Creating load balancers
Limitations
- The forwarding rule and protocol cannot be changed after the load balancer pool is added.
-
If an IPv6 subnet where a load balancer will operate works in the SLAAC or DHCPv6 stateless mode, the load balancer will receive an IPv6 address automatically.
Prerequisites
- A network where a load balancer will operate has IP management enabled.
- All VMs that will be added in balancing pools have fixed IP addresses.
To create a load balancer with balancing pools
- On the Load balancers screen, click Create load balancer.
-
In the Create load balancer window, do the following:
-
Specify a name and, optionally, description.
A description should not contain any personally identifiable information or sensitive business data.
- Enable or disable high availability:
- With high availability enabled, two load balancer instances will be created. They will work in the Active/Standby mode according to the Virtual Router Redundancy Protocol (VRRP).
- With high availability disabled, a single load balancer instance will be created.
-
Select a flavor for the load balancer:
- If high availability is enabled, you can only choose between load balancer flavors that will create two instances, one active and one standby. If the active instance becomes unhealthy, the instance automatically fails over to the standby instance, making it active.
- If high availability is disabled, you can only choose between load balancer flavors that will create a standalone instance.
-
-
In the Network settings section, select the network that the load balancer will operate in and, optionally, specify an IP address that will be allocated to the load balancer.
-
In the Balancing pools section, create a balancing pool to forward traffic from the load balancer to virtual machines by clicking Add. In the Create balancing pool window that opens, do the following:
-
In the Forwarding rule section, select a forwarding rule from the load balancer to the backend protocol:
-
With the HTTPS -> HTTPS rule
- Specify ports for incoming and destination connections.
- Ensure that all virtual machines have the same SSL certificate (or a certificate chain).
-
Enable the PROXY protocol version 1 to add a human-readable header with connection information (the source IP address, destination IP address, and port numbers) as a part of the request header.
-
With the HTTPS -> HTTP rule
- Specify ports for incoming and destination connections.
- Upload an SSL certificate (or a certificate chain) in the PEM format and a private key in the PEM format.
-
Choose HTTP headers to insert into the request.
-
Enable the TLS encryption to re-encrypt traffic from the load balancer to its members.
-
Enable the PROXY protocol version 1 to add a human-readable header with connection information (the source IP address, destination IP address, and port numbers) as a part of the request header.
-
With the HTTP -> HTTP rule
- Specify ports for incoming and destination connections.
-
Choose HTTP headers to insert into the request.
-
Enable the TLS encryption to re-encrypt traffic from the load balancer to its members.
-
Enable the PROXY protocol version 1 to add a human-readable header with connection information (source IP address, destination IP address, and port numbers) as a part of the request header.
-
With the TCP -> TCP rule
- Specify ports for incoming and destination connections.
-
Enable the TLS encryption to re-encrypt traffic from the load balancer to its members.
-
With the UDP -> UDP rule
Specify ports for incoming and destination connections.
-
-
In the Balancing settings section, do the following:
-
Select the balancing algorithm:
- Least connections. Requests will be forwarded to the VM with the least number of active connections.
- Round robin. All VMs will receive requests in the round-robin manner.
- Source IP. Requests from a unique source IP address will be directed to the same VM.
-
Select Sticky session to enable session persistence. The load balancer will generate a cookie that will be inserted into each response. The cookie will be used to send future requests to the same VM.
This option is not available in the SSL passthrough mode.
-
-
In the Members section, add members, that is, virtual machines, to the balancing pool by clicking Add. Each VM can be included to multiple balancing pools. In the Add members window that opens, select the desired VMs, and then click Add.
You can select only between VMs that are connected to the chosen network.
-
In the Allowed CIDRs section, specify IP address ranges in the CIDR format that will be allowed to interact with the balancing pool. This will limit incoming traffic to the specified IP addresses, any other incoming traffic will be rejected. For example:
- To limit traffic from the IP address 10.10.10.10, add the /32 suffix: 10.10.10.10/32.
- To limit traffic from the subnet range 10.10.10.0–10.10.10.255, add the /24 suffix: 10.10.10.10/24.
- To limit traffic from the subnet range 10.10.0.0 - 10.10.255.255, add the /16 suffix: 10.10.10.10/16.
-
In the Health monitor section, select the protocol that will be used for monitoring members availability:
- HTTP/HTTPS. The HTTP/HTTPS method GET will be used to check for the response status code 200. Additionally, specify the URL path to the health monitor.
- TCP/UDP. The health monitor will check the TCP/UDP connection on the backend port.
- PING. The health monitor will check members’ IP addresses.
By default, the health monitor removes a member from a balancing pool if it fails three consecutive health checks of five-second intervals. When a member returns to operation and responds successfully to three consecutive health checks, it is added to the pool again. You can manually set the health monitor parameters, such as the interval after which VM health is checked, the time after which the monitor times out, healthy and unhealthy thresholds. To change the default parameters, click Edit parameters, enter the desired values, and then click Save.
- Click Create.
-
-
Add more balancing pools, as described above.
- Click Create.