Friday, October 26, 2018

#664 OCI - Load Balancer

The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from one entry point to multiple servers reachable from your virtual cloud network (VCN). The service offers a load balancer with your choice of a public or private IP address, and provisioned bandwidth.

Public Load Balancer 

- accepts traffic from the Internet.

A public load balancer is regional in scope and requires two subnets, each in a separate availability domain. One subnet hosts the primary load balancer and the other hosts a standby load balancer to ensure accessibility even during an availability domain outage. 

A public load balancer consumes two private IP addresses, one from each host subnet.

Private Load Balancer

To isolate your load balancer from the internet and simplify your security posture, you can create a private load balancer. The Load Balancing service assigns it a private IP address that serves as the entry point for incoming traffic.

So what do I need to try this out?

Yes - 2 compute instances in different ADs.
These are my backend servers

I also need an Internet Gateway - one was created by default when I created my VCN.

I then install an Apache server on both Compute instances

I open the firewall for ports 80/443 on both instances -

Then reload the firewall -
firewall-cmd --reload
I start the http server on both machines -
systemctl start httpd
I then add a different index file for each - NiallC1/NiallC2
echo 'NiallC1' >/var/www/html/index.html

Your load balancer must reside in different subnets from your application instances. This configuration allows you to keep your application instances secured in subnets with stricter access rules, while allowing public internet traffic to the load balancer in the public subnets.

So let's create those 2 subnets -

4 tasks here -
1. Add a Security List

Note: I have deleted the default ingress and egress rules.

2. Add a Routing Table - makes sense!

3. Create SubNet1

I called it LB-Subnet1

4. Same procedure for LB-Subnet2

Essentially - this is what I have created

Create a Load Balancer

We are now here -

A load balancer directs traffic to what's known as a Backend Set, e.g. my 2 Compute Instances.

I now create this backend set -

Now I add the 2 instances to the backend set -

For this I need the OCID of each -

It's back to editing the Backend Set now -

We are now here -

Now I need to create a Listener for the Load Balancer -

A listener is an entity that checks for connection requests. The load balancer listener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.

I want to accept http requests on port 80.

When you create a listener, you must also update your VCN's security list to allow traffic to that listener.

Now to see if all is working -


I open a browser and enter the public ip of my load balancer

I refresh the page -

This blog post is based 100% on a great lab from the Oracle OCI team.
It is available here

Well done folks!

No comments: