Load Balancer as a Service

LBaaS on the Oracle Private Cloud Appliance provides automated traffic distribution from one entry point to multiple servers reachable from the virtual cloud network (VCN). The service implements either a private or public load balancer (LB), and supports provisioned bandwidth and various load balancing policies.

For more general information about LBaaS, see the Load Balancing Overview chapter in the Oracle Private Cloud Appliance Concepts Guide.

Managing a Load Balancer

This section describes how to create, view details, update, and delete a load balancer (LB).

Creating a Load Balancer

This topic describes how to create a load balancer (LB).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the Create Load Balancer button to open the Create Load Balancer dialog.

  3. Enter the following information:

    • Name: Enter a descriptive name for the LB. The name does not need to be unique, and you can change it.

    • Create in Compartment: Select the compartment in which to create the LB. The LB does not have to be in the same compartment as the VCN or backend set. If you aren't sure which compartment to use, create the LB in the same compartment as the VCN.

    • Choose Visibility Type:

      • Public Load Balancer. The Select Public IP menu is shown. Select a public IP from the list. You might need to change the compartment above the menu. If the menu displays None Available or if you do not select a public IP from the list, a public IP is automatically assigned from the configured public IP range. You can use the assigned public IP address as a front end for incoming traffic.

      • Private Load Balancer. The LB receives a private IP address from the selected subnet. You can use the assigned private IP address as a front end for internal incoming VCN traffic.

      See Load Balancing for more information about private and public load balancers.

    • Subnet: Select the names of the VCN and Subnet for the LB. You might need to change the compartment above the menus.

    • Network Security Group: (Optional) By default, the LB is not attached to any NSG. Select the box labeled Enable Network Security Group to add this LB to one or more NSGs.

      1. Select an NSG from the drop-down list. You might need to change the compartment to find the NSG that you want.

      2. Click the Add Another NSG button if you want to attach to another NSG.

      3. To remove an NSG from the list, click the trash can to the right of that NSG. To remove the last NSG or all NSGs, uncheck the Enable Network Security Groups box.

    • Tagging: (Optional) Add defined or free-form tags for this LB as described in Adding Tags at Resource Creation. Tags can also be applied later.

  4. Select the Create Load Balancer button in the dialog. The details page of the new LB is displayed.

Next Steps: On the LB details page, scroll down to the Resources section and select resources to create to complete the configuration.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Compartment OCID: oci iam compartment list

    • At least one subnet OCID: oci network subnet list

  2. Run the create LB command.

    Syntax:

    The following shows only the required parameters. Use the -h option to get information about optional parameters such as backend sets and listeners.

    oci lb load-balancer create --compartment-id compartment_OCID \
    --display-name load-balancer-name --shape-name 400Mbps \
    --subnet-ids file://subnet_OCIDs.json

    Example:

    The following example creates a private LB with a fixed bandwidth of 400 Mbps.

    The --is-private option value is false by default. If --is-private is omitted, a public IP address is assigned from one of the specified subnets if available. If --is-private true is specified, a private IP address is assigned from one of the specified subnets. See Load Balancing for more information about private and public load balancers.

    --shape-details '{"maximumBandwidthInMbps": 400, "minimumBandwidthInMbps": 400}'

    The bandwidth cannot be changed after the LB is created.

    $ oci lb load-balancer create --compartment-id ocid1.compartment.unique_ID \
    --display-name Private_LB1 --shape-name 400Mbps \
    --subnet-ids '["ocid1.subnet.unique_ID1", "ocid1.subnet.unique_ID2"]'
    
    {
      "data": {
        "backend-sets": {},
        "certificates": {},
        "compartment-id": "ocid1.compartment.unique_ID",
        "defined-tags": {
          "Oracle-Tags": {
            "CreatedBy": "auser",
            "CreatedOn": "2025-01-28T23:12:58.28Z"
          },
        "display-name": "Private_LB1",
        "freeform-tags": null,
        "hostnames": {},
        "id": "ocid1.loadbalancer.unique_ID",
        "ip-addresses": [
          {
            "ip-address": "IP_address",
            "is-public": false,
            "reserved-ip": null
          }
        ],
        "is-private": true,
        "lifecycle-state": "ACTIVE",
        "listeners": {},
        "network-security-group-ids": null,
        "path-route-sets": {},
        "routing-policies": null,
        "rule-sets": {},
        "shape-details": null,
        "shape-name": "400Mbps",
        "ssl-cipher-suites": {},
        "subnet-ids": [
          "ocid1.subnet.unique_ID1",
          "ocid1.subnet.unique_ID2"
          ],
        "system-tags": null,
        "time-created": "2025-01-28T23:12:58.000001+00:00"
      },
    "etag": "00c648d7-b654-4583-b7bf-k5oed55"
    }

    This output is the same as the output of the oci lb load-balancer get command.

    Next Steps: If you did not create all the resources needed for the LB in the load-balancer create command, complete the LB configuration by adding resources using their separate commands, such as listener create. For a list of commands, see oci lb -h.

Viewing Load Balancer Details

This topic describes how to display a list of load balancers (LBs) and view their details.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. If necessary, select a different compartment from the compartment menu above the LB list.

  3. Select the name of the LB to go to its details page.

    Alternatively, for the LB for which you want to see the details, select the Actions menu and select the View details option.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the get LB command.

    Syntax:

    oci lb load-balancer get --load-balancer-id load-balancer_OCID 

    The details of all the resources that have been created, such as backend sets, certificates, and listeners are included in the output.

Editing a Load Balancer

You can change the load balancer (LB) name and tags.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. For the LB that you want to edit, select the Actions menu, and select the Edit option to open the Edit Load Balancer dialog.

  3. Make your changes and select the Update Load Balancer button to update the LB properties.

To add or update related resources such as backend sets or listeners, go to the LB details page, scroll down to the Resources section, and select the resource that you want to add or edit.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the update LB command.

    Example:

    $ oci lb load-balancer update \
     --load-balancer-id ocid1.loadbalancer.unique_ID \
     --display-name new_lb_name

If you did not add resources such as backend sets or listeners when you created the LB, add them by using their separate command, such as oci lb listener create. If you did add resources when you created the LB, update them by using their separate command, such as oci lb listener update.

Deleting a Load Balancer

This topic describes how to delete a load balancer (LB) and remove it from service.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. For the LB that you want to delete, select the Actions menu, and select the Terminate option.

