You can easily create a load balancer by entering the setting values in the NHN Cloud Load Balancer console.
Enter basic information required for a load balancer as follows:
[Note] For more information about the load balancer types, see Load Balancer Type.
Define properties of the traffic to be processed by a load balancer. By default, NHN Cloud Load Balancer has one listener, which can be added or deleted in the details page of the load balancer later.
[Note] Load balancer port and instance port have a value between 1 and 65535.
[Caution] Load balancer port, instance port, and protocol cannot be changed after a listener is created.
[Note] Registering a TERMINATED_HTTPS certificate
When TERMINATED_HTTPS is specified as listener protocol for load balancer, a button to register an SSL certificate is activated.
Files to register are ‘Certificate’ and ‘Private Key’. ‘Private Key’ refers to a private key which is paired with a public key embedded in the server certificate.
The ‘Certificate’ must follow the x.509 PEM format as follows:
-----BEGIN CERTIFICATE----- (omitted) -----END CERTIFICATE-----
When you need to register a server certificate and a chain certificate (intermediate certificate) together, you must create and register the server certificate and chain certificate in one file.
To create a single file for certificates, the server certificate must be described at the top of the file and the chain certificates must be described at the bottom of the file. Chain certificates can be described in any order.
If you create one server certificate and two chain certificates into one certificate file, it will have the following format:
-----BEGIN CERTIFICATE----- (Server Certificate, omitted) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Chain Certificate #1, omitted) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Chain Certificate #2, omitted) -----END CERTIFICATE-----
‘Private Key’ a key file corresponding to the public key contained in the server certificate. The registered 'private key' works properly only when the password is removed.
You can register files with the PKCS#1 or PKCS#8 PEM format.
-----BEGIN RSA PRIVATE KEY----- (Private Key, omitted) -----END RSA PRIVATE KEY-----
, or
-----BEGIN PRIVATE KEY----- (Private Key, omitted) -----END PRIVATE KEY-----
When the listener uses TERMINATED_HTTPS, you can register a certificate in one of the following two methods: using a certificate registered in Certificate Manager or directly registering a certificate.
[Caution] When a certificate is updated in the Certificate Manager, certificates of any other affected listener must be updated as well. To apply the certificate which is registered in the Certificate Manager to the listener, the password of the 'Private Key' must be removed, and the format must be PKCS#1 or PKCS#8 PEM.
The settings for health check are also determined when creating the listener. NHN Cloud's load balancer can define health check behavior per listener. The items required are as follows:
Specify settings related to the connection.
Specify the instance to be registered as a member when the load balancer is created. It is possible to register members even after creating the load balancer. You can register as members the VPC with which the load balancer is associated and instances that belong to the peering connection VPC of this VPC. However, if you want to register an instance with a different subnet from the load balancer as a member, you need to register the two subnets in the routing table.
Specify the IP access control group to apply when the load balancer is created. You can select multiple groups with the same access control type among the IP access control groups. You can change the IP access control group to be applied even after the load balancer is created.
After a load balancer is created, you will be returned to the load balancer list page. In the load balancer list page, you can check the basic information of the created load balancers. The items displayed on the list page are as follows:
[Note] Provisioning status of a load balancer is determined as one of the following:
Status Description ACTIVE A load balancer has been created and is operating normally PENDING_CREATE Creating a load balancer
If the status does not change to ACTIVE within an hour after creation, contact the administrator.PENDING_UPDATE Modifying load balancer configuration
If the status does not change to ACTIVE within an hour after modifying the configuration, contact the administrator.PENDING_DELETE Deleting a load balancer
If the load balancer does not disappear from the list within an hour after deletion, contact the administrator.ERROR Failed to create a load balancer
Contact the administrator.ERROR_MIGRATE Failed to migrate a load balancer
Contact the administrator.
Select a load balancer from the list, and a page of details shows up at the bottom, which is composed of the following tabs:
[Note] You cannot change VPC and IP address with which load balancer is associated.
Listeners can be added by clicking the Add Listener button on the Listener tab in the detail screen of the load balancer. Items required to add listeners are the same as those required by the default listener during creation of the load balancer. When a listener is added, the load balancer port used by previous listeners can no longer be used.
To modify the setting of a listener, click Modify.
[Note] You cannot change the listener protocol, load balancer port, and instance port.
To delete a listener, click Delete: cannot delete, though, if the load balancer has only one listener.
[Caution] Add/Modify/Delete listeners causes reboot of a load balancer. During the reboot, existing connected sessions are maintained, but new sessions cannot be processed (less than 1 second). Therefore, it is recommended to proceed at a time that does not affect the service.
Register a new instance as member of load balancer in the instance tab. Only those instances that belong to VPC with which load balancer is associated can be added.
You can exclude certain instances among member instances from the service temporarily. Select the instances you want to exclude, click the Disable Instance button, and then click Confirm. The usage item of the excluded instance is changed to False and the member instance status is changed to ONLINE .
[Note] The status of a member instance is determined as one of the following:
Status Description ACTIVE A member instance has been connected and is operating normally INACTIVE A health check of the member instance is not being performed ONLINE A member instance has been disabled OFFLINE Failed to connect to a member instance
Contact the administrator.
Instances that are no longer used may be deleted. Click Detach Instance of the instance to exclude, and it is deleted from the member of load balancer. Deletion from load balancer member does not mean its instance is also deleted.
[Caution] Add/Disable/Delete Members causes reboot of a load balancer. During the reboot, existing connected sessions are maintained, but new sessions cannot be processed (less than 1 second). Therefore, it is recommended to proceed at a time that does not affect the service.
Select the load balancer you want to delete from the load balancer list screen and click the Delete button to delete the load balancer.
For more details on the features of IP access control, see IP Access Control.
To create an IP access control group, click [Create Access Control Group] and enter the following values:
Click [Confirm] and the groups and targets of access control are created.
[Note] Number of groups and targets of IP access control
Up to 10 access control groups can be created for each project. Up to 1,000 access control targets can be created for each project.
You can change the properties of an IP access control group. The properties you can change are name and description. The "IP Access Control Type" property cannot be changed.
You can delete the selected IP access control groups. When you delete a group, all access control targets belonging to the group are also deleted. When you delete an IP access control group, load balancers using the group will no longer use that policy.
If you select an access control group, the access control target menu appears at the bottom. When a target is added to an access control group, the policy of the added IP or CIDR is reflected in all load balancers using this access control group.
You can change the properties of the access control target. You can only change the description.
If you select an access control group, the access control target menu appears at the bottom. If you delete a target belonging to an access control group, the policy of the corresponding IP or CIDR is deleted from all load balancers using this access control group.
Select the load balancer to apply the IP access control group to. Select the group you want to configure for that load balancer and click Confirm. Multiple groups with the same "access control type" can be applied to the load balancer.
NHN Cloud updates software of the load balancer equipment on a regular basis to enhance security and stability of the basic infrastructure services. For maintenance of the load balancer, the load balancer running in the maintenance target equipment must be restarted to be migrated to the load balancer equipment where maintenance has been completed.
Load balancers that require a restart have ! Restart button displayed next to their names. You can use this button to restart the load balancers.
Go to the project with the load balancer specified as the maintenance target and perform a restart with the following procedure.
The load balancer becomes inoperable while restarting is underway. If the load balancer restart is not completed normally, it is automatically reported to the administrator, and NHN Cloud will contact you separately.
The differences between the physical load balancer launched online in April, 2021 and the previous load balancer (normal/dedicated) are as follows: