Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Use the Public OCI Flexible Network Load Balancer to Expose your Webserver Pool to the Internet

Introduction

In this tutorial, we will describe how to set up three Oracle Cloud Infrastructure (OCI) instances that will act as a webserver. These webservers will all be connected to a private subnet and will be made reachable from the internet using an OCI Flexible Network Load Balancer. The network load balancer will not only make the websites available through the internet but will also balance the load of the incoming connections to these three OCI Compute instances.

Objectives

• We will create three OCI Compute instances that will act as a webserver and attach these to a private subnet. Then we will create an OCI Flexible Network Load Balancer that is accessible from the internet. With this, the OCI Flexible Network Load Balancer will balance the load based on the 5-tuple load balancing policy to the OCI Compute instances. We will also do some extensive testing by bringing down two of the three OCI Compute instances and verify if the OCI Flexible Network Load Balancer can detect this and act as expected.

  

  • Task 1: Create a new virtual cloud network (VCN).

  • Task 2: Create a new public subnet and private subnet.

  • Task 3: Create three new OCI Compute instances.

  • Task 4: Create a new OCI Flexible Network Load Balancer.

  • Task 5: Test the new OCI Flexible Network Load Balancer.

Task 1: Create a new Virtual Cloud Network (VCN)

We already have a VCN created but if you still need to create a new VCN, follow the tutorial: Create a New VCN with IPv6 Enabled.

Click the hamburger menu from the upper left corner. Click Virtual Cloud Networking to verify if the virtual cloud network exists.

Task 2: Create a new Public Subnet and Private Subnet

We already have a public and private subnet created but if you still need to create new subnets, follow the tutorials: Create a new Public Subnet with IPv6 Enabled and Create a Private Subnet inside the VCN.

• Click the VCN to review the subnets.

  

  1. Inside this VCN, we have a public and private subnet available.
  2. Click the hamburger menu from the upper left corner to navigate to the OCI instances.

  

We will connect OCI Compute instance to the public subnet and OCI Database to the private subnet.

Task 3: Create Three new OCI Compute Instances

• Click Instances to create three new OCI Compute instances.

  

• To create the first instance, click Create Instance.

  

  1. Enter the Name of the instance.
  2. Scroll down.

  

• Click Change Image.

  Note:

  • We are deploying a custom image because the instance that we are deploying needs to have a webserver installed. In the previous tutorial we have already created an instance where we have installed the NGINX webserver with PHP and created a custom image based on this instance so that we do not have to install NGINX with PHP on three separate instances. For more information, see Use Oracle Cloud Infrastructure to Publish a Webserver Accessible from the Internet with IPv6.

  • To install the NGINX webserver with PHP, see Task 6: Install a Webserver on Instance.

  

  1. Click My Images.
  2. Scroll down.

  

  1. For this tutorial, we will select a custom image that we have created before that has the NGINX webserver with PHP pre-installed.
  2. Click Select Image.

  

  1. Review the selected custom image.

  2. Scroll down.

     Note:

     • If you do not have any custom image feel free to select the Oracle Linux 8 image.

     • To manually install NGINX and PHP, see Task 6: Install a Webserver on Instance.

     • To install the custom webpage for testing purposes, see Task 8: Create a Custom Website with NGINX and PHP.

  

  1. For the Primary network, select Select existing virtual cloud network.
  2. Select the VCN created in Task 1.
  3. For the private subnet, select Select existing subnet.
  4. Select the subnet created in Task 2.
  5. Scroll down.

  

  1. For the Private IPv4 address, select Automatically assign private IPv4 address.
  2. Scroll down.

  

• For this tutorial, we will use existing SSH keys. If you do not have any existing keys you can select Generate a key pair for me.

  1. Select Upload public key files (.pub).
  2. Click Browse and select the public key that is already available.
  3. Make sure the .pub SSH key is selected.
  4. Scroll down.

  

• Click Create.

  

• When the first OCI Compute instance is created repeat the steps another two times to create two additional instances. So, the result should be that three OCI instances are running.

  1. Make sure the first OCI Compute instance is running. For this tutorial, it is IH-WEBSERVER-01.
  2. Make sure the second OCI Compute instance is running. For this tutorial, it is IH-WEBSERVER-02.
  3. Make sure the third OCI Compute instance is running. For this tutorial, it is IH-WEBSERVER-03.
  4. Click the hamburger menu from the upper left corner to navigate to the network load balancers.

  

We have three webservers with a private IP address assigned.

Webserver and website on instances

For this tutorial, we have deployed a custom image and this image already has a webserver with NGINX and PHP installed. If you select to deploy a new vanilla Oracle Linux image, you need to install NGINX with PHP and the custom webpage manually. This is required to test the network load balancer. If you do not have any custom image feel free to select the Oracle Linux 8 image.

• To manually install NGINX and PHP, see Task 6: Install a Webserver on Instance.

• To create the custom webpage for testing purposes, see Task 8: Create a Custom Website with NGINX and PHP. Make sure you do this on all three OCI Compute instances.

Task 4: Create a new OCI Flexible Network Load Balancer

• We have OCI Compute instances created. Let’s create a new network load balancer.

  1. Click Networking.
  2. Click Network load balancer.

  

• Click Create network load balancer.

  

• In Create network load balancer, enter the following information.

  1. Enter the Load balancer name.
  2. Select Public for the visibility type as we want this network load balancer to be reachable from the internet.
  3. Select Ephemeral IPv4 address as the public IP address.
  4. Click Next.

  

  1. Select the VCN created in Task 1.
  2. Select the public subnet created in Task 2.
  3. Click Next.

  

• In Configure listener, enter the following information.

