You can easily create a load balancer by entering the setting values in the NHN Cloud Load Balancer console. Depending on your purpose, you can select either L4 routing or L7 routing mode to create it.
The mode refers to the template, not the actual type of load balancer. You can create a load balancer with L4 routing mode and add L7 rules.
Set up basic information about the load balancer. The following items are required
[Note] For more information about load balancer types, See Load Balancer Types.
Defines the properties of the traffic that the load balancer will process. A load balancer in NHN Cloud can have one or more listeners.
Block invalid requests: When Not use is selected, blocks HTTP request headers if they contain invalid characters. Available only when using HTTP and the TERMINATED_HTTPS protocol.
SSL Certificate: Register a certificate to be used when TERMINATED_HTTPS is selected as the protocol.
[Caution] Load balancer port, instance port, and protocol cannot be changed after a listener is created.
[Note] Load balancer port and instance port have a value between 1 and 65535. If there is no L7 rule, or even if there is, when you set to Not use because the rule does not meet the conditions, the request will return a 503.
[Note] Health checks are performed only if the member group is either the default member group for the listener or is specified as the action target of an L7 rule; otherwise, health checks are not performed with that member group.
[Note] How to register TERMINATED_HTTPS certificates
When TERMINATED_HTTPS is specified as listener protocol for load balancer, a button to register an SSL certificate is activated.
Files to register are ‘Certificate’ and ‘Private Key’. ‘Private Key’ refers to a private key which is paired with a public key embedded in the server certificate.
The ‘Certificate’ must follow the x.509 PEM format as follows:
-----BEGIN CERTIFICATE----- (omitted) -----END CERTIFICATE-----
When you need to register a server certificate and a chain certificate (intermediate certificate) together, you must create and register the server certificate and chain certificate in one file.
To create a single file for certificates, the server certificate must be described at the top of the file and the chain certificates must be described at the bottom of the file. Chain certificates can be described in any order.
If you create one server certificate and two chain certificates into one certificate file, it will have the following format:
-----BEGIN CERTIFICATE----- (Server Certificate, omitted) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Chain Certificate #1, omitted) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Chain Certificate #2, omitted) -----END CERTIFICATE-----
‘Private Key’ a key file corresponding to the public key contained in the server certificate. The registered 'private key' works properly only when the password is removed.
You can register files with the PKCS#1 or PKCS#8 PEM format.
-----BEGIN RSA PRIVATE KEY----- (Private Key, omitted) -----END RSA PRIVATE KEY-----
, or
-----BEGIN PRIVATE KEY----- (Private Key, omitted) -----END PRIVATE KEY-----
When the listener uses TERMINATED_HTTPS, you can register a certificate in one of the following two methods: using a certificate registered in Certificate Manager or directly registering a certificate.
[Caution] When a certificate is updated in the Certificate Manager, certificates of any other affected listener must be updated as well. To apply the certificate which is registered in the Certificate Manager to the listener, the password of the 'Private Key' must be removed, and the format must be PKCS#1 or PKCS#8 PEM.
The load balancer can perform load balancing based on L7 data. When you select an L7 routing template to create a load balancer, you can create a load balancer that includes L7 policies. L7 policies work well only when the protocol of the listener is HTTP/TERMINATED_HTTPS. Even if you create a load balancer with an L4 template, you can add L7 rules later.
[Caution] Among condition types, hostnames are not case sensitive.
[Note] If there is no match to the L7 rules you set up, traffic is forwarded to the listener's default member group.
[Note] Health checks are performed only if the member group is either the default member group for the listener or is specified as the action target of an L7 rule; otherwise, health checks are not performed with that member group.
[Note] When a member group is deleted, any L7 rules that had that member group as an action target will have their action type changed to Block.
Set the target member groups to forward load balancing traffic to. You can create additional member groups even after the load balancer creation is complete.
[Caution] Member ports and protocols cannot be changed after a member group is created.
[Note] Member ports have values between 1 and 65535.
The settings for health check are also determined when creating the listener. NHN Cloud's load balancer can define health check behavior per listener. The items required are as follows:
[Note] Health checks are performed only if the member group is either the default member group for the listener or is specified as the action target of an L7 rule; otherwise, health checks are not performed with that member group.
Specify instances or IPs to register as members when the load balancer is created. You can register members even after the load balancer is created. Members can be registered in two ways
Enabling delete protection protects a load balancer from accidental deletion. You cannot delete that load balancer until you disable delete protection. A load balancer with delete protection enabled cannot delete listeners, member groups, and L7 rules, and also cannot delete and change health monitors.
Specify the IP access control group to apply when the load balancer is created. You can select multiple groups with the same access control type among the IP access control groups. You can change the IP access control group to be applied even after the load balancer is created.
After a load balancer is created, you will be returned to the load balancer list page. In the load balancer list page, you can check the basic information of the created load balancers. The items displayed on the list page are as follows:
[Note] Provisioning status of a load balancer is determined as one of the following:
Status Description ACTIVE A load balancer has been created and is operating normally PENDING_CREATE Creating a load balancer
If the status does not change to ACTIVE within an hour after creation, contact the administrator.PENDING_UPDATE Modifying load balancer configuration
If the status does not change to ACTIVE within an hour after modifying the configuration, contact the administrator.PENDING_DELETE Deleting a load balancer
If the load balancer does not disappear from the list within an hour after deletion, contact the administrator.ERROR Failed to create a load balancer
Contact the administrator.ERROR_MIGRATE Failed to migrate a load balancer
Contact the administrator.
