Elastic Load Balance. User Guide. Issue 14 Date

Similar documents
Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

Elastic Load Balancing. User Guide. Date

Unified Load Balance. User Guide. Issue 04 Date

Virtual Private Cloud. User Guide. Issue 03 Date

Anti-DDoS. User Guide. Issue 05 Date

Anti-DDoS. User Guide (Paris) Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

Virtual Private Cloud. User Guide. Issue 21 Date HUAWEI TECHNOLOGIES CO., LTD.

Web Cloud Solution. User Guide. Issue 01. Date

NGF0502 AWS Student Slides

Relational Database Service. User Guide. Issue 05 Date

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

Virtual Private Cloud. User Guide

Cloud Eye. User Guide. Issue 13. Date

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

LB Cache Quick Start Guide v1.0

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

How to set up a Virtual Private Cloud (VPC)

Elastic Load Balancing

Workspace. User Guide (Administrators) Issue 19 Date HUAWEI TECHNOLOGIES CO., LTD.

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

PCoIP Connection Manager for Amazon WorkSpaces

SAM 8.0 SP2 Deployment at AWS. Version 1.0

Workspace. User Guide (Administrators) Date

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

How to Setup Total Application Security

CogniFit Technical Security Details

Workspace. User Guide (Administrators) Issue 18 Date HUAWEI TECHNOLOGIES CO., LTD.

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Cloud Computing /AWS Course Content

Virtual Private Network. Network User Guide. Issue 05 Date

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Service Portal User Guide

Advanced Anti-DDoS. User Guide. Issue 17 Date HUAWEI TECHNOLOGIES CO., LTD.

SAP HANA. HA and DR Guide. Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.

PCoIP Connection Manager for Amazon WorkSpaces

Deploying the BIG-IP System for LDAP Traffic Management

DataStream :47:58 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Direct Connect. User Guide. Issue 4 Date

Amazon Virtual Private Cloud. Getting Started Guide

vrealize Orchestrator Load Balancing

Workspace. User Guide (Administrators) Issue 04 Date HUAWEI TECHNOLOGIES CO., LTD.

Configuring SSL Security

Vulnerability Scan Service. User Guide. Issue 20 Date HUAWEI TECHNOLOGIES CO., LTD.

Load Balancing FreePBX / Asterisk in AWS

Getting Started with AWS. Computing Basics for Windows

Oracle WebLogic Server 12c on AWS. December 2018

Load Balancing For Clustered Barracuda CloudGen WAF Instances in the New Microsoft Azure Management Portal

DEPLOYMENT GUIDE A10 THUNDER ADC FOR EPIC SYSTEMS

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

How to Configure a Remote Management Tunnel for an F-Series Firewall

Domain Name Service. FAQs. Issue 07 Date HUAWEI TECHNOLOGIES CO., LTD.

lab Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 AWS Certified Solutions Architect Associate lab title

SIP Proxy Deployment Guide. SIP Server 8.1.1

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

App Orchestration 2.6

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

Elas%c Load Balancing, Amazon CloudWatch, and Auto Scaling Sco) Linder

Citrix 1Y0-A11. 1Y0-A11 Basic Administration for Citrix NetScaler 9.0. Practice Test. Version

Grandstream Networks, Inc. UCM6100 Security Manual

ServiceStage. User Guide. Issue 01 Date

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

vrealize Operations Management Pack for NSX for vsphere 2.0

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

LINUX, WINDOWS(MCSE),

VMware Horizon View Deployment

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

Distributed Message Service. User Guide. Issue 14 Date

SAP Business One. User Guide. Issue 04 Date HUAWEI TECHNOLOGIES CO., LTD.