  3. Confirm the operation when prompted.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the delete LB command.

    Syntax:

    $ oci lb load-balancer delete --force --load-balancer-id loadbalancer_OCID

Cipher Suites

This section describes how to use cipher suites with a load balancer (LB) to determine the security, compatibility, and speed of HTTPS traffic.

Creating a Load Balancer SSL Cipher Suite

A load balancer (LB) uses a cipher suite to secure Transport Layer Security (TLS) or Secure Socket Layer (SSL) network connections. The cipher suite defines a list of security algorithms that the LB uses to negotiate with peers exchanging information with the LB. The cipher suites used affect the security level, performance, and compatibility of data traffic.

Oracle has created a series of predefined cipher suites that you can use when you create an SSL configuration. If the predefined cipher suites don't meet requirements, you can create custom cipher suites.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to create the SSL cipher suite.

  3. On the LBdetails page, scroll to the Resources section and select Cipher Suites.
  4. Select the Create Cipher Suite button.
  5. In the Load Balancer SSL Cipher Suite dialog, give the LB SSL cipher suite a name.

    Note:

    The name of a user-defined cipher suite can't be the same as any of Oracle’s predefined or reserved SSL cipher suite names.
  6. Check the boxes of the cipher suite components to be part of the SSL cipher suite.

  7. Select the Create Cipher Suite button in the dialog.

    To check the result, select the cipher suite name in the Cipher Suites list in the Resources section of the LB details page.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the create SSL cipher suite command.

    Syntax:

    oci lb ssl-cipher-suite create --ciphers ssl_ciphers \ 
    --load-balancer-id load-balancer_OCID --name ssl_cipher_suite_name  

    Option values:

    ssl_ciphers - A list of SSL ciphers the load balancer must support for HTTPS or SSL connections.

    load-balancer_OCID - The OCID of the associated load balancer.

    ssl_cipher_suite_name - A user-friendly name for the SSL cipher suite. The name must be unique and cannot be changed.

    Example:

    $ oci lb ssl-cipher-suite create --ciphers ["ECDHE-RSA-AES256-GCM-SHA384", \
    "ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES128-GCM-SHA256"] \
    --load-balancer-id ocid1.loadbalancer.uniqueID
    --name my_ssl_cipher_suite
     
    {
      "opc-work-request-id": "ocid1.workrequest.oc1.pca.uniqueID"
    }

    To see the cipher suite details, use the oci lb ssl-cipher-suite list command to list all the cipher suites associated with the specified LB, and then use the oci lb ssl-cipher-suite get command to view the SSL cipher suite details as shown in Viewing a Load Balancer Cipher Suite Details.

Viewing a Load Balancer Cipher Suite Details

This topic describes how to view a list of the SSL cipher suites associated with a load balancer (LB) and how to view the details of a specific cipher suite.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to view existing cipher suites.

  3. On the LB details page, scroll to the Resources section and select Cipher Suites. The list of cipher suites is shown.
  4. To view the details page for a cipher suite, either select the name of the cipher suite in the list, or select the Actions menu and then select the View Details option.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Name of the cipher suite: oci lb ssl-cipher-suite list
  2. Run the get cipher suite command to view the details of the cipher suite that you are interested in.

    Syntax:

    Use the following command to list all cipher suites associated with the LB:

    oci lb ssl-cipher-suite list --load-balancer-id load-balancer_OCID

    Use the following command to show the details of the named cipher suite:

    oci lb ssl-cipher-suite get --load-balancer-id load-balancer_OCID --name cipher-suite-name 

    Example:

    $ oci lb ssl-cipher-suite get --load-balancer-id ocid1.loadbalancer.uniqueID \
    --name "my_ssl_cipher_suite"
     
    {
      "data": {
        "ciphers": [
          "ECDHE-RSA-AES256-GCM-SHA384",
          "ECDHE-ECDSA-AES256-GCM-SHA384",
          "ECDHE-RSA-AES128-GCM-SHA256"
        ],
        "name": "my_ssl_cipher_suite"
      }
    }

Editing a Load Balancer Cipher Suite

This topic describes how to edit SSL cipher suites associated with a load balancer (LB) to add or remove ciphers. The name of the cipher suite cannot be changed.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to edit existing cipher suites.

  3. On the LB details page, scroll to the Resources section and select Cipher Suites. The list of cipher suites is shown.
  4. Use one of the following methods to update a cipher suite:

    • Select the name of the cipher suite. On the cipher suite details page, select the Edit button.
    • Select the Actions menu for the cipher suite and select Edit.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Name of the cipher suite: oci lb ssl-cipher-suite list
  2. Run the update SSL cipher suite command to edit the ciphers of the cipher suite.

    Syntax:

    oci lb ssl-cipher-suite update --load-balancer-id load-balancer_OCID \
    --name cipher-suite-name --ciphers list_of_ciphers

    Example:

    $ oci lb ssl-cipher-suite update --load-balancer-id  ocid1.loadbalancer.uniqueID \
    --name "my_ssl_cipher_suite" \
    --ciphers ["ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-GCM-SHA384"]
    
    {
      "opc-work-request-id": "ocid1.workrequest.oc1.pca.uniqueID"
    } 

    Use the ssl-cipher-suite get command to verify that the cipher suite is updated. See Viewing a Load Balancer Cipher Suite Details.

Deleting a Load Balancer Cipher Suite

This topic describes how to delete an SSL cipher suite associated with a load balancer (LB).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete cipher suites.

  3. On the LB details page, scroll to the Resources section and select Cipher Suites. The list of cipher suites is shown.
  4. Use one of the following methods to delete a cipher suite:

    • Select the name of the cipher suite. On the cipher suite details page, select the Delete button.
    • Select the Actions menu for the cipher suite and select the Delete button.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Name of the cipher suite: oci lb ssl-cipher-suite list
  2. Run the delete cipher suite command.

    Syntax:

    oci lb ssl-cipher-suite delete --load-balancer-id load-balancer_OCID \
    --name cipher-suite-name 

    Example:

    $ oci lb ssl-cipher-suite delete --load-balancer-id ocid1.loadbalancer.uniqueID \
    --name "my_ssl_cipher_suite" --force
    
    {
      "opc-work-request-id": "ocid1.workrequest.oc1.pca.uniqueID"
    } 

    Use the ssl-cipher-suite list command to verify that the cipher suite is deleted. See Viewing a Load Balancer Cipher Suite Details.

SSL Certificates

This section describes how to use secure socket layer (SSL) certificates with a load balancer (LB).

Adding a Load Balancer Certificate

This topic describes how to add a public SSL certificate to use with a load balancer (LB).

Optionally, you can also provide a certificate for a Certificate Authority (CA) or configure a private key.

Note:

You can use a custom, self-signed SSL certificate. However, for production environments, Oracle recommends that you use a CA-issued SSL certificate, which reduces the risk of a man-in-the-middle attack.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to add the certificate.
  3. On the LB details page, scroll to the Resources section and select Certificates.
  4. Select the Create Certificate button.
  5. Enter the following information in the Load Balancer Create Certificate dialog.

    • Name: Enter a descriptive name for the certificate bundle. The name must be unique and cannot be changed. The name can include only alphanumeric characters, dashes, and underscores. The name cannot contain spaces.

    • Public certificate: Either upload the certificate .pem file, or paste the content from the .pem file directly into the dialog box using drag and drop.

    • Certificate Authority: Click the Enable certificate authority box if you are also using a certificate authority (CA) certificate. Either upload the CA certificate .pem file, or paste the content from the .pem file directly into the dialog box using drag and drop.
    • Private Key: Click the Enable private key box if you are also using a private key certificate. Either upload the private key .pem file, or paste the content from the .pem file directly into the dialog box using drag and drop.
  6. Select the Create Certificate button in the dialog.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the create certificate command.

    Only the certificate name and the LB OCID are always required for the create command, but you probably also need to provide the private key file and public certificate, and you might need to provide the CA certificate and passphrase. See the example below and use the -h option for more information.

    Syntax:

    oci lb certificate create --certicate-name certificate-name \ 
    --load-balancer-id load-balancer_OCID

    Option values:

    • certificate-name - A user-friendly name for the certificate bundle.

    • load-balancer_OCID - The OCID of the load balancer associated with the backend set and servers.

    Example:

    $ oci lb certificate create --certificate-name example-certificate \
    --load-balancer-id ocid1.loadbalancer.unique_ID \
    --ca-certificate-file CA_cert_file \
    --public-certificate-file pub_cert_file \
    --private-key-file priv_key_file --passphrase "passphrase"
     
    {
      "opc-work-request-id": "ocid1.workrequest.oc1.pca.unique_ID"
    }

    Option values:

    • CA_cert_file - The Certificate Authority certificate, or any interim certificate, that you received from your SSL certificate provider.

    • pub_cert_file - The public certificate, in PEM format, that you received from your SSL certificate provider.

    • priv_key_file - The SSL private key for your certificate, in PEM format.

    • passphrase - A passphrase for encrypted private keys. This is needed only if you created your certificate with a passphrase.

    To view the certificate details, use oci lb certificate list with the LB OCID to list all certificates associated with the specified LB, and find the certificate with certificate-name. In the following example, the certificate content is truncated.

    $ oci lb certificate list --load-balancer-id ocid1.loadbalancer.unique_ID
    
    {
      "data": [
        {
          "ca-certificate": "-----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----",
          "certificate-name": "example-certificate",
          "passphrase": "passphrase"
          "private-key": "-----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----",
          "public-certificate": "-----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----"
        }
      ]
    }

Viewing a Load Balancer Certificate

This topic describes how to view an SSL certificate that is used with a load balancer (LB).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to view the certificate.
  3. On the LB details page, scroll to the Resources section and select Certificates.
  4. The details of all configured certificates are displayed.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the list certificate command.

    Syntax:

    oci lb certificate list --load-balancer-id load-balancer_OCID 

    Example:

    $ oci lb certificate list --load-balancer-id ocid1.loadbalancer.uniqueID
    
    {
     "data": [
       {
         "ca-certificate": null,
         "certificate-name": "CERT1-lb1-w",
         "public-certificate": "-----BEGIN CERTIFICATE-----
    ...-----END CERTIFICATE-----"
       }
      ]
    }

Deleting a Load Balancer Certificate

This topic describes how to delete an SSL certificate that is used with a load balancer (LB). You cannot change an LB SSL certificate. To change a certificate, delete the certificate and create a new certificate.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete a certificate.
  3. On the LB details page, scroll to the Resources section and select Certificates.
  4. All the details of the configured certificates are displayed.
  5. For the certificate that you want to delete, select the Actions menu and select Delete.
  6. Confirm to delete the named certificate.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Name of the certificate: oci lb certificate list

  2. Run the delete certificate command.

    Syntax:

    oci lb certificate delete --certificate-name certificate_name \ 
    --load-balancer-id load-balancer_OCID 

Backend Sets

This section describes how to use backend sets to create logical entities consisting of a load balancing policy, health check policy, and a list of backend servers for a load balancer (LB).

Creating a Load Balancer Backend Set

This topic describes how to create a backend set for a load balancer (LB). The backend set is a group of servers to which traffic is load balanced. Using the OCI CLI or Compute Enclave API, you can create backend servers when you create the backend set. Using the Compute Web UI, you must add backend servers after the backend set is created.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Click the name of the LB for which you want to create the backend set.

  3. On the LB details page, scroll to the Resources section, and select Backend Sets.
  4. Select the Create Backend Set button.
  5. Enter the following information:

    • Name: Enter a descriptive name for the LB backend set. The name must be unique and cannot be changed.

    • Traffic Distribution Policy: Select one of the following policies for the backend set:

      • Weighted Round Robin: Traffic is balanced in a "next turn" fashion, with some servers having a preference.

      • Least Connections: Traffic is balanced based on the server with the fewest current connections.

      • IP Hash: Traffic is balanced based on a hash of several fields in the IP header.

      For more information, see "Load Balancing Policies" in "Frontend Configuration" in the Load Balancing Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

    • SSL: Associate an SSL certificate with the backend set.

      • Use SSL: When you check the Use SSL box, a drop-down list of certificates appears.

      • Certificates: Select a certificate from the list.

      • Verify peer certificate: Check this box to enable peer certificate verification.

    • Health Checking: Enter the health checking parameters to use to test the health of backend servers. All of these values are optional (the parameters have default values) except for protocol.

      • Protocol: Select the protocol to use: HTTP or TCP. Choose the protocol that matches your application or service.

      • Port: Enter the backend server port against which to run health checks.

      • Interval in Milliseconds: Specify how often to run health checks, in milliseconds. Enter a number between 1 and 1,800,000.
      • Timeout in Milliseconds: Specify the maximum time to wait for a reply to a health check, in milliseconds. Enter a number between 1 and 600,000.
      • Number of Retries: Enter the number of times to retry the health check before the server is considered unhealthy.
      • Status Code: (HTTP only) Specify the HTTP status code a healthy server must return.
      • URL Path: (HTTP only) Specify a URL endpoint against which to run the health check.

