Load balancing#

General information#

The Load balancing service automatically distributes inbound traffic across a target group of instances in one or more availability zones.This helps to distribute the request processing more evenly among virtual machines and improve availability and reliability of supported applications.

The resources included in the target group are regularly polled to check their health. If any instance fails, no traffic is routed to it. When a failed instance recovers, it starts receiving traffic again. You can always add new instances to, or exclude unnecessary ones from, the target group to maintain the current load level.

There are special entities, listeners, for receiving inbound traffic during load balancing. The listener receives requests from clients at the specified IP address, port, and protocol.

K2 Cloud supports network load balancers (NLB) and application load balancers (ALB). The former operate on OSI Layer 4 and distribute TCP and UDP traffic, while the latter operate on OSI Layer 7 and distribute HTTP and HTTPS traffic.

Depending on the traffic source, load balancers are divided into:

  • internet-facing load balancers;

  • internal load balancers.

The former have public (external) IP addresses and are accessible from the Internet. The latter have private (internal) IP addresses and are accessible only within the VPC where they were created. Both types of balancers use internal IP addresses to forward traffic to target resources.

Key concepts#

Load balancer offers as a single point of entry for client traffic, which is evenly distributed among the targets. It can receive traffic at multiple addresses/ports.

Network Load Balancer operates on OSI Layer 4 and distributes TCP and UDP traffic.

Application load balancer works on OSI Layer 7 and distributes HTTP and HTTPS traffic.

Internet-facing balancer distributes traffic from clients in the Internet. Elastic IP addresses are assigned to the network interfaces of the balancer.

Internal network balancer distributes traffic only from clients in the same VPC. Network interfaces of the balancer can only have internal IP addresses.

Listener monitors requests from clients at a given IP address, port and protocol and forwards them to the target group for further processing. For each listener, only one target group can be specified in the default action; however, different listeners of the same balancer can be associated with different target groups.

Target group aggregates target resources, i.e. instances among which traffic is distributed. A target group can only be associated with one load balancer but used by multiple traffic listeners of this load balancer.

Balancer instance is created along with a dedicated network interface on each subnet that was specified when the balancer is created. One balancer instance can be created in each availability zone. A network load balancer instance, unlike an application load balancer instance, can only distribute traffic among target resources in the same availability zone.

Before you begin#

To get started with the Load Balancing service, follow these steps:

  1. Create a project, if you don’t have one.

  2. In the IAM section, create a user, add it to the created project, and assign the ELBFullAccess policy to it to grant the required privileges to work with the load balancing service.

    Note

    If you want to give the user access to other cloud services, then add this user to the group CloudAdministrators. In this case, assigning the ELBFullAccess policy is not required.

  3. Make sure that the project has all the required resources – subnets, SSH keys, and security groups. Otherwise, create them.

Note

Security groups must include the required permitting rules so that the targets can receive traffic from the load balancer.

Using DNS with load balancers#

User traffic is routed to the load balancer using its DNS name. A domain name is generated for each balancer when it is created.

Attention

The examples below show DNS records for network load balancers. For application load balancers, change nlb to alb.

The DNS name of an internet-facing load balancer looks as follows: <name>-<nlb-id>.nlb.k2.cloud, while that of an internal load balancer looks as follows: <name>-<nlb-id>.nlb.<vpc-id>.internal.

Note

The domain name of an internal load balancer is resolved only by a DNS server inside the respective VPC.

Traffic forwarding#

If a user domain (for example, service1.example.com) needs to be forwarded to a load balancer, then create a DNS resource record of the CNAME type in the example.com zone and specify the DNS name of the balancer, for example:

private-service.example.com. IN CNAME service1.lb-12345678.nlb.k2.cloud.
public-service.example.com. IN CNAME service2.lb-90abcdef.nlb.vpc-12345678.internal.

DNS records for a specific availability zone#

If a balancer has its instances in multiple availability zones and its traffic needs to be forwarded to an instance in a specific availability zone, then zonal DNS records can be used. Such a record is created when a subnet is added for the balancer. Thus, for example, for an internet-facing load balancer with subnets in two availability zones, az1 and az2, the DNS names will be as follows:

az1.service1.nlb-12345678.nlb.k2.cloud. IN A 192.0.2.1
az2.service1.nlb-12345678.nlb.k2.cloud. IN A 192.0.2.2

For comparison, global DNS records look like this:

service1.nlb-12345678.nlb.k2.cloud. IN A 192.0.2.1
service1.nlb-12345678.nlb.k2.cloud.ru. IN A 192.0.2.2

DNS records for availability zones always return one and the same IP address, regardless of the state of the targets. If all targets in an availability zone are unavailable, then traffic forwarded to the corresponding balancer instance according to the DNS record will not be handled until at least one target returns to the OK state.

Load balancer quotas#

The following load balancer quotas are established:

  • up to 50 load balancers of each type per project;

  • up to 50 listeners per load balancer;

  • up to 500 target groups per project;

  • up to 100 targets per target group;

  • up to 20 certificates per load balancer (in addition to the default ones).

If necessary, you can increase quotas. To do this, contact the support service.