Network load balancers
In this article:
Network load balancers#
Network load balancers distribute inbound TCP and UDP traffic among virtual machines for more even load distribution. Traffic is received by listeners and forwarded to target groups, where it is then distributed among target resources. Traffic is distributed according to the 5-tuple hash algorithm, which takes into account:
protocol;
source address and port;
destination address and port.
Traffic of a TCP connection and UDP flow with the same source and destination is routed to the same target resource for the entire lifetime thereof.
Usage restrictions#
When using network load balancers, the following restrictions should be taken into account:
Balancing traffic between targets in different availability zones is not supported yet. A balancer instance can only distribute traffic between targets in the same availability zone to which it belongs.
Note
In the future, we plan to add load balancing across different availability zones for traffic coming to a specific address.
Internal network load balancers do not support VPNaaS, Transit Gateways and Direct Connect services.
To create an internal network balancer in the selected VPC, the following conditions must be met:
there is only one route table;
the route propagation feature is enabled;
there are no subnets to which external networks are attached.
Note
If any of the above conditions cannot be met but you need an internal load balancer to distribute traffic only within one availability zone, then, to create it, submit a request via our support portal or send it to support@k2.cloud.
Note
Once the load balancer has been created, no changes are allowed to the VPC configuration, which violate the restrictions listed in this item.
If an internal load balancer is required to distribute traffic from attached external networks, then its operation is subject to the following conditions:
the external network must be attached to a virtual switch rather than VPC;
in each availability zone where a balancer instance will be placed, you should create a VM instance to route traffic between the VPC and the external network. This instance will be responsible for routing traffic to the balancer in this availability zone. It must have at least two network interfaces, one of which must be attached to a subnet in the desired VPC and the other, to the virtual switch which the external network is attached to.
Note
Load balancing with asymmetric routing (when traffic from an external network comes to the balancer instance through one availability zone and exits through another) is not supported. Traffic must enter and exit the VPC through the same availability zone.
To access internal DNS resolver in the VPC, 1) configure a DNS forwarder or SNAT for DNS traffic on the instance used for traffic routing, and 2) access the DNS from external networks through this DNS forwarder/SNAT.
Availability improvement#
Network load balancers do not currently support automatic traffic distribution across multiple availability zones. To improve service availability, you can include resources from multiple availability zones into a target group. To do this, when creating a load balancer, specify a subnet in each availability zone where the targets are placed. This will create a load balancer that is available at multiple IP addresses (public in case of an internet-facing load balancer or private in case of an internal load balancer).
Трафик, поступающий на конкретный IP-адрес балансировщика, направляется обработчиком целевым ресурсам в той же зоне доступности, что и сетевой интерфейс балансировщика, которому назначен этот IP-адрес.
Для распределения входящего трафика между несколькими IP-адресами и, соответственно, зонами доступности можно использовать DNS-имя балансировщика.
IP-адрес экземпляра балансировщика из конкретной зоны доступности добавляется в DNS, если у каждого обработчика в связанной целевой группе есть хотя бы один ресурс в состоянии ОК в этой зоне доступности.
Например, если балансировщик запущен в трёх зонах доступности и в каждой из них есть хотя бы один доступный целевой ресурс, то ответ на запрос DNS-имени будет возвращать сразу все три IP-адреса в случайном порядке.
In case of failure, the balancer instance is recovered automatically by the cloud tools.
Load balancer operations#
For a load balancer to operate, in addition to the load balancer itself, you should create at least one listener and an associated target group with at least one resource. Listeners and target groups can be created together with a load balancer. However, it is more handy to create target groups separately. You can add listeners after the load balancer has been created.
Create network load balancer#
Note
You can also create a balancer and associate it with an existing target group in the Target groups subsection.
Attention
You can create an internal network load balancer only if route propagation is enabled in VPC.
To create a network load balancer:
Go to the section Load balancing Load balancers and click Create.
Set the basic parameters of the balancer:
Type — Type of the load balancer. Select NLB.
Name tag — Optional description of the load balancer.
Load balancer name — The name must not be longer than 32 characters, can only contain Latin letters, numbers and hyphens, and must not start or end with a hyphen.
Scheme — This parameter defines which clients the load balancer can work with. If the
Internalscheme is selected, the load balancer handles requests to internal addresses only from clients in the same VPC. If theInternet-facingscheme is selected, the load balancer can distribute requests to external addresses from any clients in the Internet.
To go to the next step, click Next.
Specify the network mapping parameters:
VPC — VPC in which the load balancer will be placed. All other balancer components, such as target groups and target resources, must be placed in the same VPC.
Subnet — Subnet in which the network interface of the load balancer will be created.
Private IP or Elastic IP — IP address that will be associated with the network interface, depending on the selected scheme. When the
internalscheme is selected, specify an internal IP address from the selected subnet. When the``internet-facing`` scheme is selected, specify an external Elastic IP address. If you leave this field blank, the IP address will be associated automatically.
To associate the balancer with subnets in other availability zones, click Add subnet.
To go to the next step, click Next.
Add listeners and associate target groups with them. You may skip this step and add listeners later.
Name tag — Name or description of the listener.
Protocol — Protocol whose traffic the listener will receive. A load balancer can have both TCP and UDP traffic listeners simultaneously.
Port — Port which the listener receives traffic at.
Forwarding to — This option allows you to associate a target group with the listener. You can select an
existing target groupfrom the list or add anew target group. In the latter case, specify:target group name;
port to which traffic is forwarded;
targets that are included in the group.
Note
Targets must be in the same availability zones as the subnets selected in the previous step.
To add a listener, click Add.
If necessary, you can add more listeners right away by repeating the steps above, or you can remove unnecessary ones by clicking Remove.
To go to the next step, click Next.
If required, assign tags to the load balancer.
If the Name tag was not specified in step 2 and you want to add it, click Add Name tag and set the tag value.
To add an arbitrary tag, click Add tag and enter tag key and value.
You can skip this step and add tags later. To go to the next step, click Overview and create.
Check balancer settings. If you need to change any of them, go back to the corresponding step. If everything is OK, click Create to create the balancer.
It may take some time for the balancer to check health of the targets (if those are specified). The health check duration depends on the health check settings for the target groups.
Note
To start the balancer, you need to specify neither a listener nor targets. However, if those are not specified, the balancer will not handle traffic, even when in the Active state.
Map subnet#
When a subnet is mapped to a balancer, a network interface is created in this subnet. The mapped subnet and corresponding interface can be neither changed nor deleted. However, you can map the load balancer to subnets from those availability zones where the load balancer does not have a network interface yet.
To add a subnet:
Go to the section Load balancing Load balancers.
Select the load balancer from the table and click Associate subnets.
Specify the network mapping parameters:
Subnet — Subnet in which an additional network interface of the load balancer will be created. It must be in the same VPC as the already associated subnets.
Private IP or Elastic IP — IP address that will be associated with the network interface, depending on the selected scheme. When the``internal`` scheme is selected, specify an internal IP address from the selected subnet. When the``internet-facing`` scheme is selected, specify an external Elastic IP address. If you leave this field blank, the IP address will be associated automatically.
To map other subnets to the balancer, click Add subnet.
To map subnets, click Map.
Alternatively, you can associate a subnet on the load balancer page in the Information tab.
Delete load balancer#
Together with the balancer, all listeners belonging to it are deleted. However, deleting a balancer does not affect the associated target groups and their targets.
To delete a load balancer:
Go to the section Load balancing Load balancers.
Select the load balancer from the table and click Delete.
Confirm the action.
You can also delete the load balancer on its page in the Information tab.
Listener operations#
Add listener#
Note
You can also add a listener for the target group in the Target groups subsection.
To add a listener:
Go to the section Load balancing Load balancers.
Select the load balancer from the table and click Add listener.
Add listeners and associate target groups with them. To do this, specify the following parameters:
Name tag — The listener name (optional).
Protocol — Protocol whose traffic the listener will receive. A load balancer can have both TCP and UDP traffic listeners simultaneously.
Port — Port which the listener receives traffic at.
Forward to – This option allows you to bind a target group to the listener.
Select an already
existing target groupfrom the list or add anew target group. In the latter case, specify the target group name, the port where traffic is routed to, and the target resources that belong to the group.
If you want to assign tags to the listener, click Add tags to go to the next step.
If the Name tag was not specified in step 3 and you want to add it, click Add Name tag and set the tag value.
To add an arbitrary tag, click Add tag and enter tag key and value.
To add a listener, click Add.
If you need to add more listeners, repeat the above steps.
Alternatively, you can add a listener on the load balancer page in the Listeners tab.
Modify listener settings#
Unlike the balancer creation wizard or the listener adding dialog, you cannot create a target group when modifying listener settings. If you want a listener to redirect traffic to a new target group, create it first.
To change the listener settings:
Go to the section Load balancing Load balancers.
In the resource table, find the load balancer to which the listener belongs and click on the load balancer name to go to its page
Select the listener from the table and click Modify.
Change the listener settings you need:
Protocol — Protocol whose traffic is to be received by the listener.
Port — Port which the listener receives traffic at.
Forwarding to — Target group to which the listener will forward traffic.
To apply settings, click Change.
Delete listener#
Deleting a listener does not affect the associated target group or its targets. After deleting a listener, you can associate its target group with another listener, including the one belonging to another load balancer.
Go to the section Load balancing Load balancers.
Click the load balancer name to go to its page and open the Listeners tab.
Select the listener from the table and click Delete.
Confirm the action.
Load balancer information#
The resource page displays data about the load balancer, its related listeners, and network interfaces. To open a specific load balancer page, go to the section Load balancing Load balancer and click its name in the resource table.
The Information tab shows general information about the load balancer:
balancer name;
DNS name;
creation date;
state;
balancer type;
scheme in use;
VPC where the balancer was created;
ARN of the balancer;
availability zones where there are network interfaces of the balancer;
the number of listeners;
the number of network interfaces.
In addition, here you can map subnets to a balancer and delete it.
The Listeners tab displays a list of listeners in use along with the following information:
listener name (Name tag);
ARN of the listener;
action to be taken with the link to the target group;
port to which traffic comes, and protocol in use.
Note
In case of network load balancers, each listener supports only one action — redirecting traffic to a specified target group.
In addition, here you can add a listener, modify its settings, set tags, and delete it.
The Network Interfaces tab displays the list of network interfaces used by the load balancer, with the following information:
network interface ID;
Name tag;
brief description;
state;
subnet;
availability zone;
VPC;
IP address.
Depending on the balancer scheme selected, either its private IP address or the assigned Elastic IP address is displayed.
На вкладке Теги отображается информация о назначенных тегах. Здесь вы также можете назначить теги балансировщику нагрузки.