      For more information, including how to diagnose misconfigurations, see "Load Balancer Health Checks" in "Backend Configuration" in the Load Balancing Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

  6. Click the Create Backend Set button in the dialog.

    To check the configuration, select the backend set name in the Backend Sets list in the Resources section of the LB details page.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Construct an argument for the --backends option.

    The --backends option is a list of backend server definitions in the following JSON format. For brevity, only one list item is shown in the following output:

    $ oci lb backend-set create --generate-param-json-input backends
    [
      {
        "backup": true,
        "drain": true,
        "ipAddress": "string",
        "offline": true,
        "port": 0,
        "weight": 0
      }
    ]
  3. Run the create backend set command.

    Syntax:

    oci lb backend-set create --health-checker-protocol [HTTP | TCP] \
    --load-balancer-id load-balancer_OCID \  
    --name backend-set-name --policy load-balancer-policy  

    For possible values of load-balancer-policy, use oci lb policy list. See also Load Balancer Policies.

    Example:

    The create backend set command has many options. Use the -h option to learn about them.

    This example creates a set of backend servers for the backend set. The backends are defined in a file named backendsSet1. You can also create backend servers later.

    oci lb backend-set create --health-checker-protocol TCP \ 
    --load-balancer-id ocid1.loadbalancer.unique_ID --name BackendSet1 \
    --policy LEAST_CONNECTIONS --backends file://./backendsSet1 \ 
    --health-checker-port 22 --health-checker-return-code 200
    
    {
      "opc-work-request-id": "ocid1.workrequest.unique_ID"
    }

    To view the backend set details, see Viewing Load Balancer Backend Set Details.

Viewing Load Balancer Backend Set Details

This topic describes how to view a list of backend sets of a load balancer (LB) and how to view the configuration information and the list of servers in a backend set.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to view the backend set details.

  3. On the LB details page, scroll to the Resources section and select Backend Sets.

    The list of backend sets for this LB is shown.

  4. Select the name of the backend set that you are interested in.

  5. On the backend set details page, the Backend Set Information tab shows the load balancing policy and the overall health of the servers in the set. Select the Backend Set Configuration tab to see health checker and SSL configuration details. Scroll to the Resources section to view the list of backend servers.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. Display the list of backend sets for an LB.

    $ oci lb backend-set list --load-balancer-id ocid1.loadbalancer.unique_ID
  3. Display the details of a backend set, including configuration and backend servers.

    $ oci lb backend-set get --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name BackendSet1

Editing a Load Balancer Backend Set

This topic describes how to change load balancer (LB) backend set properties, such as the health checker protocol used.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to modify a backend set.

  3. On the LB details page, scroll to the Resources section and select Backend Sets.

  4. For the backend set that you want to modify, select the Actions menu, and select the Edit option.

  5. In the Edit Load Balancer Backend Set dialog, make your changes.

  6. Select the Update Load Balancer Backend Set button in the dialog.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. Run the update backend set command.

    Syntax:

    oci lb backend-set update --load-balancer-id loadbalancer_OCID \
    --backend-set-name backendset_name --backends list_of_server_definitions \ 
    --health-checker-protocol [HTTP | TCP] \
    --policy load-balancer-policy 

    Example:

    $ oci lb backend-set update --load-balancer-id ocid1.loadbalancer.uniqueID \
    --backend-set-name BackendSet1 --backends file://./backendsSet2 \
    --health-checker-protocol HTTP --policy ROUND_ROBIN
    WARNING: Updates to backends and health-checker and ssl-configuration and session-persistence-
      configuration and lb-cookie-session-persistence-configuration will replace any existing values. 
      Are you sure you want to continue? [y/N]: y
    
    {
      "opc-work-request-id": "ocid1.workrequest.xxx.loadbalancer.uniqueID"
    }

    Use the backend-set get command to verify that the backend set is updated. See Viewing Load Balancer Backend Set Details.

Deleting a Load Balancer Backend Set

This topic describes how to delete a load balancer (LB) backend set and remove it from service.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete a backend set.
  3. On the LB details page, scroll to the Resources section and select Backend Sets.
  4. For the backend set that you want to delete, select the Actions menu, and select Terminate.

  5. Confirm the operation when prompted.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list --compartment-id compartment_OCID

    • Backend set name: oci lb backend-set list

  2. Run the delete backend set command.

    $ oci lb backend-set delete --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name BackendSet1 --force 
    {
      "opc-work-request-id": "ocid1.workrequest.unique_ID"
    }

Backend Servers

Creating a Load Balancer Backend Server

This topic describes how to create a backend server to add to a backend set. A backend set is a group of backend servers to which traffic is load balanced.

If you create a backend server in a VCN that is not the same as the load balancer (LB) VCN, then you must set up a Local Peering Gateway to enable communication between the LB and the backend server. See Connecting VCNs through a Local Peering Gateway.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to create a backend server.
  3. On the LB details page, scroll to the Resources section, and select Backend Sets.
  4. In the list of backend sets, select the name of the backend set for which you want to create a backend server.

  5. On the details page of the backend set, select the Create Backend button.
  6. Enter the following information:

    • Computed Instances

      • Instance: If you select Computed Instances, the IP Address area presents a drop-down list of instances. Select one of these instances for a backend server. You can change the compartment above the list.

      • Port: The server port to load balance.

      • Weight: The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server with weight 3 receives 3 times the number of new connections as a server with weight 1. For more information about load balancing policies, see "Load Balancing Policies" in "Frontend Configuration" in the Load Balancing Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

      • Security Rules: To enable load balancer traffic, you must add ingress and egress security rules to the corresponding subnets.

        If you select Configure Manually, then when you are finished adding backends, go to the VCN and create or update a security list to add security rules, and ensure that the applicable subnet is using that security list. See Controlling Traffic with Security Lists.

        If you select Configure Automatically, a table of egress rules is shown and a table of ingress rules is shown. Each table lists the name of the security list, the name of the subnet, and the rule: the CIDR block and port to allow egress or ingress traffic. Select the button to the right of the rule to enable or disable that rule for each backend that you added.

    • IP Addresses

      • IP Address: If you select IP Addresses, the IP Address area presents a text field where you must enter the IP address of the instance that you want to use as a backend server.

      • Port: The server port to load balance.

      • Weight: See the description in "Computed Instances."

    To add another backend, select the Add IP Address button. You can select an instance or you can specify an IP address that is already a member of the backend set if you specify a different port.

  7. Select the Submit button on the dialog to create the backend servers. The new backends appear in the list for the backend set.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. Run the create backend server command.

    Syntax:

    oci lb backend create --load-balancer-id load-balancer_OCID \
    --backend-set-name backend-set-name \
    --ip-address backend-svr-ip-addr --port port-number 

    Option values:

    • backend-set-name - The name of the backend set in which to add the backend server.

    • backend-svr-ip-addr - The IP address of the compute instance to add as a backend server.

    • port-number - The port to load balance on the backend server.

    Example:

    $ oci lb backend create --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name example_backend_set \
    --ip-address 10.0.0.3 --port 8080 --weight 3
    
    { 
      "opc-work-request-id": "ocid1.workrequest.unique_ID"
    }

    The --weight option specifies the load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server with weight 3 receives 3 times the number of new connections as a server with weight 1. For more information on load balancing policies, see "Load Balancing Policies" in "Frontend Configuration" in the Load Balancing Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

    You can also set backup, drain, offline, and maximum connections. See the -h option for more information.

    To create multiple backends in one command, use the --backends option with the backend-set create command as described in Creating a Load Balancer Backend Set.

    To view the newly-added backend, use the backend get command as shown in Viewing Load Balancer Backend Server Details.

    $ oci lb backend get --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name example_backend_set --backend-name 10.0.0.3:8080

Viewing Load Balancer Backend Server Details

This topic describes how to view a list of the backend servers in a load balancer (LB) backend set and how to view the configuration details of a specific backend.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to list backend servers.

  3. On the LB details page, scroll to the Resources section and select Backend Sets to see the list of backend sets for this LB.
  4. Select the name of a backend set to see the list of backends in that backend set. For each backend in the list, the IP address, port, weight, and other attributes are shown.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. Display the list of backends for a backend set.

    $ oci lb backend list --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name backend-set-name
  3. Display the details of a specific backend.

    $ oci lb backend get --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name example_backend_set --backend-name 10.0.0.3:8080
    
    {
      "data": [
        {
          "backup": false,
          "drain": false,
          "ip-address": "10.0.0.3",
          "name": "10.0.0.3:8080",
          "offline": false,
          "port": 8080,
          "weight": 1
        }
      ]
    }
    

Editing a Load Balancer Backend Server

This topic describes how to change the weight, drain, offline, and backup attributes of a load balancer (LB) backend server.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to edit a backend server.
  3. On the LB details page, scroll to the Resources section and select Backend Sets.
  4. Select the name of the backend set that contains the backend server that you want to edit.
  5. On the backend set details page, scroll to the Resources section.

  6. For the backend server that you want to edit, select the Actions menu and select Edit.

  7. On the Update Backends dialog, enter a new weight and enable or disable the drain, offline, or backup attributes.

  8. Select the Submit button to update the LB backend server.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

    • Backend server name: oci lb backend list

  2. Run the update backend command.

    oci lb backend update --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name example_backend_set --backend-name 10.0.0.3:8080 \
    --backup false --drain false --offline false --weight 3

    The --backup, --drain, --offline, and --weight options are required; They do not have default values. You can also specify --max-connections. Use the -h option to see descriptions of these options. See also Creating a Load Balancer Backend Server for a description of the weight value.

    To view the result of the backend update, use the backend get command as shown in Viewing Load Balancer Backend Server Details.

Deleting a Load Balancer Backend Server

This topic describes how to delete a load balancer (LB) backend server from a backend set and remove the backend from service.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete a backend server.
  3. On the LB details page, scroll to the Resources section and select Backend Sets.
  4. Select the name of the backend set that contains the backend server that you want to delete.
  5. On the backend set details page, scroll to the Resources section.

  6. For the backend server that you want to delete from the set, select the Actions menu and select Terminate.

  7. Confirm the operation when prompted.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

    • Backend server name: oci lb backend list

  2. Run the delete backend command.

    $ oci lb backend delete --load-balancer-id ocid1.loadbalancer.unique_ID \
    --backend-set-name example_backend_set --backend-name 10.0.0.3:8080 --force

    To verify that the backend is deleted, use the backend list command.

Virtual Hostnames

This section describes how to use virtual hostnames with a load balancer for one or more listeners.

Creating a Load Balancer Virtual Hostname

A virtual hostname is associated with a load balancer (LB) and used by one or more listeners. Hostnames associated with a listener correspond to the backend set of that listener. The backend set routes traffic to specific backends which host different applications.

Virtual hostnames simplify the construction of the hostnames associated with listeners and backend servers because virtual hostnames can use wild card asterisks (*) at the start or end of the hostname. Listeners detect a hostname pattern that matches the virtual hostname patterns created.

Note:

The asterisk (*) doesn't have to be used in a virtual hostname. However, when used, the asterisk can only be added at the beginning or ending of a virtual hostname. Traffic sent to app.example.com is load balanced by a listener and backend server set when configured as app.example.com (exact), *example.com (wild card at start), or app.example* (wild card at end).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to create the virtual hostname.
  3. On the LB details page, scroll down to the Resources section and select Hostnames.
  4. Select the Create Hostname button to open the Load Balancer Create Hostname dialog.
  5. Enter the following information:

    • Name: A name for the LB virtual hostname.

    • Hostname: The virtual hostname.

  6. Select the Create Hostname button in the dialog.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the create virtual hostname command.

    Syntax:

    oci lb hostname create --load-balancer-id load-balancer_OCID \
    --hostname virtual-hostname --name virtual-hostname-friendly-name

    Example:

    $ oci lb hostname create --load-balancer-id ocid1.loadbalancer.unique_ID \
    --hostname *example.com --name my_virtual_hostname
     
    {
      "opc-work-request-id": "ocid1.workrequest.oc1.pca.unique_ID"
    }

    To verify that the hostname was created, see Viewing Load Balancer Virtual Hostnames.

Viewing Load Balancer Virtual Hostnames

This topic describes how to view the virtual hostnames associated with a load balancer (LB).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to view the virtual hostnames.

  3. On the LB details page, scroll to the Resources section, and select Hostnames.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Display the list of virtual hostnames for an LB.

    $ oci lb hostname list --load-balancer-id ocid1.loadbalancer.unique_ID
    
    {
      "data": [
        {
          "hostname": "app.example.com",
          "name": "match-exact-hostname"
        },
        {
          "hostname": "*example.com",
          "name": "my_virtual_hostname"
        },
        {
          "hostname": "app.example*",
          "name": "suffix-match-hostname"
        }
      ]
    }
  3. Display the details of a specific virtual hostname.

    $ oci lb hostname get --load-balancer-id ocid1.loadbalancer.unique_ID \
    --name "my_virtual_hostname"

Editing a Load Balancer Virtual Hostname

This topic describes how to change the virtual hostname associated with a load balancer (LB).

Virtual hostnames can use wild card asterisks (*) at the start or end of the hostname. Listeners detect a hostname pattern that matches the virtual hostname patterns created.

Note:

The asterisk (*) does not have to be used in a virtual hostname. However, when used, the asterisk can only be added at the beginning or ending of a virtual hostname. Traffic sent to app.example.com is load balanced by a listener and backend server set when configured as app.example.com (exact), *example.com (wild card at start), or app.example* (wild card at end).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to edit the virtual hostnames.

  3. On the LB details page, scroll to the Resources section and select Hostnames.

  4. For the hostname that you want to edit, select the Actions menu, and select Edit.

  5. Edit the virtual hostname.

    To change the name of the virtual hostname, delete the virtual hostname and create a new one.

  6. Select the Save Changes button in the dialog.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Name of the hostname resource: $ oci lb hostname list

  2. Run the update virtual hostname command.

    $ oci lb hostname update --load-balancer-id ocid1.loadbalancer.unique_ID \
    --name "my_virtual_hostname" --hostname "*example.net"

    To verify that the hostname was updated, see Viewing Load Balancer Virtual Hostnames.

Deleting a Load Balancer Virtual Hostname

This topic describes how to delete a virtual hostname associated with a load balancer (LB).

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete a virtual hostname.

  3. On the LB details page, scroll to the Resources section, and select Hostnames.

  4. For the hostname that you want to delete, select the Actions menu, and select Delete.

  5. Confirm the deletion.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Name of the hostname resource: $ oci lb hostname list

  2. Run the virtual hostname delete command.

    $ oci lb hostname delete --load-balancer-id ocid1.loadbalancer.unique_ID \
    --name "my_virtual_hostname" --force

Path Route Sets

You can apply a set of path routes to a load balancer (LB) to determine the appropriate destination backend set for incoming URIs.

Some applications have multiple endpoints or content types, each distinguished by a unique URI path such as /admin/, /data/, /video/, or /cgi/. Each rule in a path route set names a backend set, a partial URI to match, and the pattern match type.

Path route rules route traffic to the correct backend set without requiring multiple listeners or LBs.

A path route set includes all path route rules that define the data routing for a particular listener. You can have at most one path route set for each listener. You can specify at most 20 path route rules for each path route set.

Path route rules apply only to HTTP, HTTP/2, and HTTPS requests. Path route rules do not apply to TCP requests.

Path route rule URL strings have the following restrictions:

  • You can't use asterisks in path route strings.
  • You can't use regular expressions.
  • Path route string matching is case-insensitive. For example, both "data" and "DATA" match.

Browsers often add an ending slash to the path in a request. You might want to configure a rule with a URL string that includes the trailing slash and a second rule with a URL string that does not include the trailing slash (for example,/admin and /admin/).

A path route rule pattern match type is one of the following:
  • EXACT_MATCH: The path string must match the incoming URI path exactly.
  • FORCE_LONGEST_PREFIX_MATCH: The path string must match longest ("best") match of the beginning portion of the incoming URI path.

  • PREFIX_MATCH: The path string must match the beginning portion of the incoming URI path.

  • SUFFIX_MATCH: The path string must match the ending portion of the incoming URI path.

For more information about match types and priority of matches, see "Path Route Sets" in "Request Routing" in "Frontend Configuration" in the Load Balancing Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

Creating a Path Route Set

This topic describes how to create a path route set to route URIs to load balancer (LB) backend sets. To create a path route set, a backend set must already exist.

See Path Route Sets for information about URI patterns, pattern match types, and path route set limits.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of LB for which you want to create the path route set.
  3. On the LB details page, scroll to the Resources section, and select Path Route Sets.
  4. Select the Create Path Route Set button to open the Create Path Route Set dialog.

  5. Enter the following information:

    • Name: Enter a descriptive name for the Path Route Set.

    • Path Route Rules: Enter the following information:

      • Match Style: Select Exact Match, Force Longest Prefix Match, Prefix Match, or Suffix Match. The match style must be able to match the URL string entered next.
      • URL String: Enter the pattern to match.
      • Backend Set: Select the name of the backend set from the drop-down list.

      To create another rule, select the New Rule button.

  6. Select the Create Path Route Set button in the dialog.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Load balancer OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. Construct an argument for the --path-routes option.

    The --path-routes option is a list of path route rules in the following JSON format, where the path is the pattern to match and the pathMatchType is Exact Match, Force Longest Prefix Match, Prefix Match, or Suffix Match. For brevity, only one list item is shown in the following output:

    $ oci lb path-route-set create --generate-param-json-input path-routes
    [
      {
        "backendSetName": "string",
        "path": "string",
        "pathMatchType": {
          "matchType": "string"
        }
      }
    ]
  3. Run the create path route set command.

    Syntax:

    oci lb path-route-set create --load-balancer-id load-balancer_OCID \
    --name name-of-path-route-set --path-routes list-of-path-route-rules  

    Example:

    $ oci lb path-route-set create --load-balancer-id ocid1.load-balancer.unique_ID \
    --name PathRouteSet1 --path-routes file://./PathRouteSet1Rules.json
    
    {
      "opc-work-request-id": "ocid1.workrequest.1X49XC30ZP.unique_ID"
    } 

    To view the new path route set, use the path-route-set get command as shown in Viewing a Path Route Set Details.

Viewing a Path Route Set Details

This topic describes how to view a list of path route sets for a load balancer (LB) and how to view the details (route rules) of a specific path route set.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to view path route sets.
  3. On the LB details page, scroll to the Resources section and select Path Route Sets to see the list of backend sets for this LB.
  4. Select the name of a Path Route Set to display the details.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Display the list of path route sets for the specified LB.

    $ oci lb path-route-set list --load-balancer-id ocid1.loadbalancer.unique_ID
  3. Display the details of a specific path route set.

