Note:

• This tutorial is available in an Oracle-provided free lab environment.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Deploy HA applications using load balancers

Introduction

In this lab you will deploy web servers on two compute instances in Oracle Cloud Infrastructure (OCI), configured in High Availability mode by using a Load Balancer.

OCI Load Balancing Service

The Load Balancing Service provides automated traffic distribution from one entry point to multiple servers within your Virtual Cloud Network (VCN). The service offers a Public load balancer with a public IP address, provisioned bandwidth, and high availability. The Load Balancing Service provisions the public IP address across two subnets within a VCN to ensure accessibility even during an Availability Domain outage.

Prerequisites

• Make sure you have credentials handy to sign in to Oracle Cloud
• This tutorial assumes you know how to generate SSH keys on Oracle Cloud Infrastructure

Create a Virtual Cloud Network

1. Sign in to Oracle Cloud Infrastructure Console using your cloud tenant name, user name, and password.

2. From the OCI services menu, click Virtual Cloud Networks under Networking. Choose the appropriate compartment from the drop down menu on left part of the screen under Networking and click Start VCN Wizard.

   Note: Ensure that the correct compartment is selected under COMPARTMENT list.

3. Choose VCN with Internet Connectivity and click Start Workflow.

4. Fill out the dialog box and click Next:

   • VCN NAME: Provide a name
   • COMPARTMENT: Ensure your compartment is selected
   • VCN CIDR BLOCK: Provide a CIDR block (10.0.0.0/16)
   • PUBLIC SUBNET CIDR BLOCK: Provide a CIDR block (10.0.1.0/24)
   • PRIVATE SUBNET CIDR BLOCK: Provide a CIDR block (10.0.2.0/24)

5. Verify all the information and click Create.

   This will create a VCN with following components: VCN, Public subnet, Private subnet, Internet gateway (IG), NAT gateway (NAT), and Service gateway (SG).

6. Click View Virtual Cloud Network to display your VCN details.

Create Two Compute Instances and Install a Web Server

1. Switch to the OCI console. From the OCI services menu, click Instances under Compute.

2. Click Create Instance. Fill out the dialog box:

   • Name your instance: Enter a name
   • Choose an operating system or image source: For the image, we recommend using the Latest Oracle Linux available
   • Availability Domain: Select availability domain
   • Instance Shape: Click change shape if you want to use a different shape from the default one

   Under Configure Networking

   • Virtual cloud network compartment: Select your compartment
   • Virtual cloud network: Choose the VCN
   • Subnet Compartment: Choose your compartment
   • Subnet: Choose the Public Subnet under Public Subnets
   • Use network security groups to control traffic: Leave un-checked

   • Assign a public IP address: Check this option

     

   • Boot Volume: Leave the default
   • Add SSH Keys: Choose ‘Paste SSH Keys’ and paste the Public Key you created in Cloud Shell earlier. Ensure that when you are pasting, that you paste one line.

   Note The tutorial instruction places the instances on a public subnets to simplify SSH access to them. In a more secure environment, they should be placed on private subnets and accessed throug a bastion server or VPN connection.

3. Click Create.

   Note: If a ‘Service limit’ error is displayed, choose a different shape from VM.Standard2.1, VM.Standard.E2.1, VM.Standard1.1, VM.Standard.B1.1, or choose a different AD.

4. Repeat steps 1 - 3 to launch a second Compute instance and note down its public IP address.

5. Wait for the instances to be in Running state.

6. Launch the Cloud Shell if it is not running. When running, enter the command below:

   cd .ssh
   

7. Enter ls and verify that your key file exists.

8. SSH to the first compute instance. Enter command:

   bash ssh -i <<sshkeyname>> opc@<PUBLIC_IP_OF_COMPUTE_1>
   

   Note: User name is opc if you used the Oracle Linux image..

   Hint: If a ‘Permission denied’ error is seen, ensure that you are using -i in the SSH command. You MUST type the command; do NOT copy and paste the SSH command.

9. Enter ‘Yes’ when prompted for security message.

   

10. Verify that opc@<COMPUTE_INSTANCE_NAME> appears on the prompt.

11. Open up a second tab of Oracle Cloud. Launch a second cloud shell window using the steps above and connect via SSH into the second compute instance (using the same steps as above).

    Hint: Ensure to use the IP address of the second compute instance in the SSH command.

12. Go back to the first tab cloud shell for the first compute instance and install a Web server using the commands below:

    Install Apache HTTP Server:

    sudo yum -y install httpd
    

    Open port 80 on the firewall to allow http and https traffic:

    sudo firewall-cmd --permanent  --add-port=80/tcp
    

    Note: --add-port flag has no spaces.