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

Standardized Architecture for PCI DSS on the AWS Cloud

Pulse Connect Secure Virtual Appliance on Amazon Web Services

#AWSSummit. Démarrer sur AWS. L élasticité et les outils de gestions

Flexible Engine. Startup Guide

DEPLOYMENT GUIDE. Load Balancing VMware Unified Access Gateway

Configuring SSL. SSL Overview CHAPTER

25 Best Practice Tips for architecting Amazon VPC

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

vcloud Director Tenant Portal Guide vcloud Director 8.20

Deployment Guide AX Series with Oracle E-Business Suite 12

VMware Content Gateway to Unified Access Gateway Migration Guide

Lenovo ThinkAgile XClarity Integrator for Nutanix Installation and User's Guide

Setting Up a Mitel SX-2000 Digital PIMG Integration with Cisco Unity Connection

CloudEdge SG6000-VM Installation Guide

FortiMail AWS Deployment Guide

ArcGIS 10.3 Server on Amazon Web Services

A10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP LTM for SIP Traffic Management. Archived

AWS_SOA-C00 Exam. Volume: 758 Questions

VII. Corente Services SSL Client

Oracle Cloud Using Oracle Cloud Infrastructure Load Balancing Classic

VMware AirWatch Integration with RSA PKI Guide

vrealize Orchestrator Load Balancing

BIG-IP Analytics: Implementations. Version 13.1

Using ANM With Virtual Data Centers

Transcription:

Issue 14 Date 2018-02-28

Contents Contents 1 Overview... 1 1.1 Basic Concepts... 1 1.1.1 Elastic Load Balance... 1 1.1.2 Public Network Load Balancer...1 1.1.3 Private Network Load Balancer... 2 1.1.4 Sticky Session...2 1.1.5 Healthy Threshold... 2 1.1.6 Unhealthy Threshold... 2 1.1.7 Certificate... 2 1.1.8 Region...2 1.1.9 Project...2 1.2 Functions... 2 1.3 Advantages... 3 1.3.1 Flexible Traffic Distribution...3 1.3.2 Horizontal Scaling... 4 1.3.3 SPOF Elimination...5 1.3.4 Multi-AZ Deployment...5 1.4 Restrictions... 6 1.5 Related Services... 6 2 Getting Started... 8 3 Management... 15 3.1 Load Balancer...15 3.2 Listener... 18 3.3 Backend ECS...25 3.4 Certificate... 27 4 Typical Application Scenarios... 31 4.1 Configuration Process and Scenario Selection...31 4.2 Configuring a TCP Public Network Load Balancer Using Short Connections...32 4.3 Configuring a TCP Public Network Load Balancer Using Short Connections and with Sticky Session Enabled... 33 4.4 Configuring a TCP Public Network Load Balancer Using Long Connections...34 4.5 Configuring a TCP Public Network Load Balancer Using Long Connections and with Sticky Session Enabled...34 4.6 Configuring an HTTP Public Network Load Balancer... 35 Issue 14 (2018-02-28) ii

Contents 4.7 Configuring an HTTP Public Network Load Balancer with Sticky Session Enabled...37 4.8 Configuring an HTTPS Public Load Balancer... 38 4.9 Configuring an HTTPS Public Network Load Balancer with Sticky Session Enabled... 38 5 FAQs...40 5.1 What Is ELB?... 40 5.2 What Types of Load Balancers Can I Choose?... 40 5.3 Can I Adjust the Bandwidth of a Load Balancer?... 40 5.4 Which Load Balancing Modes Are Supported?... 40 5.5 How Do I Select the LB Protocol?... 41 5.6 Does ELB Support ECSs Running Different OSs?... 41 5.7 How Many Load Balancers Can I Have?... 41 5.8 Do I Need to Manually Apply for an IP Address for a Load Balancer?... 41 5.9 What Functions Do Listeners Provide?... 41 5.10 What Are Load Balancing Protocols and Ports?... 42 5.11 What Are ECS Protocols and Ports?...42 5.12 Is the Public IP Address Exclusively Assigned to the ELB Service Being Used?...42 5.13 How Do I Select an Appropriate Load Balancing Algorithm?...42 5.14 Will There Be Any Adverse Impact If I Delete My Load Balancers?... 42 5.15 How Do I Configure Health Check Parameters?...43 5.16 How Do I Select the Health Check Protocol?... 43 5.17 How Do I Configure Health Check Parameters?...43 5.18 How Do I Specify the HTTP Health Check Path?... 43 5.19 How Do I Rectify a Health Check Failure?...43 5.20 Why Cannot I Access a Load Balancer from Its Backend ECS?... 44 5.21 Why Do Many IP Addresses Accessing the Backend ECSs of a Load Balancer Begin with 100.125?... 44 5.22 How Can I Obtain the Real IP Address of a Visitor?... 44 5.23 Do I Need to Enable Sticky Session?... 44 5.24 How Can I Enable Sticky Session?... 45 5.25 How Do I Set Stickiness Duration?...45 5.26 What Types of Sticky Sessions Does ELB Support?...45 5.27 How Can I Handle Backend ECSs in the Abnormal [Deleted] State?... 45 5.28 What Is the Maximum Number of Concurrent Connections to a Public IP Address?... 45 5.29 What Is a Private Network Load Balancer?... 46 5.30 What Are the Application Scenarios of Private Network Load Balancers?...46 5.31 What Are the Precautions of Using UDP?... 46 5.32 What Are the Precautions of Using HTTP or HTTPS?...46 5.33 How Can I View Security Group Rules?...46 A Appendix...48 A.1 Configuring the TOA Plug-in...48 B Change History...54 Issue 14 (2018-02-28) iii

1 Overview 1 Overview 1.1 Basic Concepts 1.1.1 Elastic Load Balance Elastic Load Balance (ELB) is a service that automatically distributes access traffic to multiple Elastic Cloud Servers (ECSs) following configured listening rules to balance their workloads. It improves the fault tolerance and expands the service capabilities of your applications. With a web-based console, you can create load balancers, configure the ports required for listening, and add backend ECSs for load balancers. ELB helps eliminate single points of failure (SPOFs), improving availability of the whole system. 1.1.2 Public Network Load Balancer A public network load balancer provides load balancing services for public network users and automatically distributes incoming traffic from the public network among multiple ECSs. Issue 14 (2018-02-28) 1

1 Overview 1.1.3 Private Network Load Balancer 1.1.4 Sticky Session A private network load balancer provides load balancing services for private network users and automatically distributes the incoming traffic among multiple ECSs in the same VPC. Sticky session is a feature of the load balancer. This feature binds sessions to specific ECSs so that all requests from the same client during the session are routed to the same ECS for processing. 1.1.5 Healthy Threshold Healthy threshold refers to the number of successful health checks for an ECS to be considered healthy. 1.1.6 Unhealthy Threshold 1.1.7 Certificate 1.1.8 Region 1.1.9 Project 1.2 Functions Unhealthy threshold refers to the number of unsuccessful health checks for an ECS to be considered unhealthy. If you use HTTPS or SSL for frontend connections, you can create a certificate and bind it to a listener. A region is the physical location where ELB is deployed. Each region comprises one or more AZs and is isolated from other regions. Only AZs in the same region can communicate with one another through an internal network. Public cloud data centers are deployed worldwide, such as North America, Europe, and Asia. ELB can be deployed in different regions. Provisioning ELB to specific regions can better meet user requirements. For example, applications can be designed to better meet specific user requirements or comply with local laws and other demands. A project is used to group and isolate FusionSphere OpenStack resources, including computing, storage, and network resources. A project can be a department or a project team. Multiple projects can be created for one account. ELB allows you to balance service load. A self-service web-based console is provided for you to easily configure the service and quickly add service resources for load balancing. Issue 14 (2018-02-28) 2

1 Overview Function Protocol Public Network Load Balancer HTTP, HTTPS, TCP, and UDP Private Network Load Balancer HTTP, HTTPS, and TCP Sticky session Supported Supported Cross-AZ traffic distribution Supported Supported Integration with AS Supported Supported Idle connection timeout Supported Supported Connection flood Supported Supported Health check Supported Supported Cloud Eye metrics Supported Supported Access log Access log configuration supported Not supported 1.3 Advantages 1.3.1 Flexible Traffic Distribution The load balancer serves as a single point of contact for clients. You can configure a virtual service IP address to consolidate multiple ECSs in the same region into a high-performance and high-availability application service pool. The load balancer checks requests from clients using the protocol and port you configure and forwards the requests to one or multiple ECSs, improving the system performance in handling services with massive access. Issue 14 (2018-02-28) 3

