Create and manage network proxy Load Balancer

Available in VPC

Network Proxy Load Balancer is a load balancer using a similar method to the load balancer provided in the Classic environment. With the Proxy method of communication, it offers the same load balancing algorithm as Application Load Balancers.

Create Network Proxy Load Balancer

To create a Network Proxy Load Balancer, follow these steps:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Click [Create load balancer] > [Create Network Proxy Load Balancer] in order.
When the Create load balancer page appears, proceed with the following steps in order:

Note

The 3. Set certificate step appears only when a listener is added in 2. Create load balancer (set listener) step with TLS protocol.
If you added listeners only with TCP protocol, the 3. Set certificate step does not appear. Skip the step and proceed in order.

1. Create load balancer

Enter the information for the Network Proxy Load Balancer you wish to create and click the [Next] button.

Network: select the network type for the load balancer.
- Private IP: it processes the load balancing from the internal server using a Private IP within VPC. It cannot be accessed from outside VPC.
- Public IP: the Public IP is set to allow calling from outside VPC or the Internet. It processes the load balancing, and you can utilize it by connecting with the domains or CDN services of customers using the random domain provided with the Public IP.
Load processing capacity: select the size of the load balancer depending on the load processing capacity.
- You can select a Small, Medium, Large, or Extra-large option based on the load processing capacity.
- Each size can handle at least 30,000/60,000/90,000/120,000 loads, respectively, based on connections per second (CPS).
- Due to SSL offloading, TLS is expected to have roughly 1/10th of the capacity compared to TCP, although this can vary based on the authentication key method and size.
Target VPC: select the VPC to create a load balancer in.
Select subnet: select the zone and subnet to use to create the load balancer.
Caution
- The selected zone and subnet cannot be changed after the load balancer creation is completed.
- Create and select a dedicated subnet.
- You can only select the subnet included in the VPC you selected from Target VPC.
  - If you select Private IP, you can only select the subnet created with a Private IP Load Balancer Subnet.
  - If you select Public IP, you can only select the subnet created with Public IP Load Balancer Subnet.
  - For more information on how to create subnets, see Create subnet.
- You do not need to create separate subnets for each load balancer; however, we recommend using a Class C subnet (255.255.255.0) size.
Public IP: select a Public IP that you possess or subscribe to a new Public IP.

2. Create load balancer (set listener)

Select the protocol (TCP/TLS) that the basic listener of the load balancer will operate with.
Set up the port to which the basic listener of the load balancer will bind.
Click the [Add] button.
- A listener is added.
- Repeat steps 1 to 3 to add multiple listeners.
- To delete an added listener, click the [Delete] button.
Click the [Next] button.

3. Set certificate

Note

Set certificate appears only when a listener is added with the TLS protocol in 2. Create load balancer(set listener).

Select the appropriate certificate for the service from those registered in Certificate Manager.
- If you have no registered certificate, see Certificate Manager user guides to register a certificate.

Note

Only RSA-2048 or higher, or ECDSA P256 public key algorithm certificates are supported.

Select the TLS protocol version at the TLS minimum support version.
- You can select from TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.
Select the cipher suite that the TLS listeners will support in Set cipher suite.
- You can select the encryption feature for the load balancer to provide at the encryption negotiation with the client.
- You can select Select All to select all cipher suites available.

Note

TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256 cipher suites are always included.

4. Select target group

Select the target group to apply load balancing and click the [Next] button.

To do this, the target group must be created in advance. If there is no created target group, click the [Create target group] button to create a target group. (See Create target group)
Among target groups created, only target groups that can be connected are displayed.
- You can only select a target group created with PROXY_TCP protocols for Network Proxy Load Balancers.

Caution

The bandwidth of Load Balancer Subnet must be added to ACG of the bound server and NACL as an access source and allowed port.

5. View setting information

View the setting information for the load balancer and click the [Create load balancer] button.

Manage Network Proxy Load Balancer

You can change the load balancer, subnet, and listener setting for the created Network Proxy Load Balancer and check the monitoring information as a graph.

Note

You can change the server applied to the load balancer in the Target Group menu. For more information, see Set target.

Set load balancer

To view the setting information and change the setting for the load balancer, follow these steps:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select the load balancer to view or change the setting information and click the [Change load balancer settings] button.
- The Change load balancer settings popup window appears and you can view the setting information of the load balancer.
After applying changes, click the [OK] button.
- You can change load processing capacity.
  - You can select a Small, Medium, Large, or Extra-large option based on the load processing capacity.
  - Each size can handle at least 30,000/60,000/90,000/120,000 loads, respectively, based on connections per second (CPS).
- Due to SSL offloading, TLS is expected to have roughly 1/10th of the capacity compared to TCP, although this can vary based on the authentication key method and size.
- You can change the Idle Timeout.