    Reload the firewall to activate the rules:

    sudo firewall-cmd --reload
    

    Start the web server:

    sudo systemctl start httpd
    

    Change the user privileges (root):

    sudo -i
    

    Create index.html file. The content of the file will be displayed when the web server is accessed:

    echo 'WebServer1' >>/var/www/html/index.html
    

13. Bring up the SSH session for the second Compute instance and repeat commands:

    Install Apache HTTP Server:

    sudo yum -y install httpd
    

    Open port 80 on the firewall to allow http and https traffic:

    sudo firewall-cmd --permanent  --add-port=80/tcp
    

    Note: The --add-port flag has no spaces.

    Reload the firewall to activate the rules:

    sudo firewall-cmd --reload
    

    Start the web server:

    sudo systemctl start httpd
    

    Change the user privileges (root):

    sudo -i
    

    Create the index.html file. The content of the file will be displayed when the web server is accessed:

    echo 'WebServer2' >>/var/www/html/index.html
    

14. Switch back to OCI console window.

We now have two compute instances with Web servers installed and a basis index.html file. Before we create the load balancer, we will need to create a new security list, route table, and subnet that the load balancer will use.

Load balancers should always reside in different subnets than your application instances. This allows you to keep your application instances secured in private subnets, while allowing public Internet traffic to the load balancers in the public subnets.

Create a Security List, Route Table, and Additional Subnets

In this section, we will create a new security list. This security list will be used by the load balancer (that will be created later on). This will ensure all traffic to the two web servers is routed properly.

1. From the OCI services menu, click Virtual Cloud Networks under Networking. This displays the list of VCNs in the current compartment.

   Hint: If there are multiple networks, scroll down to locate the one you just created.

2. Click on your VCN name, click Security Lists and then Create Security List. You will be creating a new security list.

   • CREATE IN COMPARTMENT: Select the compartment assigned to you (if not already selected).
   • SECURITY LIST Name: Specify a name (for example, LB Security List).
   • Click Create Security List

3. Verify that the new security list got created.

   We now have a Security List that will be used by the load balancer. Next we will create a Route table that will be used by two new subnets (that will be used by the load balancer, once created).

4. Click on Security Lists under Resources.

5. To create a new route table, click Route Tables and then click Create Route Table. Fill out the dialog box:

   • Name: Enter a name (for example, LB Route Table).
   • Create in Compartment: This field defaults to your current compartment. Make sure that the correct compartment is selected.

Click +Another Route Rules

• Target Type: Select Internet Gateway
• Destination CIDR Block: 0.0.0.0/0
• Compartment: Make sure that the correct compartment is selected

• Target Internet Gateway: Select the Internet gateway for your VCN.

  

1. Click Create Route Table.

2. Ensure that the new route table appears in the list (under Create Route Table).

   We now have a route table that allows all traffic. Next we will attach this route table to two new subnets that we will create (this subnet will be used by the load balancer).

3. Create Load Balancer subnet. If you’re not on your VCN details page, go to that page and create subnet.

4. Click Subnets.

5. Click Create Subnet. Fill out the dialog box:

   • Name: Enter a name (for example, LB-Subnet)
   • Subnet Type: Regional
   • CIDR Block: Enter 10.0.4.0/24
   • Route Table: Select the Route Table you created earlier
   • Subnet access: select Public Subnet
   • DHCP Options: Select the default
   • Security Lists: Select the Security List you created earlier

6. Leave all other options as default and click Create Subnet.

Create a Load Balancer and Update the Security List

When you create a load balancer, you choose its shape (size) and you specify the subnet (created earlier) from different Availability Domains. This ensures that the load balancer is highly available and is active only in one subnet at a time.

1. From the OCI services menu, click Load Balancers under Networking.

2. Click Create Load Balancer. Fill out the dialog box:

   Under Add Details

   • LOAD BALANCER NAME: Enter a name for your load balancer
   • CHOOSE VISIBILITY TYPE: Public
   • CHOOSE THE MAXIMUM TOTAL BANDWIDTH: Small, 100 Mbps (this specifies the bandwidth of the load balancer)

   Note: Shape cannot be changed later.

   • VIRTUAL CLOUD NETWORK: Choose your Virtual Cloud Network

   • SUBNET: Choose the Regional Subnet we created (10.0.4.0 in this lab)

     

   Under Choose Backends

   • SPECIFY A LOAD BALANCING POLICY: Weighted Round Robin
   • Click Add Backend and choose the two backend compute instance created earlier

   Specify Health Check Policy

   • PROTOCOL: HTTP
   • Port: Enter 80
   • URL PATH (URI): /

   Leave other options with the default values

   Under Configure Listener

   • SPECIFY THE TYPE OF TRAFFIC YOUR LISTENER HANDLES: HTTP
   • SPECIFY THE PORT YOUR LISTENER MONITORS FOR INGRESS TRAFFIC: 80

   Leave other options with the default values

3. Click Submit.

4. Wait for the load balancer to become active and then note down it’s public IP address.

   We now have a load balancer that will manage the subnet we created earlier.