    $ oci lb path-route-set get --load-balancer-id "ocid1.load-balancer.unique_ID" \
    --path-route-set-name PathRouteSet1
    
    "data": {
      "name": "PathRouteSet1",
      "pathRoutes": [
        {
          "path": "/new/",
          "pathMatchType": {
            "matchType": "EXACT_MATCH"
          },
          "backendSetName": "BackendSet1"
        }
      ]
    }

Editing a Path Route Set

This topic describes how to edit a path route set to update the path route rules.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to update the rules of a path route set.
  3. On the LB details page, scroll to the Resources section and select Path Route Sets.
  4. For the backend set that you want to modify, select the Actions menu and select the Edit option.

  5. Make changes to the path route rules or add or delete rules.

  6. Select the Save Changes button to update the path route set.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Load balancer OCID: oci lb load-balancer list

    • Path route set name: oci lb path-route-set list

  2. Construct an argument for the --path-routes option.

    See Creating a Path Route Set.

  3. Run the update path route set command.

    Syntax:

    oci lb path-route-set update --load-balancer-id load-balancer_OCID \
    --path-route-set-name name-of-path-route-set \
    --path-routes list-of-path-route-rules

    Example:

    $ oci lb path-route-set update --load-balancer-id ocid1.load-balancer.unique_ID \
    --path-route-set-name PathRouteSet1 \
    --path-routes file://./PathRouteSet1Rules.json
    
    WARNING: Updates to path-routes will replace any existing values. Are you sure you want to continue? [y/N]: y
    {
      "opc-work-request-id": "ocid1.workrequest.1749XC302P.unique_ID"
    }

    To view the updated path route set, use the path-route-set get command as shown in Viewing a Path Route Set Details.

Deleting a Path Route Set

This topic describes how to delete a load balancer (LB) path route set.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete the path route set.

  3. On the LB details page, scroll to the Resources section and select Path Route Sets.
  4. For the backend set that you want to delete, select the Actions menu and select Delete.

  5. Confirm the Path Route Set deletion.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Load balancer OCID: oci lb load-balancer list

    • Path route set name: oci lb path-route-set list

  2. Run the delete path route set command.

    $ oci lb path-route-set delete --load-balancer-id ocid1.load-balancer.unique_ID \
    --path-route-set-name PathRouteSet1 --force

Listeners

This section describes how to use listeners to check for incoming traffic on the load balancer (LB) IP address.

Creating a Load Balancer Listener

This topic describes how to configure a listener for a load balancer (LB). The listener checks for incoming traffic on the LB IP address. Configure at least one listener per traffic type: HTTP, HTTP/2, HTTPS, and TCP.

Prerequisites

  1. Ensure that your VCN's security rules allow the listener to accept traffic.

  2. Know the traffic protocols that the LB accepts.

    • Using the Compute Web UI: On the LB details page, scroll to the Resources section, and select the Create Listener button. The supported traffic protocols are shown on the Protocol drop-down list.

    • Using the OCI CLI: oci lb protocol list -c compartment_OCID

  3. If the LB accepts HTTPS traffic, and you plan to select HTTPS, create a certificate and cipher suite for use in SSL configuration. See Adding a Load Balancer Certificate and Creating a Load Balancer SSL Cipher Suite.

  4. At least one backend set must exist for this LB.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to create the listener.

  3. On the LB details page, scroll to the Resources section, and select Listeners.

  4. Select the Create Listener button.

  5. Enter the following information. Name, protocol, port, and backend set are required. Other parameters, such as hostnames, path route sets, SSL certificate, and cipher suites can be added later.

    • Name: Enter a descriptive name for the Listener. The name must be unique and cannot be changed.

    • Protocol: Select the protocol to listen for (HTTP, HTTP/2, HTTPS, TCP) from the drop-down list.

      If you select HTTP/2, HTTPS, or TCP, an SSL section appears at the bottom of the dialog, after Idle Timeout in Seconds.

    • Port: A default port value, depending on the protocol you selected, is preselected. Use the up or down arrows to change the port value, or enter a value between 1 and 65,535.
    • Backend Set: Select a backend set from the list.

    • Hostnames: Select a hostname from the list.

    • Path Route Set: Select a path route set from the list.

    • Idle Timeout in Seconds: Use the up or down arrows to change the idle timeout value, or enter a value greater than or equal to 1.
    • SSL: This item appears if you select HTTP/2, HTTPS, or TCP for protocol.

      • Use SSL: For HTTP/2 and HTTPS protocols, this box is prechecked and cannot be unchecked. For TCP protocol, this box is not checked. If you check this box, the following parameters appear, just as they do if you selected HTTP/2 or HTTPS protocol.

        Checking this box enables SSL handling for this listener. The following settings are required to associate an SSL certificate bundle with the listener to enable SSL handling.

      • Certificates: Select a certificate from the list.

      • Verify peer certificate: Check this box to enable peer certificate verification.

      • TLS Version: Select at least one TLS version.

      • Cipher Suite: Select a cipher suite from the list. The cipher suite details are shown below the list.

  6. Select the Create Listener button in the dialog.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the create listener command.

    Syntax:

    oci lb listener create --default-backend-set-name backend-set-name \
    --load-balancer-id load-balancer_OCID \  
    --name listener-name --port listener-port \
    --protocol listener-protocol  

    Option values:

    backend-set-name - The name of the associated backend set.

    load-balancer_OCID - The OCID of the load balancer on which to add a listener.

    listener_name - A user-friendly name for the listener. It must be unique and it can't be changed.

    listener-port - The communication port number for the listener.

    listener-protocol - The protocol on which the listener accepts connection requests.

    Example:

    This example shows only required parameters. Other parameters, such as hostnames, path route sets, SSL certificate, and cipher suites can be added later. Use the -h option for more information.

    $ oci lb listener create --default-backend-set-name PublicLB1-Backend-Set \
    --load-balancer-id ocid1.loadbalancer.unique_ID \  
    --name LB1-Listener --port 80 --protocol HTTP  
    
    {
     "opc-work-request-id": "ocid1.workrequest.oc1.pca.loadbalancer.unique_ID"
    }

    To view the listener details, use the load-balancer get command. In the following example, most of the command output is omitted to show only the listener details:

    $ oci lb load-balancer get --load-balancer-id ocid1.loadbalancer.unique_ID
    {
      "data": {
        ...
        "listeners": {
          "LB1_Listener": {
            "connection-configuration": {
              "backend-tcp-proxy-protocol-version": null,
              "idle-timeout": 60
              },
            "default-backend-set-name": "PublicLB1-Backend-Set",
            "hostname-names": null,
            "name": "LB1_Listener",
            "path-route-set-name": null,
            "port": 80,
            "protocol": "HTTP",
            "routing-policy-name": null,
            "rule-set-names": null,
            "ssl-configuration": null
            }
          },
        ...
        },
      "etag": "9326dbb5-d842-4975-9cfb-ced7717e92d6"
    }

Editing a Load Balancer Listener

This topic describes how to change load balancer (LB) listener properties, such as the listener communication port used.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to modify a backend set.

