Before You Begin
This tutorial shows you how to create a simple load balancer and verify it with a basic web server application. This tutorial takes approximately 45 minutes to complete.
Background
A load balancer provides automated traffic distribution from one entry point to multiple servers reachable from your Virtual Cloud Network (VCN) and allows you to create highly available resources within your VCN. Oracle Cloud Infrastructure Load Balancing offers a load balancer with your choice of a public or private IP address and provisioned bandwidth and availability features across two Availability Domains. It improves resource utilization, facilitates scaling, and helps ensure high availability. Oracle Cloud Infrastructure Load Balancing also supports handling of both incoming and outgoing Secure Sockets Layer (SSL) traffic.
What Do You Need?
- Subscription to Oracle Cloud Infrastructure.
- A sandbox compartment. See Create a Sandbox Compartment.
- A virtual cloud network (VCN) with the name LB_Network. See Creating a Virtual Cloud Network.
- An SSH-key private-public key pair.
- Two Compute instances with the names Webserver1 and Webserver2. See Creating Virtual Machines.
- Two web servers (such as Apache HTTP Server) running on each instance, Webserver1 and Webserver2, with the following:
- Firewalls opened to allow HTTP and HTTPS traffic.
- An index.htm file created on each web server (Webserver1 and Webserver2) containing the text "WebServer1" and Webserver2" respectively.
Add Subnets to Your VCN to Host Your Load Balancer
Your load balancer should always reside in a separate subnet than your application instances. This allows you to keep your application instances secured in private subnets while allowing public Internet traffic to the load balancer in the public subnets.
To add the public subnets to your VCN perform the following tasks:
- Add a security list.
- Add a route table.
- Create the first and second subnets.
Add a Security List
- In the console, click Networking, and then click Virtual Cloud Networks.
The list of VCNs in the current compartment is displayed.
- Click the name of the VCN, such as LB_Network, which includes your application instances.
- Under Resources, click Security Lists.
- In the Security Lists page, click Create Security List.
- In the Create Security List dialog box, enter the following:
- CREATE IN COMPARTMENT: Select the compartment you want to create the security list in, if not already selected. In this example, select C01. This field defaults to your current compartment.
- SECURITY LIST NAME: Enter a Name, for example,
LB Security List
. - Delete the entries for the ingress rule and the egress rule.
The security list should have no rules. The correct rules will be automatically added in the load balancer workflow.
- Click Create Security List.
- Return to your Virtual Cloud Network Details page.
Add a Route Table
- In the console, under Resources, click Route Tables.
- In the Route Tables page, click Create Route Table.
- In the Create Route Table dialog box, enter the following:
- CREATE IN COMPARTMENT: Select the compartment you want to create the security list in, if not already selected. In this example, select C01. This field defaults to your current compartment.
- NAME: Enter a Name, for example,
LB Route Table
. - DESTINATION CIDR BLOCK: Enter
0.0.0.0/0
. - TARGET TYPE: Select Internet Gateway.
Note: The TARGET COMPARTMENT field is automatically populated.
- TARGET INTERNET GATEWAY: Select the Internet Gateway for your VCN, which is the Internet Gateway LB_Network.
- Click Create Route Table.
Create the Subnets
- In the console, under Resources, click Subnets.
- In the Subnets page, click Create Subnet.
- In the Create Subnet dialog box, enter the following:
- NAME: Enter a name, for example,
LB Subnet 1
. - AVAILABILITY DOMAIN: Choose the first Availability Domain such as OBze:PHX-AD-1.
- CIDR BLOCK: Enter
10.0.4.0/24
. - ROUTE TABLE: Select LB Route Table.
- SUBNET ACCESS: Ensure that PUBLIC SUBNET is selected.
Note: The DNS LABEL and DNS DOMAIN NAME fields are automatically populated.
- DHCP OPTIONS: Leave blank.
- Security Lists: Select LB Security List.
Important: Don't select the default security list.
- Click Create.
- NAME: Enter a name, for example,
- Similarly, create the second subnet. However, for the second subnet, enter the following for NAME, AVAILABILITY DOMAIN, and the CIDR BLOCK fields:
- NAME: Enter a name, for example,
LB Subnet 2
. - AVAILABILITY DOMAIN: Choose the first Availability Domain such as OBze:PHX-AD-2.
- CIDR BLOCK: Enter
10.0.5.0/24
.
- NAME: Enter a name, for example,
Create the Load Balancer
When you create a load balancer, you first choose its shape (size) and then select two subnets in different Availability Domains. This ensures high availability and that the load balancer is active only in one subnet at a time. This load balancer comes with a public IP address and provisioned bandwidth corresponding to the shape you chose.
- In the console, click Networking, and then click Load Balancers.
- Select the compartment where you want to create the load balancer. In this example, select C01.
- Click Create Load Balancer.
- In the Create Load Balancer dialog box, enter the following:
- NAME: Enter a name for your load balancer, for example
user01_LB
. - SHAPE: Select 100Mbps.
Note: This specifies the bandwidth of the load balancer. For this tutorial, you'll be using the smallest shape. The shape cannot be changed later.