5. From the OCI services menu, click Virtual Cloud Networks under Networking. Locate the VCN you created.

6. Click the VCN name to display in the VCN detail page.

7. Click Security Lists, and locate the load balancer security list created earlier.

8. Click the load balancer security list you created earlier and click Add Ingress Rule.

   Click +Additional Ingress Rule and enter the following ingress rule; Ensure to leave the STATELESS flag un-checked:

   • Source Type: CIDR
   • Source CIDR: Enter 0.0.0.0/0
   • IP Protocol: Select TCP
   • Source Port Range: All
   • Destination Port Range: Enter 80 (the listener port)

9. Click Add Ingress Rule.

10. Click Egress Rule under Resources. Click Add Egress Rule then click +Additional Egress Rule and enter the following Egress rule; Ensure to leave the STATELESS flag un-checked:

    • Destination Type: CIDR
    • Destination CIDR: 0.0.0.0/0
    • IP Protocol: Select TCP
    • Destination Port Range: All

11. Click Add Egress Rule.

12. Click Security Lists and locate the default security list of the VCN. Click Add Ingress Rule.

    Click +Additional Ingress Rule and add the two below rules for Ingress; Ensure to leave the STATELESS flag un-checked:

    First Rule

    • Source Type: CIDR
    • Source CIDR: 10.0.4.0/24
    • IP Protocol: Select TCP
    • Source Port Range: All
    • Destination Port Range: 80

13. Click +Additional Ingress Rule and enter the following Ingress rule; Ensure to leave the STATELESS flag un-checked:

    Second Rule

    • Source Type: CIDR
    • Source CIDR: 10.0.5.0/24
    • IP Protocol: Select TCP
    • Destination Port Range: 80

14. Click Add Ingress Rule.

We now have the set-up configured with two compute instances running http server with a index.html file and a load balancer with all relevant policies and components.

We will now test the load balancer functionality (load balance using round robin). In case one of the http server in High Availability configuration is un-available, Load Balancer will automatically route the traffic to the available http server.

Note: Be sure to take note of the “Health” field in the Networking > Load Balancers dashboard. If the health is “Critical,” the load balancer may not work as intended, and the best course of action may be to create a new one. This is likely the result of something being mis-configured, and it should only happen rarely.

Verify High Availability of HTTP Servers

In this section, we will access the two web servers configured earlier using Load Balancer’s Public IP address and demonstrate Load Balancer’s ability to route traffic on round robin basis (per the policy configured). In case one of the web server becomes un-available, the web content will be available via the second server (High Availability).

1. Open a web browser and enter load balancer’s public IP address.

2. Verify the text in index.html file on the two servers (WebServer1, WebServer2) displayed.

3. Refresh the browser multiple times and observe the load balancer balancing traffic between the two web servers.

   

   Note: In case one of the server goes down, the application will be accessible via the load balancer’s public IP address.

This tutorial is not intended to test failover and recovery of backend servers. Troubleshooting issues encountered is out of scope of this tutorial.

Delete the Resources

Note: You can ignore this section if you’re using Oracle’s free tenancy. If you’re trying these steps in your own tenancy, then deleting the resources is optional.

Delete the load balancer and its associated components:

1. From the OCI services menu, click Load Balancers under Networking. Click your load balancer name.

2. Click Terminate.

3. Click OK in the confirm window. Wait for the termination to be completed.

   

4. From the OCI services menu, click Instances under Compute.

5. Locate first compute instance and click on its name. Click on the More Actions button and then select Terminate.

6. Make sure Permanently delete the attached Boot Volume is checked and click Terminate Instance. Wait for the termination to be completed.

7. Repeat steps 5 and 6 to delete the second compute instance.

8. From the OCI services menu, click Virtual Cloud Networks under Networking. A list of all VCNs will appear.

9. Locate your VCN. Click the Action icon and then click Terminate. Click Delete All in the confirmation window. Click Close once the VCN is deleted.

   

Acknowledgements

• Authors - Flavio Pereira, Larry Beausoleil
• Contributors - Yaisah Granillo (Cloud Solution Engineer), Kay Malcolm, Orlando Gentil

Learn More

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Deploy HA applications using load balancers

F36280-03

March 2021

Copyright © 2021, Oracle and/or its affiliates.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.