1 Overview Figure 1-1 Traffic distribution 1.3.2 Horizontal Scaling You can add one or multiple listeners to your load balancer. You can also add or remove backend ECSs associated with the load balancer based on service requirements without interrupting requests from applications. Figure 1-2 Horizontal scaling Issue 14 (2018-02-28) 4

1 Overview 1.3.3 SPOF Elimination You can configure health checks to monitor the status of backend ECSs and ensure that the load balancer forwards requests only to ECSs that are running properly. Figure 1-3 Eliminating SPOFs 1.3.4 Multi-AZ Deployment ELB can distribute traffic across AZs. If the network in an AZ becomes faulty, ELB can forward the traffic to other backend ECSs in other AZs, improving the disaster recovery of applications. This makes perfect for services that have high requirements for reliability and disaster recovery. Issue 14 (2018-02-28) 5

1 Overview Figure 1-4 Deployment in multiple AZs 1.4 Restrictions 1.5 Related Services ELB is subject to the following restrictions in traffic distribution: ELB must be used in combination with the ECS service. ELB does not support cross-region deployment. For this reason, backend ECSs associated with a load balancer must belong to the same region. Before using ELB, ensure that you have correctly configured application services on the backend ECSs associated with load balancers and the application services can be accessed using their IP addresses from the ECSs. Virtual Private Cloud (VPC) Creating load balancers requires elastic IP addresses and bandwidth assigned in VPC. Auto Scaling (AS) After ELB is configured, AS automatically adds or removes ECSs for the ELB service in a scaling action. Identity and Access Management (IAM) IAM provides authentication for ELB. Cloud Trace Service (CTS) CTS records the operations on ELB resources. Issue 14 (2018-02-28) 6

1 Overview Cloud Eye After you have enabled ELB, you can use Cloud Eye to view the status of its monitored objects, without installing additional plug-ins. Table 1-1 lists the ELB metrics supported by Cloud Eye. Table 1-1 ELB metrics Metric cps Active Connections Inactive Connections New cps Incoming Packets Outgoing Packets Inbound Rate Outbound Rate Abnormal Hosts Normal Hosts Description Shows the number of concurrent connections processed by the monitored object per second. Shows the number of active connections processed by the monitored object per second. Shows the number of inactive connections processed by the monitored object per second. Shows the number of new connections processed by the monitored object per second Shows the number of incoming packets on the monitored object per second. Shows the number of outgoing packets on the monitored object per second. Shows the number of incoming bytes per second on the monitored object. Shows the number of outgoing bytes per second on the monitored object. Shows the number of abnormal backend ECSs. Shows the number of normal backend ECSs. Issue 14 (2018-02-28) 7

2 Getting Started 2 Getting Started Create a Load Balancer 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, click Create Load Balancer. 5. On the Create Load Balancer page, set parameters as prompted. Two types of load balancers can be created: public network load balancer and private network load balancer. See Table 2-1 for the parameters required for creating a public network load balancer and Table 2-2 for the parameters required for creating a private network load balancer. Table 2-1 Parameter description Parameter Description Example Value Name Specifies the load balancer name. elb_01 Type VPC Specifies the load balancer type, Public network or Private network. Public network: indicates that the load balancer is used in the public network. Private network: The traffic from the same VPC is automatically distributed to multiple ECSs. Select Public network. Specifies the VPC to which the load balancer belongs. You can select an existing VPC or click View VPC to apply for a new one. For more information about VPC, see the Virtual Private Cloud. Public network VPC_01 Issue 14 (2018-02-28) 8

2 Getting Started Parameter Description Example Value EIP EIP Type Billing Mode Bandwidth This parameter is required if you select Public network for Type. You can select Existing EIP to use an existing EIP or New EIP to apply for a new one. Specifies the link type (BGP) of a new EIP. Static BGP: When changes occur on a network using static BGP, carriers cannot adjust network configurations in real time to ensure optimal user experience. Dynamic BGP: When changes occur on a network using dynamic BGP, routing protocols provide automatic, real-time optimization of network configurations, ensuring network stability and optimal user experience. Specifies the charging mode. You can select Bandwidth or Traffic. Specifies the public network bandwidth when a new EIP is used. 10.154.56.194 Dynamic BGP Bandwidth 100 Description Describes the load balancer. N/A Table 2-2 Parameter description Parameter Description Example Value Name Specifies the load balancer name. elb_01 Type VPC Specifies the load balancer type, Public network or Private network. Public network: indicates that the load balancer is used in the public network. Private network: The traffic from the same VPC is automatically distributed to multiple ECSs. Select Private network. Specifies the VPC to which the load balancer belongs. You can select an existing VPC or click View VPC to apply for a new one. For more information about VPC, see the Virtual Private Cloud. Private network VPC_01 Issue 14 (2018-02-28) 9

2 Getting Started Parameter Description Example Value AZ Subnet LB Virtual IP Address Security Group Provides information about the AZ. The ECS associated with the load balancer will be created in the specified AZ. Specifies the subnet to which the load balancer belongs when you select Private network for Type. You can select Automatic or Manual. If you select Manual, enter an IP address. Specifies the security group to which the load balancer belongs when you select Private network for Type. NOTE A security group has two types of rules. You need to ensure that the rules are not deleted. Outbound rule: Packets destined for the same security group are forwarded. Inbound rule: Packets from the same security group are forwarded. For details about how to view security rules, see How Can I View Security Rules? N/A subnet01 192.168.1.10 sg-1 Description Describes the load balancer. N/A Add a Listener 6. Click Next. 7. Confirm the specifications and click Submit. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. In the navigation pane on the left, choose Elastic Load Balance. On the displayed page, click the name of the target load balancer. 5. In the Listener area, click Add Listener. 6. In the displayed dialog box, set parameters as prompted. Table 2-3 Parameter description Parameter Description Example Value Name Specifies the listener name. listener01 Issue 14 (2018-02-28) 10

2 Getting Started Parameter Description Example Value LB Protocol/Port ECS Protocol/Port LB Mode Default Certificate Specifies the load distribution protocol and port. The public network load balancer supports the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing UDP: layer-4 load balancing The private network load balancer supports the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing Specifies the enabled protocol and port. HTTP: layer-7 load balancing TCP: layer-4 load balancing UDP: layer-4 load balancing When LB Protocol is set to UDP, ECS Protocol is UDP by default. Specifies the load balancing algorithm. Round robin: A new connection request is distributed to the next ECS in sequence so that all requests are distributed evenly among all ECSs. Least connections: New connections are distributed to the ECS processing the least connections. Source IP address algorithm: The source IP address of the request is used as the HashKey to identify the ECS in the static fragment table. Choose an appropriate algorithm as the access traffic changes to improve the load balancing capability. Specifies the certificate used by HTTPS load balancers. You can select a created certificate or create one. For details about how to create a certificate, see section 3.4 Certificate. This parameter is available only when LB Protocol is set to HTTPS. TCP/80 UDP/80 HTTP/80 HTTPS/443 TCP/22 HTTP/80 Round robin cert-miij/ 9125267e1b1 a4526b346cd fb9b9f856a Issue 14 (2018-02-28) 11