- VIRTUAL CLOUD NETWORK: Select the Virtual Cloud Network for your load balancer. In this example, select LB_Network.
- VISIBILITY: Ensure that Create Public Load Balancer is selected.
- SUBNET (1 of 2): Select LB Subnet 1.
- SUBNET (2 of 2): Select LB Subnet 2.
Note: The subnets must be in separate Availability Domains.
- NAME: Enter a name for your load balancer, for example
- Click Create.
Create a Backend Set
A backend set is a collection of backend servers to which your load balancer directs traffic. In this tutorial, you will create one backend set that includes your two web servers.
- Click the name of your load balancer to view its details. In this example, click user01_LB.
- Click Create Backend Set.
- In the Create Backend Set dialog box, enter:
- NAME: Enter a name for your load balancer backend set such as
user01_LB_BES
.Note: The name can't contain spaces.
- POLICY: Select Weighted Round Robin.
The policy determines how traffic is distributed to your backend servers.
- NAME: Enter a name for your load balancer backend set such as
- Enter the Health Check details as follows:
- Protocol: Select HTTP.
- Port: Enter 80
- URL Path (URI): Enter /
In this step, you provide the Oracle Cloud Infrastructure Services information that is needed to check the health of the servers in this backend set.
- Click Create.
When the backend set is created, the Work Request will display the Succeeded status.
Add Backends (Servers) to Your Backend Set
- On your load balancer details page, click Backend Sets.
- Click the name of the backend set, user01_LB_BES.
- In the Backend Set Details page, click Edit Backends.
-
In the Edit Backends dialog enter the following:
- Ensure that HELP ME CREATE PROPER SECURITY LIST RULES is checked.
The security list used by your load balancer subnets is updated to allow egress traffic from the load balancer to each backend server's subnet:
- Allow egress traffic to the backend server 1 subnet (such as Public-Subnet-AD1)
- Allow egress traffic to the backend server 2 subnet (such as Public-Subnet-AD2)
The security list used by your backend server subnets is updated to allow ingress traffic from the load balancer subnets:
- Allow ingress traffic from load balancer subnet 1
- Allow ingress traffic from load balancer subnet 2
- INSTANCE OCID: Paste the OCID of the first instance that you had created (Webserver1).
Note: The Oracle Cloud Identifier (OCID) is displayed when you view the instance, both in the list view and on the details page.
- In the dialog, click View Instances.
A new browser window opens displaying the instances in the current compartment.
- If your instances are not in the current compartment, select the compartment to which the instance belongs. In this example, you've created the instances in current compartment, C01.
A shortened version of the OCID is displayed next to each instance.
- Click Copy to copy the OCID.
- Return to the browser window displaying the Edit Backends dialog box and paste the copied OCID into the Instance OCID field.
- In the dialog, click View Instances.
- PORT: Enter
80
. - WEIGHT: Leave this field blank. The system will distribute the weight on the servers evenly.
- Ensure that HELP ME CREATE PROPER SECURITY LIST RULES is checked.
- Repeat Steps 2 through 4 to add the details of the second backend server (the second instance, Webserver2).
- Click Submit.
The Add Security List Rules window is displayed up with the load balancer subnet and backend subnet details.
- Click Create Rules.
Create the Listener for Your Load Balancer
A listener is an entity that checks for connection requests. The load balancer listener listens for ingress client traffic (using the port that you specify) within the listener and the load balancer's public IP. In this tutorial, you'll define a listener that accepts HTTP requests on port 80.
- Go to your Load Balancer Details page, click Listeners on the left.
- Click Create Listener.
- In the Create Listener dialog box, enter the following:
- NAME: Enter a friendly name such as
user01_Listener
. - PROTOCOL: Select HTTP.
- PORT: Enter
80
as the port on which to listen to for incoming traffic. - BACKEND SET: Select the backend set you created, user01_LB_BES.
- NAME: Enter a friendly name such as
- Click Create.
Update Load Balancer Security Lists to Allow Internet Traffic to the Listener
When you create a listener, you must also update your VCN security lists to allow traffic to that listener.
To update the security list to allow the listener to accept traffic:
- Go to your Virtual Cloud Network details page.
- Click Security Lists.
- Click LB Security List.
- Click Edit All Rules.
- In the Edit Security List Rules dialog box, under Allow Rules for Ingress, click Add Rule.
- Enter the following details:
- Source CIDR: Enter
0.0.0.0/0
. - IP Protocol: Select TCP.
- SOURCE PORT RANGE: Leave this field as is.
- Destination Port Range: Enter
80
(the listener port).
- Source CIDR: Enter
- Click Save Security List Rules.
Verify Your Load Balancer
Now that the load balancer is fully configured, you can test its functionality by navigating to its public IP address on a web browser. If the load balancer has been configured properly, you should see the name of one of the web instances.
- Open a web browser.
- Enter the load balancer public IP address in the address bar and press Enter.
The
index.htm
page of one of your web servers is displayed. - Refresh the web page.
The
Because you configured the load balancer backend set policy as round robin, refreshing the page will alternate between the two web servers.index.htm
page of the other web server should now be displayed.