Creating and managing Load Balancer
  • PDF

Creating and managing Load Balancer

  • PDF

Available in Classic

A proxy-based Load Balancer is provided in the Classic environment.

Create Load Balancer

The following describes how to create a Load Balancer.

  1. Please connect to the NAVER Cloud Platform console.
  2. Click Services > Networking > Load Balancer menus, in that order.
  3. Click the Load Balancer menu.
  4. Click the [Create load balancer] menu.
    loadbalancer-classiclb-classic_button_ko
  5. When the load balancer creation page appears, proceed with the following steps in order.
Note

2. Set certificate and 3. Set cipher steps only appear when HTTPS or SSL protocol is added in 1. Create load balancer step.
In case of adding HTTP or TCP protocol only, proceed with the steps in order except for 2. Set certificate and 3. Set cipher.

1. Create load balancer

Enter the Load Balancer information to create, and then click the [Next] button.

loadbalancer-classiclb-classic_create_ko

  • Network: Select the network type for the Load Balancer.

    • When it is used for internet services, select the Public IP.
    • If it is required to balance loads internally without exposing externally, then select the Private IP.
      • You can use the private IP Load Balancer same as the Load Balancer based on the public IP address. You can access using the provided private IP without using the domain.
      • If the private IP Load Balancer is used in global regions, then you can balance loads stably and quickly by using a dedicated network.
  • Select the zone where the Load Balancer will be created.

    • If the network type is selected as the Public IP in the Korea region, then higher service availability can be obtained by selecting the 2 supported zones together.

    • Regardless of zones where the Load Balancer is located, all servers that the account owns can be connected.

      Caution

      For users of NAVER Cloud Platform's Security Monitoring service, make sure to check since additional costs may be incurred.

  • Enter the appropriate value in the Set load balancer, and then click the [Add] button.

    • Up to 2 values can be added, and the setting values added are applied to all target servers.
    • Select a protocol.
    • Enter the load balancer port and server port numbers.
      • The load balancer port number must be unique, but server port number can be duplicated.
      • Ports 22, 3389, 18080 to 18095, 64000, and 65130 to 65131 can't be used as the load balancer port since they're reserved for Load Balancer management.
    • If HTTP or HTTPS protocol is selected, then enter L7 Health Check.
      • It must start with slash (/). Enter the content path to perform the health check
        <e.g.,> /somedir/index.html
        <e.g.,> /index.html, /dir/index.html
      • The checkbox for Proxy Protocol is only activated if the TCP or SSL protocol is selected. For more details about proxy protocol settings, refer to Proxy Protocol.
    • The checkbox for HTTP/2 is only activated if the HTTPS protocol is selected.
    • If HTTPS protocol is selected, then select the Server Protocol.
    • Click the [Delete] button to delete the added settings.
    Note

    For SSL settings, duplicated SSL settings aren't required for servers connected to Load Balancer as SSL authentication is done by SSL offloading method. It is recommended not to set the Load Balancer and server ports to 433, but set the server port to 80. If HTTPS has to be served in the server too, then HTTPS can be selected to configure the Server Protocol.

  • Select the load balancing algorithm.

2. Set certificate

Note

The Set certificate step only appears when the HTTPS or SSL protocol is added to 1. Create load balancer.

Select a certificate appropriate to the service among certificates registered in Certificate Manager, and then click the [Next] button.

3. Set cipher

Check the SSL Protocol that can be supported, template that applied ciphers, and SSL ciphers applied, and then click the [Next] button.

  • Check the version that can be supported by SSL and TLS.
    • TLSv1, TLSv1.1, and TLSv1.2 are supported.
  • Check the SSL ciphers applied.
    • Among all ciphers, checked ones are the ciphers that allow connection in Load Balancer when communicating with SSL.

4. Adding server

loadbalancer-classiclb-classic_addserver_ko

  1. Search a server, and then select a server to apply to Load Balancer from All servers field, if required.
  2. Click the [>] button to go to Target server field.
    • Select a server to delete, and then click [<] to delete a server included in the Target server field.
  3. Click the [Next] button.

5. View settings information

Check Load Balancer settings information, and then click the [Create load balancer] button.

  • A Load Balancer is created with the status of Stopped.

Proxy Protocol

Proxy protocol is a protocol that can check the IP address (original client IP address) of a client that requests connection in proxy environment when using TCP or SSL protocol in Load Balancer.

The following describes how to check the protocol-specific client IP when setting the Load Balancer.

Protocol Method
HTTP, HTTPS X-Forwarded-For
TCP, SSL Proxy Protocol

If you choose to use proxy protocol when setting Load Balancer rules, then Load Balancer calls a request as follows.

PROXY_STRING + single space + INET_PROTOCOL + single space + CLIENT_IP + single space + PROXY_IP + single space + CLIENT_PORT + single space + PROXY_PORT + "\r\n“
```Shell PROXY TCP4 125.209.237.10 125.209.192.12 43321 80\r\n ```

Versions of Apache and NGINX that support proxy protocol are as follows.

  • Apache 2.2
  • Apache 2.4
  • NginX 1.11.12

Set proxy protocol

The following describes how to set the proxy protocol.

  1. When creating a Load Balancer, select either TCP or SSL protocol in 1. Create load balancer, and then click the Proxy Protocol checkbox to select.
  2. Check the following steps to set according to the version.

Apache 2.2

The following describes how to set the proxy protocol in Apache version 2.2.

$ wget --no-check-certificate https://raw.githubusercontent.com/ggrandes/apache22-modules/master/mod_myfixip.c
$ /{Path where Apache is installed}/bin/apxs -c -i mod_myfixip.c
  • Add the following settings to the /{Path where Apache is installed}/conf/httpd.conf file.

    LoadModule myfixip_module modules/mod_myfixip.so
    
    <IfModule mod_myfixip.c>
    RewriteIPResetHeader off
    Set to RewriteIPAllow 10.31.0.0/16 #LB IP range (for example, if LB IP is 125.209.197.92, use 125.209.0.0/16)
    </IfModule mod_myfixip.c>
    

Apache 2.4

The following describes how to set the proxy protocol in Apache version 2.4.

$ wget --no-check-certificate https://raw.githubusercontent.com/ggrandes/apache24-modules/master/mod_myfixip.c
$ /{Path where Apache is installed}/bin/apxs -c -i mod_myfixip.c
  • If the apxs path can't be found, then install the http-devel package and check.

  • Add the following settings to the /{Path where Apache is installed}/conf/httpd.conf file

    LoadModule myfixip_module modules/mod_myfixip.so
    
    <IfModule mod_myfixip.c>
    RewriteIPResetHeader off
    Set to RewriteIPAllow 10.31.0.0/16 #LB IP range (for example, if LB IP is 125.209.197.92, use 125.209.0.0/16)
    </IfModule mod_myfixip.c>
    

Nginx 1.11.12

The following describes how to set the proxy protocol in NGINX version 1.11.12.

  1. Check if the HTTP module is included in NGINX.
$ nginx -V 2>&1 | grep – 'http_realip_module'
  1. Add the following settings to the NGINX conf file.
http {
proxy_set_header X-Real-IP         $proxy_protocol_addr;
proxy_set_header X-Forwarded-For   $proxy_protocol_addr;
log_format main ' $proxy_protocol_addr - $remote_user [$time_local]'
#Adding to existing log format
                 '"$request" $status $body_bytes_sent'
                 '"$http_referer" "$http_user_agent"';
server
{ listen 80  proxy_protocol;
  set_real_ip_from LB IP range 1 (192.168.0.0/16);
  set_real_ip_from LB IP range 2 (192.168.0.0/16);
  real_ip_header proxy_protocol     }
}

Manage Load Balancer

The created Load Balancer's status can be changed and checked, and the Load Balancer settings can be changed.

Change Load Balancer's status

Load Balancer operates properly if its status is Running. ACG and server settings are required to change the status to Running.

Set ACG

The Load Balancer provided by NAVER Cloud Platform provides the private IP Load Balancer feature. The Load Balancer port specified when setting the Load Balancer is opened to Any range (0.0.0.0/0).

Permission rules regarding the Load Balancer must be applied to the ACG of servers applied to the Load Balancer.

The following shows how to apply the permission rules regarding the Load Balancer created in the ACG.

  1. From the NAVER Cloud Platform console, click the Services > Compute > Server menus, in that order.
  2. Click the ACG menu.
  3. Select the ACG of the server applied to the Load Balancer, and then click the [Set ACG] button.
  4. Enter the protocol, access source, and allowed port of the Load Balancer created, and then click the [Add] button.
    • Enter "ncloud-load-balancer" in the Access source (It is available in Access control group source of the Load Balancer details).
    • Enter the server port number entered when creating the Load Balancer in Allowed port.
    • Click the [X] button to delete the added rules.
  5. Click the [Apply] button.

Set server

The listening port of the bound server and the server port set in the Load Balancer must match to change the Load Balancer's status to Running.

The following describes how to change the server port to the server's listening port.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
  2. Click the Load Balancer to change its server port, and then click the [Change load balancer settings] button.