Change subnet

Note

When you create a load balancer, you can add a subnet only when you select 1 zone and a subnet.
Once you add a subnet, it cannot be changed.

To add zones and subnets where Network Proxy Load Balancer will be placed, follow these steps:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select the load balancer you want to add a subnet to and click the [Change subnet] button.
- The Change Load Balancer Subnet popup window appears, and you can view the setting information of the Load Balancer Subnet.
Add zones and subnets and click the [OK] button.

Set listener

You can check the registered listeners on the change listener settings page and add/change/delete them. You can view and change the rules.

Note

You cannot add or delete a rule in Network Proxy Load Balancer.

To move listeners to the change settings page, follow these steps:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select the load balancer to change the listener setting and click the [Change listener settings] button.
- When you move to the Change listener settings page, you can view the listeners you set upon creating the load balancer as a default.

Add listener

To add listeners, follow these steps:

Click the [Add listener] button on the Change listener settings page.
Select a protocol (TCP/TLS) for the listener you wish to add.
Enter the port number that the listener will bind to.
If you selected TLS, select the following items:
- Select the appropriate certificate for the service from those registered in Certificate Manager.
- Select the TLS protocol version.
  - You can select from TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.
- Select the cipher suite that the TLS listener will support.
  - You can select the encryption feature for the load balancer to provide at the encryption negotiation with the client.
Select the target group the listener's traffic will be forwarded to.
Click [OK].

Change listener

To change listeners, follow these steps:

Click the [Change listener] button on the Change listener settings page.
See Add listener and apply changes.
Click [OK].

Delete listener

Note

Only if the load balancer is in the Operating status, you can delete a listener.

To delete a listener, follow these steps:

Select the listener you want to delete on the Change listener settings page.
Click the [Delete listener] button.
Check the content on the delete listener popup window and click the [Delete] button.
- The selected listener is deleted.

View rules

You can view the registered rules on the View/change rules page.

Rules have the following characteristics:

Each rule consists of actions (Network Proxy Load Balancers do not take conditions).
You cannot delete the Default rules.
The rules are applied in priority order, and unapplied traffic operates following the Default rules.

To view registered rules, follow these steps:

Select the listener you want to view on the Change listener settings page.
Click the [View/change rules] button.
- Move to the View/change rules page.

Change rules

To change rules, follow these steps:

Select the listener you wish to change a rule for on the Change listener settings page and click the [View/change rules] button.
Select the rule to change on the View/change rules page and click the [Change rules] button.
Apply the changes.
- Change the target group at Action and click the [Add] button.
  - Weights cannot be changed.
- Click the [x] button to delete the added target group.
Click [OK].

Monitor Network Proxy Load Balancer

You can check the regularly collected information for Concurrent connection, Connection per Second, Traffic In and Traffic Out for the selected period each as a graph.

Note

The collection cycle varies depending on the selected period. Monitoring information collected by processing load balancing can be set up and viewed for durations ranging from at least 1 minute to 1 year.

Aggregation (Interval)	View period
1-minute cycle	Up to 6 hours
5-minute cycle	Up to 1 day
30-minute cycle	Up to 1 week
2-hour cycle	Up to 1 month
1-day cycle	1 month exceeded

To check the monitoring information of the Network Proxy Load Balancer, follow these steps:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select a load balancer to monitor and click the [Monitor] button.
- The Basic monitoring popup window for the load balancer pops up and shows the monitoring information as graphs.
- Select the period to view the monitoring information collected for the selected period.
- Click the [Refresh] button to refresh the viewed graphs.
- Click to view an extended graph and click the [x] button to download the collected monitoring information as an Excel file.

Delete Network Proxy Load Balancer

Caution

If you delete a load balancer, rules set to the Route Table are also deleted. If you are using the Route Table rules in another service, they may not function normally after deleting a load balancer.

To delete a Network Proxy Load Balancer, follow these steps:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > Load Balancer.
Click the Load Balancer menu.
Select a load balancer to delete and click the [Delete load balancer] button.
Check the content in the Delete load balancer popup window and click the [Delete] button.
- The selected load balancer is deleted.
- The public IP in use can be returned together. The unreturned IPs can be reassigned.