Select a load balancer from the list, and a page of details shows up at the bottom, which is composed of the following tabs:
On the main screen of the load balancer, select the desired load balancer detail view to see the listeners and member groups connected to the load balancer. From there, you can select the Listeners tab to create, change, or delete listeners.
Listeners can be added by clicking the Add Listener button on the Listener tab in the detail screen of the load balancer. Items required to add listeners are the same as those required by the default listener during creation of the load balancer. When a listener is added, the load balancer port used by previous listeners can no longer be used.
To modify the setting of a listener, click Modify.
[Note] You cannot change the listener protocol, load balancer port, and instance port.
To delete a listener, click Delete: cannot delete, though, if the load balancer has only one listener.
[Caution] Add/Modify/Delete listeners causes reboot of a load balancer. During the reboot, existing connected sessions are maintained, but new sessions cannot be processed (less than 1 second). Therefore, it is recommended to proceed at a time that does not affect the service.
On the Load Balancers screen, select the desired load balancer's View Details to see the listeners and member groups connected to the load balancer. From there, you can select the Member Groups tab to create, change, or delete member groups.
Click Create Member Group to create additional member groups. The items required to create a member group are the same as those required for a member group when creating a load balancer.
Click Change Member Group to change settings related to the member group.
[Caution] Member ports and protocols cannot be changed after a member group is created.
Select the member group you want to delete and click Delete Member Group to delete that member group.
[Caution] Creating/editing/deleting a member group restarts the load balancer. During the restart, existing connected sessions are preserved, but new sessions cannot be processed (for less than a second). Therefore, we recommend doing this at a time that does not impact service.
[Note] When a member group is deleted, any L7 rules that had that member group as an action target will have their action type changed to Block.
On the Load Balancer View Details screen, select the Member Group tab, and then select the desired member group to view the details of the member group and the status of the members in the member group.
After you select a member group, you'll see the Basic Info, Members, and Check Status tabs at the bottom of the screen. Select the Members tab to enroll the desired instances or IP addresses as members. You can only add instances that belong to the VPC to which the load balancer is attached and to VPCs that are peered to that VPC. You can specify your own destination port number for each member, and load balancing will be done with that destination port number.
[Caution] Health checks are performed on a per-IP basis. If you have multiple IPs registered as members with the same port number, and the health check fails, all members on those IPs will become INACTIVE.
You can temporarily exclude specific members from the service. Select the members you want to exclude, click the Deactivate members button, and then click OK. The excluded members' permissions will change to X and their member status will change to ONLINE.
[Note] The status of a member is determined by one of the following
Status Meaning ACTIVE Member connection complete, working fine INACTIVE A member's health check is not being performed ONLINE Member is disabled OFFLINE Member connection failure
Contact your administrator.
Instances that are no longer used may be deleted. Click Detach Instance of the instance to exclude, and it is deleted from the member of load balancer. Deletion from load balancer member does not mean its instance is also deleted.
[Caution] Add/Disable/Delete Members causes reboot of a load balancer. During the reboot, existing connected sessions are maintained, but new sessions cannot be processed (less than 1 second). Therefore, it is recommended to proceed at a time that does not affect the service.
Select the load balancer you want to delete from the load balancer list screen and click the Delete button to delete the load balancer.
For more details on the features of IP access control, see IP Access Control.
To create an IP access control group, click [Create Access Control Group] and enter the following values:
Click [Confirm] and the groups and targets of access control are created.
[Note] Number of groups and targets of IP access control
Up to 10 access control groups can be created for each project. Up to 1,000 access control targets can be created for each project.
You can change the properties of an IP access control group. The properties you can change are name and description. The "IP Access Control Type" property cannot be changed.
You can delete the selected IP access control groups. When you delete a group, all access control targets belonging to the group are also deleted. When you delete an IP access control group, load balancers using the group will no longer use that policy.
If you select an access control group, the access control target menu appears at the bottom. When a target is added to an access control group, the policy of the added IP or CIDR is reflected in all load balancers using this access control group.
You can change the properties of the access control target. You can only change the description.
If you select an access control group, the access control target menu appears at the bottom. If you delete a target belonging to an access control group, the policy of the corresponding IP or CIDR is deleted from all load balancers using this access control group.
Select the load balancer to apply the IP access control group to. Select the group you want to configure for that load balancer and click Confirm. Multiple groups with the same "access control type" can be applied to the load balancer.
NHN Cloud updates software of the load balancer equipment on a regular basis to enhance security and stability of the basic infrastructure services. For maintenance of the load balancer, the load balancer running in the maintenance target equipment must be restarted to be migrated to the load balancer equipment where maintenance has been completed.
Load balancers that require a restart have ! Restart button displayed next to their names. You can use this button to restart the load balancers.
Go to the project with the load balancer specified as the maintenance target and perform a restart with the following procedure.
The load balancer becomes inoperable while restarting is underway. If the load balancer restart is not completed normally, it is automatically reported to the administrator, and NHN Cloud will contact you separately.
The differences between the physical load balancer launched online in April, 2021 and the previous load balancer (normal/dedicated) are as follows: