Create and manage Application Load Balancer

Available in VPC

Application Load Balancer is a load balancer with a more flexible configuration for web applications that use HTTP or HTTPS. It provides a static IP, enables URL-based branching, and provides 3 load balancing algorithms.

Create Application Load Balancer

To create Application Load Balancer:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Click [Create load balancer] > [Create Application Load Balancer].
When the Create load balancer page appears, proceed with these next steps in order:

Note

The 3. Set certificate step appears only when a listener is added in 2. Create load balancer (set listener) step with HTTPS protocol.
If you added listeners only with HTTP protocol, the 3. Set certificate step does not appear. Skip the step and proceed in order.

1. Create load balancer

Enter the information for the Application Load Balancer you want to create, and then click [Next].

Network: Select the network type for the load balancer.
- Private IP: It processes the load balancing from the internal server using a Private IP within VPC. It cannot be accessed from outside VPC.
- Public IP: The Public IP is set to allow calling from outside VPC or the Internet. It processes the load balancing, and you can utilize it by connecting with the domains or CDN services of customers using the random domain provided with the Public IP.
Load processing capacity: Select the size of the load balancer depending on the load processing capacity.
- You can select a Small, Medium, Large, or Extra-large option based on the load processing capacity.
- Each size can handle at least 30,000/60,000/90,000/120,000 loads, respectively, based on connections per second (CPS).
- Due to SSL offloading, HTTPS is expected to have roughly 1/10th of the capacity compared to HTTP, although this can vary based on the authentication key method and size.
Target VPC: Select the VPC to create a load balancer in.
Select subnet: Select the zone and subnet to use to create the load balancer.
Caution
- The selected zone and subnet cannot be changed after the load balancer creation is completed.
- Create and select a dedicated subnet.
- You can only select the subnet included in the VPC you selected from Target VPC.
  - If you select Private IP, you can only select the subnet created with Private Load Balancer Subnet.
  - If you select Public IP, you can only select the Subnet created with Public Load Balancer Subnet.
  - For more information on how to create subnets, see Create subnet.
- You do not need to create separate subnets for each load balancer; however, we recommend using a Class C subnet (255.255.255.0) size.
Public IP: Select a Public IP that you possess or subscribe to a new Public IP.

2. Create load balancer (set listener)

Select the protocol (HTTP/HTTPS) that the basic listener of the load balancer will operate with.
Set up the port to which the basic listener of the load balancer will bind.
Click [Add].
- A listener is added.
- To add multiple listeners, repeat from the step 1 to 3.
- To delete an added listener, click [Delete].
Click [Next].

3. Set certificate

Note

Set certificate appears only when a listener is added with the HTTPS protocol in 2. Create load balancer(set listener).

Select the appropriate certificate for the service from those registered in Certificate Manager.
- If you have no registered certificate, see Certificate Manager user guides to register a certificate.

Note

Only RSA-2048 or higher, or ECDSA P256 public key algorithm certificates are supported.

Select the TLS protocol version at the TLS minimum support version.
- You can select from TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.
Select the cipher suite that the HTTPS listeners will support in Set cipher suite.
- You can select the encryption feature for the load balancer to provide at the encryption negotiation with the client.
- You can select Select All to select all cipher suites available.

Note

TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256 cipher suites are always included.

4. Select target group

Select the target group to apply load balancing and click [Next].

To do this, the target group must be created in advance. If there is no created target group, click [Create target group] to create a target group. (See Create target group)
Among target groups created, only target groups that can be connected are displayed.
- Application Load Balancer can only select a target group created with HTTP or HTTPS protocol.

Caution

The bandwidth of Load Balancer Subnet must be added to ACG of the bound server and NACL as an access source and allowed port.

5. View setting information

View the setting information for the load balancer and click [Create load balancer].

Manage Application Load Balancer

You can change the load balancer, subnet, and listener settings for the created Application Load Balancer and view the monitoring information as a graph.

Note

You can change the server applied to the load balancer in the Target Group menu. For more information, see Set target.

Set Application Load Balancer

To view the setting information and change the settings for the load balancer:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select the load balancer to view or change the setting information for and click [Change load balancer settings].
- The Change load balancer settings popup appears and you can view the setting information of the load balancer.

After applying changes, click [OK].

You can change load processing capacity.
- You can select from the Small, Medium, Large, or Extra-large option based on the load processing capacity.
- Each size can handle at least 30,000/60,000/90,000/120,000 loads, respectively, based on connections per second (CPS).
- Due to SSL offloading, HTTPS is expected to have roughly 1/10th of the capacity compared to HTTP, although this can vary based on the authentication key method and size.
You can change the Idle Timeout.

You can change whether access log collection is enabled.

To change whether access log collection is enabled, click [Settings].
Once you enable access log collection, logs from incoming traffic requests processed by the load balancer are forwarded to Cloud Log Analytics (CLA) for storage. CLA stores up to 100 GB of data for a period of up to 1 month. To store logs permanently, you can enable Auto export settings to save them in Object Storage.
To enable the access log collection, you must first Subscribe to CLA. If you cancel CLA subscription, no further logs will be collected.

The following table describes the fields of access log items in order. All fields are separated by spaces:

Field	Description
HTTP Version	HTTP version Example: HTTP/1.1
client:port	IP address and port of the requested client.
request_processing_time	Duration from the time the client sets a TCP connection to the time the load balancer receives the HTTP request sent by the client (ms).
target_connection_time	Duration that took to set the TCP connection from the load balancer to the Target (ms).
target_response_time	Duration from the time the TCP connection to the Target is established to the time the load balancer receives the HTTP response from the Target (ms).
response_processing_time	Duration of the session, excluding TCP connection time and HTTP request and response processing time (ms)
target_status_code	Target's response status codes.
received_bytes	Request size received from client (Byte).
sent_bytes	Response size returned to client (Byte).
HTTP method	HTTP method Example: GET, POST, and so on.
"request"	Enclosed in double quotes Recorded in host/uri+port format.
"user_agent"	Enclosed in double quotes A user agent strings that identifies the client that sent the request The string consists of one or more product identifiers and product or version information The string is logged up to 8 KB
ssl_cipher	[HTTPS] SSL encryption algorithm If the listener is not HTTPS, it is set to a '-' Example: AES-SHA
ssl_version	[HTTPS] SSL version If the listener is not HTTPS, it is set to a '-' Example: TLS v1
request_creation_time	Time that the load balancer received requests from the client
total_processing_time	The time taken from the completion of the TCP connection between the client and the Load Balancer until the Load Balancer sends an HTTP response to the client, in milliseconds.

Add subnet

Note

When you create a load balancer, you can add a subnet only when you select 1 zone and a subnet.
Once you add a subnet, it cannot be changed.

To add zones and subnets where Application Load Balancer will be placed:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select the load balancer you want to add a subnet to and click [Change subnet].
- The Change Load Balancer Subnet popup appears, and you can view the setting information of the Load Balancer Subnet.
Add zones and subnets and click [OK].

Set listener

You can view the registered listeners on the Change listener settings page and manage them by adding, changing, or deleting listeners and rules.

To move listeners to the Change settings page:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select the load balancer to change the listener settings for and click [Change listener settings].
- When you move to the Change listener settings page, you can view the listeners you set upon creating the load balancer as a default.

Add listener

To add listeners:

Click [Add listener] on the Change listener settings page.
Select the protocol for the listener you want to add.
- If you selected HTTPS, click and select the HTTP/2 check box to enable HTTP/2.
Note

HTTP/2 is the second version of the HTTP protocol developed by Internet Engineering Task Force (IETF). It reduces the load latency for web pages by applying various methods, including HTTP header data compression, server push technology, and multiplexing 1 TCP connection for multiple requests.
Enter the port number that the listener will bind to.
If you selected HTTPS, select the following items:
- Select the appropriate certificate for the service from those registered in Certificate Manager.
- Select the TLS protocol version.
  - You can select from TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.
- Select the cipher suite that the HTTPS listener will support.
  - You can select the encryption feature for the load balancer to provide at the encryption negotiation with the client.
Select the target group the listener's traffic will be forwarded to.
Click [OK].

Change listener

To change listeners:

Click [Change listener] on the Change listener settings page.
See Add listener and apply changes.
Click [OK].

Delete listener

Note

Only if the load balancer is in the Operating status, you can delete a listener.

To delete a listener:

Select the listener you want to delete on the Change listener settings page.
Click [Delete listener].
Review the details in the Delete listener popup and then click [Delete].
- The selected listener is deleted.

View rules

You can view the registered rules on the View/change rules page.

Rules have the following characteristics:

Each rule consists of a conditional clause and action.
You cannot delete the Default rules.
The rules are applied in priority order, and unapplied traffic operates following the Default rules.

To view registered rules:

Select the listener you want to view on the Change listener settings page.
Click [View/change rules].
- Move to the View/change rules page.

Add rules

To add rules:

Select the listener to add rules to on the Change listener settings page and click [View/change rules].
Click [Add rules] on the View/change rules page.
Enter the priority of the rule.
- A number between 1 and 9999 can be entered as the priority.
Select the condition and click [Add].
- For condition types, you can select from Host Header, HTTP Header and Path Pattern.
- The combined values of Host Header, HTTP Header and Path Pattern cannot exceed 50.
  - Host Header
    - You can enter up to 68 characters.
  - HTTP Header
    - The Header name and value are not case sensitive.
    - The Header name can be up to 40 characters long, while the Header value can be up to 128 characters long.
    - You can enter letters, numbers, hyphens, and underscores for the Header name.
    - You are restricted from entering a reserved word ("host") for the Header name.
    - All characters, except for ASCII control characters (0x00 to 0x1f and 0x7f) are allowed for the Header value. (Note that ? and * are applied as wild cards.)
    - You can enter up to 5 values for each Header name.
  - Path Pattern
    - You can enter up to 128 characters for Path Pattern.
Enter the condition and click [Add].
- Each conditional clause is operated as And.
- Each conditional clause of the Host Header and Path Pattern conditions is operated as Or.
- Example: If you add aaa.com and bbb.com to Host Header's conditional clause and add /ccc and /ddd to the Path Pattern's conditional clause, the final condition for the rule to act becomes (aaa.com or bbb.com) and (/ccc or /ddd).
Set the action.
- You can only select 1 type between Target Group and Redirection for the action type.
- If the action is a Target Group type, you can designate multiple target groups and assign weights to them.
  - Example: If you assign a weight of 10 to TestTG01 and 90 to TestTG02, traffic will be distributed in a 1:9 ratio.
- If the action is a Redirection type, all requests that match the conditions are forwarded to another URL.
  - For Status Code (ResponseCode), both 301 and 302 are available.
  - You can perform Redirection to the request protocol without modification using #{protocol} of the Protocol dropbox.

Change rules

To change rules:

Select the listener you wish to change a rule for on the Change listener settings page and click [View/change rules].
Select the rule to change on the View/change rules page and click [Change rules].
To apply changes, see Add rules.
Click [OK].

Delete rules

Note

Default rules cannot be deleted. If a default rule is included in the selected rule, the [Delete rules] button is disabled.
Even if you delete the rules, the target groups selected for action are not deleted.

To delete a rule:

Select the listener to delete a rule from on the Change listener settings page and click [View/change rules].
Select the rule you wish to delete on the View/change rules page and click [Delete rules].
Review the details in the Delete rules popup and then click [Delete].
- The selected rule is deleted.

Monitor Application Load Balancer

You can view the regularly collected information for Concurrent connection, Connection per Second, Traffic In, Traffic Out, Available Host Count, and Unavailable Host Count for the selected cycle each as a graph.

Note

The collection cycle varies depending on the selected period. Monitoring information collected by processing load balancing can be set up and viewed for durations ranging from at least 1 minute to 1 year.

Aggregation Interval	View period
1-minute cycle	Up to 6 hours
5-minute cycle	Up to 1 day
30-minute cycle	Up to 1 week
2-hour cycle	Up to 1 month
1-day cycle	1 month exceeded

To view the monitoring information of the Application Load Balancer:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select a load balancer to monitor and click [Monitor].
- The basic monitoring popup for the load balancer appears, allowing you to view the monitoring information as graphs.
- Select the period to view the monitoring information collected for the selected period.
- Click [Refresh] to refresh the viewed graphs.
- Click to view an extended graph and click [X] to download the collected monitoring information as an Excel file.

Delete Application Load Balancer

Caution

If you delete a load balancer, rules set to the Route Table are also deleted. If you are using the Route Table rules in another service, they may not function normally after deleting a load balancer.

To delete an Application Load Balancer:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select a load balancer to delete and click [Delete load balancer].
Review the details in the Delete load balancer popup and then click [Delete].
- The selected load balancer is deleted.
- The public IP in use can be returned together. The unreturned IPs can be reassigned.