  3. Edit the server port same as the server's listening port, and then click the [Add] button.
  4. Click the [OK] button.
    • Once the setting is complete, the status changes to Running.

    • Click the [Check load balancer status] button to check the result value of performing the health check from the Load Balancer to the server's port.

      Caution

      For ncloud-load-balancer groups, if an ACG permission rule is added and then deleted, sometimes a connection to VM may be made without the permission rule if there are persistent health check requests to VM from Load Balancer. So restart the connected Load Balancer to ensure that communication is blocked.

Set Load Balancer

The following describes how to check the Load Balancer settings information and change the settings.

Note

The server applied to the Load Balancer can be changed by clicking the [Target server] button. For more details, refer to Change target server.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.

  2. Click the Load Balancer menu.

  3. Check the settings information or select the Load Balancer to change, and then click the [Change load balancer settings] button.

    • The load balancer settings change pop-up window appears, and the Load Balancer's settings information can be checked.
  4. Apply the changes, and then click the [OK] button.

    loadbalancer-classiclb-classic_edit_ko

    • Load balancer settings can be changed.
    • The load balancing algorithm can be changed.

Change target server

The following describes how to check and add/delete the server applied to the Load Balancer.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.

  2. Click the Load Balancer menu.

  3. Select the Load Balancer to change its target server, and then click the Change target server button.

    • The target server change pop-up window appears, and the server applied to the Load Balancer can be checked.

    loadbalancer-classiclb-classic_server_ko

  4. Select a server to add in the All servers field, and then click the [>] button to add a server.

  5. Select a server to remove in the Target server field, and then click the [<] button to delete the target server.

  6. Click the [OK] button.

Manage SSL certificate

SSL certificates can be managed in the Certificate List menu.

Click the [Manage SSL certificate] button, and then [Go to Certificate Manager], or click Services > Security > Certificate Manager > Certificate List menu in that order to go to the Certificate List menu.

For more details about SSL certificate management, refer to the Certificate Manager Guide.

Check Load Balancer status

The following describes how to check Load Balancer and the server's connection status.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
  2. Click the Load Balancer to check its status, and then click the [Check load balancer status] button.
    • The load balancer status check pop-up window appears, and the Load Balancer and the server's connection status can be checked.

Edit HTTP keep-alive application status

HTTP keep-alive is an option that reuses the existing connection when requesting the connection again while maintaining the connection for a certain amount of time.

The following describes how to edit the application status of HTTP keep-alive.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
  2. Click the Load Balancer to edit the application status.
    • The Load Balancer details are displayed.
  3. Click the i_loadbalancer_edit in the Apply HTTP keep-alive.
  4. Edit the application status, and then click the [Edit] button.

Setting connection idle timeout

Connection idle timeout is the time of maintaining a connection to the Load Balancer. If the time exceeds, then the connection is forcefully closed, then leading to disconnection. If an application that supports long transaction is required, then adjust the applicable option to set the connection time. Default is 60 seconds, and it can be set between 60 to 3,600 seconds.

The following describes how to set the connection idle timeout.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
  2. Click the Load Balancer to set.
    • The Load Balancer details are displayed.
  3. Click the i_loadbalancer_edit in the Connection idle timeout settings (Default: 60 seconds).
  4. Edit the setting value, and then click the [Edit] button.

Delete Load Balancer

The following describes how to delete an Load Balancer.

  1. From the NAVER Cloud Platform console, click the Services > Networking > Load Balancer menus, in that order.
  2. Select the Load Balancer to delete, and then click the [Delete load balancer] button.
  3. Check the details in the load balancer deletion pop-up window, and then click the [Delete] button.
    • The selected Load Balancer is deleted.

Was this article helpful?