Network Load Balancers

Load balancing is the method of sharing a workload equally among servers. It prevents clients from overwhelming certain servers and helps the service to scale.

There are two types of load balancers:

Load Balancer as a Service (LBaaS): This type of load balancer operates at all protocol layers, including the application. When the term "load balancer" (LB) appears without qualification, the statement refers to LBaaS.
Network Load Balancer (NLB): This type of load balancer operates on protocol layers, below the application itself, at the Network Layer. The term "network load balancer" (NLB) is always used to refer to a network load balancer, not LBaaS.
The verb "load balancing" is used to refer to the actions of both LBs and NLBs. More information is provided to distinguish the statement's applicability.
LBaaS and NLBs are covered in different chapters in this guide. Make sure you refer to the correct chapter when seeking LB or NLB information.

NLBs on the Oracle Private Cloud Appliance provides automated traffic distribution from one entry point to multiple servers reachable from the virtual cloud network (VCN). NLBs, like LBs, offer a choice of using a public or private IP address, and various load balancing policies.

When you create an NLB using the OCI CLI, you can either configure all the resources at the same time or create a minimal LB and supply other configuration details later. In other words, more than the basic LB is needed to assemble the complete LB after creation. These other components are added by editing the LB resources.

The two type of NLBs are:

Private: A private load balancer is isolated from the network outside the Oracle Private Cloud Appliance and security is therefore easier. A private NLB gets a private IP address assigned from the address block that serves as the entry point for incoming traffic.
Public: A public load balancer accepts traffic from a network location outside of the appliance. Because of this outside traffic, a public NLB is deployed in a public subnet of a VCN that has an internet gateway (IGW) configured. The service assigns the load balancer a public IP address that serves as the entry point for incoming traffic. You can associate the public IP address with a friendly DNS name through any DNS provider, but a public IP address must be available in order for public NLB provisioning to succeed.

This chapter creates NLBs with minimal information, using the Compute Web UI or OCI CLI, and then supplies the details for the other resources. An implied order can be used in the way things are configured in the Compute Web UI (which differs from the NLB resource listing) because some items must be configured before use in other places. After initial NLB configuration, the order used in this chapter is:

Backend Sets
Backend Servers
Listeners
Health Checks
Work Request Errors

This isn't an exhaustive list.

Many configuration steps are processed as work requests. Work requests are tasks that can take some time to complete and therefore are tracked as they are processed and displayed as separate line items or OCI CLI output. For example, the act of creating an NLB or a listener is a work request that records and displays start and finish times, state (succeeded, failed, and so on), and other relevant details. Work requests are part of the Compute Web UI NLB resource list.

The status of a work request, such as "Succeeded," isn't the same as completion of the provisioning of the resource. In other words, NLB creation can "succeed" while provisioning is still in progress.

For general information about NLBs, see the Oracle Private Cloud Appliance Concepts Guide.

Creating a Private Network Load Balancer

When creating a network load balancer (NLB), you have two main options:

You can provide minimal information when creating the NLB, and then "assemble" the components of the NLB after the NLB is created, such as the backend set or other parameters.
You can provide all information when creating the NLB.

This topic creates a private load balancer with minimal information. You need to assemble other components to complete the NLB after creation. These are added by editing the NLB resources.

For access control reasons, you must select the compartment where you want the NLB to reside. The network load balancer doesn't have to be in the same compartment as the VCN or backend set. If you aren't sure which compartment to use, put the network load balancer in the same compartment as the VCN.

You must specify a display name for the NLB. It doesn't have to be unique, and you can change it.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Network Load Balancers.
Click the Create Network Load Balancer button to open the Create Network Load Balancer dialog.
Enter the following information:
- Name: Enter a descriptive name for the NLB.
- Create in Compartment: Select the compartment in which to create the NLB.
- Visibility Type: Click Private Load Balancer. The NLB receives a private IP address from the hosting subnet. The NLB acts a front end for internal incoming traffic visible only within the VCN.
- Subnet: Select the name of the VNC and Subnet for the NLB from the pull-down menus.
- Network Security Group: You can take the Default (the Enable Network Security Groups box is cleared), or assign an available NSG to the load balancer. If the choices show None Available, you can add an NSG with the +Add Network Security Group option.
Click the Create Network Load Balancer button in the dialog. To display the details of the new NLB, click the name of the NLB to view the NLB details.

Using the OCI CLI

Gather the information that you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

Enter the nlb network-load-balancer create command using minimal private NLB options. To list all details of the new NLB, use the nlb network-load-balancer get command.