  1. Enter the Lister name.
  2. Select TCP for the type of traffic that the network load balancer needs to listen to.
  3. Select Specify the port and specify port 80 as we want the network load balancer to listen on TCP port 80 for incoming connections.
  4. Click Next.

  

• In Configure backend, enter the following information.

  1. Enter the Backend set name.
  2. Click Add backends.

  

  1. Make sure the first OCI Compute instance is selected with the correct port. We will keep default Weight for now.
  2. Click + Another backend.
  3. Make sure the second OCI Compute instance is selected with the correct port. We will keep default Weight for now.
  4. Make sure the third OCI Compute instance is selected with the correct port. We will keep default Weight for now.
  5. Click Add backends.

  

  1. Review the backends.
  2. Click Next.

  

• In the Specify health check policy section, enter the following information.

  1. Select HTTP as the Protocol to use for checking the backend servers.
  2. Select port 80 as the Port to use for checking the backend servers.
  3. Click Next.

  

  1. Review the Load balancer details and the Listener details.
  2. Scroll down.

  

  1. Review the Backend set details.
  2. Scroll down.

  

  1. Review the Health check policy.
  2. Click Create network load balancer.

  

• When the network load balancer is created the status will start with CREATING.

  

  1. After a few minutes the status will be changed to ACTIVE.
  2. As the health check policy still needs to kick in it may be that the overall health is started with the Unknown status.
  3. The same goes for the backend set health that may start with the Unknown status.

  

  1. After sometime the overall health is set to OK.
  2. The backend set health is also set to OK.
  3. Make a note of the public IP address that is assigned to the network load balancer.

  

We have built the setup shown in the following image.

Task 5: Test the new OCI Network Load Balancer

• We have created all three OCI instances and the network load balancer. It is time to test the network load balancer.

  1. Open the browser and enter the public IP address of the network load balancer.
  2. Notice the public client IP address that we are browsing from.
  3. Notice the private server IP address which is the IP address of one of the OCI Compute instances.

  

• Select the algorithm that is used for the OCI Compute instance.

  1. Scroll down
  2. Notice that the default Load balancing policy is set to 5-tuple-hash.
  3. To change this or review the other options, click the three dots.
  4. Click Edit.

  

  1. Notice that the 5-tuple-hash is selected.
  2. Click Cancel.

  

• Go back to the browser.

  1. Click the refresh icon.
  2. Notice that the private server IP address which is the IP address of one of the OCI Compute instances has been changed from 10.0.2.140 to 10.0.2.7. This confirms that the network load balancer is working.

  

  The visual representation of the path that is taken.

  

  1. Open the browser in private or incognito mode.
  2. Browse to the public IP address of the network load balancer.
  3. Notice that the private server IP address which is the IP address of one of the OCI Compute instances has been changed from 10.0.2.7 to 10.0.2.140.

  

  The visual representation of the path that is taken.

  

  1. Click the refresh icon.
  2. Notice that the private server IP address which is the IP address of one of the OCI Compute instances has been changed from 10.0.2.140 to 10.0.2.150.

  

  The visual representation of the path that is taken.

  

• Let’s do one final test and bring down two OCI Compute instances.

  1. Click the hamburger menu from the upper left corner
  2. Click Instances.

  

  1. Select the first OCI Compute instance.
  2. Select the second OCI Compute instance.

  

  1. Click Actions.
  2. Click Stop.

  

• Click Stop.

  

  The stop is being processed.

  

• Click Close.

  

  1. Notice that the first OCI Compute instance is stopped.
  2. Notice that the second OCI Compute instance is stopped.
  3. Notice that the third OCI Compute instance is still running.

  

  The visual representation of the OCI Compute instances.

  

  1. Click the hamburger menu from the upper left corner.
  2. Click Networking.
  3. Click Network load balancer.

  

  1. Review the Overall health, the status is Critical.
  2. Click the network load balancer.

  

  1. Review the Overall health, the status is Critical.
  2. Review the Backend sets health, the status is Critical.
  3. Scroll down.

  

  1. Review the Overall health, the status is Critical.
  2. Click the backend set.

  

  1. Review the Overall Health, the status is Critical.
  2. The Backend health has 2 next to Critical and this corresponds with the OCI Compute instances that have gone down.
  3. The 1 that is OK is the only OCI Compute instance that is still up.
  4. Click Backends.

  

  1. Notice that the first OCI Compute instance has Critical health.
  2. Notice that the second OCI Compute instance has Critical health.
  3. Notice that the third OCI Compute instance has OK health.

  

  1. Refresh the webpage.
  2. Notice the private server IP address which is the IP address of the only OCI compute instance that is up.

  

  The visual representation of the path that is taken.

  

  1. Go back to the instance page.
  2. Select the first OCI Compute instance.
  3. Select the second OCI Compute instance.
  4. Click Actions.
  5. Click Start.

  

• Click Start.

  

  The start is being processed.

  

• Click Close.

  

  Notice that the first and second OCI Compute instances are running again.

  

  1. Go back to the network load balancer page.
  2. Review the Overall health, the status is OK.
  3. Click the network load balancer.

  

  1. Review the health, the status is OK.
  2. Review the Backend set health, the status is OK.
  3. Click Backend sets.

  

  1. Review the health, the status is OK.
  2. Click the backend set.

  

  1. Review the Health, the status is OK.
  2. The 3 that is OK is the only OCI Compute instance that is up.
  3. Click Backends.

  

Notice that all OCI Compute instances have OK health.

Acknowledgments

• Author - Iwan Hoogendoorn (OCI Network Specialist)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Use the Public OCI Flexible Network Load Balancer to Expose your Webserver Pool to the Internet

F94477-01

March 2024

Copyright ©2024,

Oracle and/or its affiliates.