecycle-state": "ACTIVE",
    "listeners": {
      "http_listener": {
        "connection-configuration": {
          "backend-tcp-proxy-protocol-version": null,
          "idle-timeout": 1200
        },
       "default-backend-set-name": "http_backendset",
       "hostname-names": null,
       "name": "http_listener",
       "path-route-set-name": "http_pathrouteset",
       "port": 80,
       "protocol": "HTTP",
       "routing-policy-name": null,
       "rule-set-names": null,
       "ssl-configuration": null
       }
     },
    "network-security-group-ids": null,
    "path-route-sets": {
      "http_pathrouteset": {
        "name": "http_pathrouteset",
        "path-routes": [
        {
          "backend-set-name": "ph_backendset",
          "path": "/test/",
          "path-match-type": {
            "match-type": "EXACT_MATCH"
          }
        }
        ]
      }
    },
   "routing-policies": null,
   "rule-sets": {},
   "shape-details": null,
   "shape-name": "400Mbps",
   "ssl-cipher-suites": {},
   "subnet-ids": [
   "ocid1.subnet..….….….uniqueID"
    ],
    "system-tags": null,
    "time-created": "2022-08-11T07:20:20+00:00"
    }
   }

Deleting a Load Balancer

You can delete a load balancer (LB) to remove it from service.

Using the Compute Web UI

1. Open the Navigation Menu. Under Networking, click Load Balancers.

2. Select the name of the LB you want to delete.

3. Click Terminate.

4. Confirm the operation when prompted.

Using the OCI CLI

1. Gather the information you need to run the command:

   • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

   • LB OCID (oci lb load-balancer list --compartment-id compartment_OCID)

2. Run the delete command.

   Syntax (entered on a single line):

   $ oci lb load-balancer delete --load-balancer-id loadbalancer_OCID
   Are you sure you want to delete this resource? [y/N]: y

   Note:

   To delete the LB without verification, run the command with the --force option.