Note:

For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):

oci nlb network-load-balancer create --compartment-id compartment_OCID \
--display-name name-of-netwokr-load-balancer --is-private true \ 
 --subnet-id subnet

Example:

$ oci nlb network-load-balancer create --compartment-id compartment_OCID \
  --display-name Private_NLB1 --is-private true  --subnet-id ocid1.subnet.unique_ID

{
  "data": {
    "backend-sets": {},
    "compartment-id": "ocid1.tenancy....….….….uniqueID"",
    "defined-tags": null,
    "display-name": "Private_LB1",
    "freeform-tags": null,
    "hostnames": {},
    "id": "ocid1.loadbalancer....….….….uniqueID"",
    "ip-addresses": [
    {
      "ip-address": 10.10.1.16,
      "is-public"; false,
      "reserved-ip": null
    }
    ],
    "is-preserve-source-destination": false,
    "is-private": true,
    "lifecycle-details": null,
    "lifecycle-state": "ACTIVE",
    "listeners": {},
    "network-security-group-ids": null,
    nlb-ip-version': "IPV4",
    "subnet-id":"ocid1.subnet....….….….uniqueID",
    "system-tags": null,
    "time-created": "2023-10-25T19:10:31+00:00",
    "time-updated": null
  },
"etag": "00c648d7-b654-4583-dbdb-k5oed55"
}

Creating a Public Network Load Balancer

When creating a network load balancer (NLB), you have two main options:

You can provide minimal information when creating the NLB, and then "assemble" the components of the NLB after creation, such as the backend set or other parameters.
You can provide all information when creating the NLB.

This topic creates a public network load balancer with minimal information. Other components are need to assemble the comlete NLB after creation. These are added by editing the NLB resources.

You must specify a display name for the load balancer. It does not have to be unique, and you can change it.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Network Load Balancers.
Click the Create Network Load Balancer button to open the Create Network Load Balancer dialog.
Enter the following information:
- Name: Enter a descriptive name for the NLB.
- Create in Compartment: Select the compartment in which to create the NLB.
- Visibility Type: Click Public Load Balancer. The LB receives a public IP address accessible from the internet and acts as a front end for all incoming traffic.
- Select Public IP: You can select the public IP address to use from the pull-down menu. If the pull-down menu displays "None Available" or if you don't select a public IP from the list, the public load balancer automatically assigns an available public IP from the Public IP range configured.
- Subnet: Select the name of the VNC and Subnet for the NLB from the pull-down menus.
- Network Security Group: You can take the Default (the Enable Network Security Groups box is cleared), or assign an available NSG to the load balancer. If None Available, you can add an NSG with the +Add Network Security Group option.
Click the Create Network Load Balancer button in the dialog. To display the details of the new VLB, click the name of the NLB to view the LB details.

Using the OCI CLI

Gather the information that you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

Enter the nlb network-load-balancer create command using minimal public NLB options. To list all details of the new NLB, use the nlb load-balancer get command.

Note:

For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):

oci nlb network-load-balancer create ---compartment-id compartment_OCID 
--display-name name-of-network-load-balancer --is-private false 
--subnet-id subnet

Example:

$ oci nlb network-load-balancer create --compartment-id compartment_OCID \ 
  --display-name Public_NLB1 --is-private false \ 
  --subnet-id "ocid1.subnet.unique_ID"

{
  "data": {
    "backend-sets": {},
    "certificates": {},
    "compartment-id": "ocid1.tenancy....….….….uniqueID"",
    "defined-tags": null,
    "display-name": "Public_LB1",
    "freeform-tags": null,
    "hostnames": {},
    "id": "ocid1.loadbalancer....….….….uniqueID"",
    "ip-addresses": <public_ip_address>,
    "is-private": false,
    "lifecycle-state": "ACTIVE",
    "listeners": {},
    "network-security-group-ids": null,
    "path-route-sets": {},
    "routing-policies": null,
    "rule-sets": {},
    "shape-details": null,
    "shape-name": "400Mbps",
    "ssl-cipher-suites": {},
    "subnet-ids": [
      "ocid1.subnet....….….….uniqueID-1"",
      "ocid1.subnet....….….….uniqueID-2""
      ],
    "system-tags": null,
    "time-created": "2022-08-10T19:10:31+00:00"
  },
"etag": "00c648d7-b654-4583-b7bf-k5oed55"
}

Editing a Network Load Balancer

You can change network load balancer (NLB) properties, such as the name of the NLB.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Network Load Balancers.
Select the name of the NLB that you want to edit.
Click Edit, or click the box with three-dot pull-down menu under Actions, then select Edit to open the Edit Network Load Balancer window.
Make allowable changes to the NLB in the pop-up window. The following properties can be edited:
- Name: Change the name of the NLB.
Click Update Load Balancer to update the NLB properties.

Using the OCI CLI

Gather the information you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)
- NLB OCID (oci nlb network-load-balancer list --compartment-id compartment_OCID)

Run the update command.

Note:

For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):

oci nlb network-load-balancer update --network-load-balancer-id loadbalancer_OCID \
 --display-name name-of-load-balancer

Example:

$ oci nlb network-load-balancer update \
 --network-load-balancer-id ocid1.loadbalancer.unique_ID \
 --display-name Private_net_load_balancer_3

{
  "data": {
    "backend-sets": {},
    "certificates": {},
    "compartment-id": "ocid1.compartment....….….….uniqueID"",
    "defined-tags": null,
    "display-name": "Private_net_load_balancer_3",
    "freeform-tags": null,
    "hostnames": {},
    "id": "ocid1.networkloadbalancer....….….….uniqueID"",
    "ip-addresses": null,
    "is-private": true,
    "lifecycle-details": null,
    "lifecycle-state": "ACTIVE",
    "listeners": {},
    "network-security-group-ids": null,
    "nlb-ip-version': "IPV4",
    "subnet-id": "ocid1.subnet....….….….uniqueID",  
    "system-tags": null,
    "time-created": "2022-08-10T19:10:31+00:00"
  },
"etag": "00c648d7-b654-4583-b7bf-k5oed55"
}

Viewing Network Load Balancer Details

You can view a list of existing network load balancers and view their details.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Network Load Balancers.
Click the name of the Compartment for which you want to list existing network load balancers.
If the network load balancer exists, you can view its details in one of two ways:
1. Click the hyperlink Name of the network load balancer.
2. Select or highlight the Name of the network load balancer, click the three-dots icon in the Actions pull-down menu, and select View Detail.

Using the OCI CLI

Gather the information you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)
- LB OCID (oci nlb network-load-balancer list --compartment-id compartment_OCID)

Run the get command.

Use the NLB OCID to get the details for the NLB in the specified compartment.

Note:

For information about optional parameters, run the command with the --help option.

Syntax (entered on a single line):

oci nlb network-load-balancer get --network-load-balancer-id loadbalancer_OCID

Example:

$ oci nlb network-load-balancer get –-network-load-balancer-id \ 
  ocid1.networkloadbalancer.unique_ID 

{
  "data": {
    "items": [
    {
      "backend-sets": {},
      "compartment-id": "ocid1.tenancy.....….….….uniqueID",
      "defined-tags": {},
      "display-name": "Priv_NLB1",
      "freeform-tags": {},
      "id": "ocid1.networkloadbalancer.1907XDB006.dub10.7ftnyepybaut4cpfi08ww3xqr21ov70czg9taumoyjt7k0dtyn3qk644oouu",
      "ip-addresses": [
      {
        "ip-address": "10.10.1.9",
        "ip-version": null,
        "is-public": false,
        "reserved-ip": null
      }
      ],
      "is-preserve-source-destination": false,
      "is-private": true,
      "lifecycle-details": null,
      "lifecycle-state": "ACTIVE",
      "listeners": {},
      "network-security-group-ids": null,
      "nlb-ip-version": "IPV4",
      "subnet-id": "ocid1.subnet.....….….….uniqueID",
      "system-tags": null,
      "time-created": "2023-09-13T15:52:27.000001+00:00",
      "time-updated": null
      }
    ]
  }
}

Deleting a Network Load Balancer

You can delete a network load balancer (NLB) to remove it from service.

Using the Compute Web UI

Open the Navigation Menu. Under Networking, click Network Load Balancers.
Select the name of the NLB you want to delete.
Click Terminate.
Confirm the operation when prompted.

Using the OCI CLI

Gather the information you need to run the command:
- Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)
- LB OCID (oci nlb network-load-balancer list --compartment-id compartment_OCID)

Run the delete command.

Syntax (entered on a single line):

$ oci nlb network-load-balancer delete --network-load-balancer-id loadbalancer_OCID
Are you sure you want to delete this resource? [y/N]: y

Note:

To delete the NLB without verification, run the command with the --force option.