  3. On the LB details page, scroll to the Resources section and select Listeners.
  4. For the LB listener that you want to edit, select the Actions menu, and select the Edit option.

  5. In the Edit Listener dialog, you can change anything except the name of the listener.

  6. Select the Save Changes button to update the LB Listener properties.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the update listener command.

    Syntax:

    oci lb listener update --default-backend-set-name default-backendset-name \ 
    --listener-name listener-name --load-balancer-id loadbalancer_OCID\
    --port port-integer --protocol protocol-text

    Option values:

    default-backendset-name - The name of the associated backend set.

    listener-name - The name of the listener to update.

    loadbalancer_OCID - The OCID of the load balancer associated with the listener to update.

    port-integer - The communication port for the listener.

    protocol-text - The protocol on which the listener accepts connection requests.

    Example:

    $ oci lb listener update --default-backend-set-name PublicLB1-Backend-Set \
    --listener-name LB1_Listener --load-balancer-id ocid1.loadbalancer.unique_ID \
    --port 80 --protocol HTTP

    To view the listener details, use load-balancer get. See Creating a Load Balancer Listener.

Deleting a Load Balancer Listener

This topic describes how to delete a load balancer (LB) listener.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to delete a listener.

  3. On the LB details page, scroll to the Resources section and select Listeners.
  4. For the listener that you want to delete, select the Actions menu, and select the Delete option.

  5. Confirm the operation when prompted.

Using the OCI CLI

  1. Get the LB OCID: oci lb load-balancer list

  2. Run the delete listener command.

    $ oci lb listener delete --load-balancer-id ocid1.loadbalancer.unique_ID \
    --listener-name LB1-Listener --force

Health Checks

A load balancer (LB) backend set health check is a test to confirm the availability of LB backend servers. A health check can be a request or a connection attempt. The LB applies the health check policy, based on a configured time interval, to monitor the backend server set. If a server fails the health check, then the LB takes the server temporarily out of the balancing rotation. If the server later passes a subsequent health check, then the LB returns that backend server to the balancing rotation.

The health status of the specified backend set server is reported by the primary and standby load balancers.

Health checks are configured when you create a backend set. See Creating a Load Balancer Backend Set. This section describes how to view and update health check configuration.

For more information, including how to diagnose misconfigurations, see "Load Balancer Health Checks" in "Backend Configuration" in the Load Balancing Overview chapter of the Oracle Private Cloud Appliance Concepts Guide.

Viewing Health Status and Health Check Configuration

This topic describes how to view the overall health of a load balancer (LB) and backend set of servers and the specific health checker configuration values set for the backend set.

Overall Health

  • Critical

  • Warning

  • Incomplete

  • Pending

  • OK

Health Checker Configuration Parameters

  • Protocol - HTTP or TCP

  • Port - The backend server port against which to run the health check

  • Interval In Milliseconds - Time between health checks

  • Timeout In Milliseconds - Maximum time to wait for the health check response

  • Number of Retries - The number of retries to attempt before a backend server is considered "unhealthy"

  • Status Code (HTTP only) - The code a healthy backend server should return

  • URL Path (HTTP only, Optional) - The path against which to run the health check

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to view health status and configuration.

    On the LB details page, the Overall Health of the LB is shown in the second column of the Load Balancer Information tab.

  3. On the LB details page, scroll to the Resources section and select Backend Sets.

  4. Select the name of the backend set for which you want to view health status and configuration.

    On the backend set details page, the Overall Health of the servers in the backend set is shown in the first column of the Backend Set Information tab.

  5. On the backend set details page, select the Backend Set Configuration tab.

    All health check configuration parameters listed at the beginning of this section are shown in the Health Checker Configuration column.

  6. On the backend set details page, scroll to the Resources section and select Backends.

    The overall health of each backend server is shown in the Overall Health column in the middle of the table.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • Compartment OCID: oci iam compartment list

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. List the health statuses for all load balancers in the specified compartment.

    $ oci lb load-balancer-health list --compartment-id compartment_OCID
  3. Show the health status for the specified load balancer.

    $ oci lb load-balancer-health get --load-balancer-id loadbalancer_OCID
  4. Show the health status for the specified backend set.

    $ oci lb backend-set-health get --load-balancer-id loadbalancer_OCID \
    --backend-set-name backendset_name
  5. Show the health status of the specified backend server.

    $ oci lb backend-health get --load-balancer-id loadbalancer_OCID \
    --backend-set-name backendset_name --backend-name backend_name

    The backend_name is the IP address and port of the backend server to retrieve the health status for, such as 10.0.0.3:8080.

  6. Show the health check policy information for the specified load balancer and backend set.

    $ oci lb health-checker get --load-balancer-id loadbalancer_OCID \
    --backend-set-name backendset_name

    All health check configuration parameters listed at the beginning of this section are shown.

Editing Backend Set Health Check Configuration

This topic describes how to change load balancer (LB) backend set health check configuration.

Using the Compute Web UI

  1. Open the Navigation menu, select Networking, and select Load Balancers.

  2. Select the name of the LB for which you want to edit backend set health check parameters.

  3. On the LB details page, scroll to the Resources section and select Backend Sets.

  4. For the backend set that you want to modify, select the Actions menu, and select the Edit option.

    In the Edit Load Balancer Backend Set dialog, you can modify all health check configuration parameters listed at the beginning of Viewing Health Status and Health Check Configuration.

  5. Select Update Backend Set to save the changes.

Using the OCI CLI

  1. Gather the information you need to run the command:

    • LB OCID: oci lb load-balancer list

    • Backend set name: oci lb backend-set list

  2. Update the health check policy for the specified load balancer and backend set.

    Syntax:

    ci lb health-checker update --load-balancer-id loadbalancer_OCID \
    --backend-set-name backendset_name --interval-in-millis integer \ 
    --port integer --protocol [HTTPS | TCP] --retries integer \
    --return-code integer --timeout-in-millis integer

    Example:

    $ oci lb health-checker update --load-balancer-id ocid1.loadbalancer.uniqueID \
    --backend-set-name BackendSet1 --interval-in-millis 10000 \
    --port 8080 --protocol HTTPS --retries 3 --return-code 200 \
    --timeout-in-millis 3000 --url-path /healthcheck