2 Getting Started Parameter Description Example Value Enable SNI SNI Certificate SSL Protocol SSL Cipher Sticky Session Specifies whether to enable the Server Name Indication (SNI) function when LB Protocol is set to HTTPS. SNI is an extension to Transport Layer Security (TLS) when a server uses multiple domain names and certificates. It allows the client to submit the domain name information when sending an SSL handshake request. After receiving the request, ELB queries the right certificate based on the domain name and returns it to the client. If no certificate is found, ELB returns a default one. Specifies the certificate associated with the domain name when LB Protocol is set to HTTPS. You can select a created certificate or create one. For details about how to create a certificate, see section 3.4 Certificate. Specifies the SSL protocol used by HTTPS load balancers. This parameter is used to enable specified encryption protocols: TLSv1.2 TLSv1.2 TLSv1.1 TLSv1 This parameter is available only when LB Protocol is set to HTTPS. Specifies the SSL password used by HTTPS load balancers. The following options are available: Default Cipher Extended Cipher Strict Cipher This parameter is available only when LB Protocol is set to HTTPS. Extended Cipher can be selected for SSL Cipher only when SSL Protocol is set to TLSv1.2 TLSv1.1 TLSv1. Specifies whether to enable sticky session. If sticky session is enabled, requests from the same client will be distributed to the same ECS for processing. NOTE The sticky session feature is supported only when LB Mode is set to Round robin. N/A N/A N/A N/A - Issue 14 (2018-02-28) 12

2 Getting Started Parameter Description Example Value Stickiness Duration (min) Check Mode Interval (s) Timeout (s) Healthy Threshold Unhealthy Threshold Check Path The duration ranges from 1 to 1440 min if LB Protocol is set to TCP or UDP. The duration ranges from 1 to 1440 min if LB Protocol is set to HTTP or HTTPS. NOTE If you enable sticky session, you need to set the stickiness duration. Specifies the protocol and port used for performing health checks on ECSs. Specifies the maximum interval for one health check. Specifies the maximum timeout duration for one health check. Specifies the threshold at which a backend ECS is considered healthy. It indicates the number of consecutive successful health checks necessary for the status of a backend ECS to change from abnormal to normal. Specifies the threshold at which a backend ECS is considered unhealthy. It indicates the number of consecutive failed health checks necessary for the status of a backend ECS to change from normal to abnormal. Specifies the URL for health check. This parameter is displayed only when HTTP is selected for Check Mode. NOTE Special characters -/.%?#&= can be contained in the URL. 5 HTTP/80 5 10 3 3 /test.html 7. Click OK. To ensure that a load balancer stops sending requests to a backend ECS being removed and that existing connections are retained, the draining function is enabled for layer-4 and layer-7 load balancers. When a backend ECS is removed, connections scheduled for this ECS will be retained for the configured duration. After the duration is exceeded, connections will be stopped. The duration is 5 min for layer-4 load balancing. You can use APIs to enable or disable layer-4 load balancing and configure the connection retention duration. For details, see section Creating a Listener in the Elastic Load Balance API Reference. Issue 14 (2018-02-28) 13

2 Getting Started Add Backend ECSs 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, locate the row that contains the target load balancer and click its name. 5. In the Listener area, locate the row that contains the target listener and click Add Backend ECS in the Operation column. 6. In the displayed dialog box, select the subnet and then filter backend ECSs through the running status, ECS name, or IP address. 7. Click OK. Issue 14 (2018-02-28) 14

3 Management 3 Management 3.1 Load Balancer Create a Load Balancer 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, click Create Load Balancer. 5. On the Create Load Balancer page, set parameters as prompted. Two types of load balancers can be created: public network load balancer and private network load balancer. See Table 3-1 for the parameters required for creating a public network load balancer and Table 3-2 for the parameters required for creating a private network load balancer. Table 3-1 Parameter description Parameter Description Example Value Name Specifies the load balancer name. elb_01 Type Specifies the load balancer type, Public network or Private network. Public network: indicates that the load balancer is used in the public network. Private network: The traffic from the same VPC is automatically distributed to multiple ECSs. Select Public network. Public network Issue 14 (2018-02-28) 15

3 Management Parameter Description Example Value VPC EIP EIP Type Billing Mode Bandwidth Specifies the VPC to which the load balancer belongs. You can select an existing VPC or click View VPC to apply for a new one. For more information about VPC, see the Virtual Private Cloud. This parameter is required if you select Public network for Type. You can select Existing EIP to use an existing EIP or New EIP to apply for a new one. Specifies the link type (BGP) of a new EIP. Static BGP: When changes occur on a network using static BGP, carriers cannot adjust network configurations in real time to ensure optimal user experience. Dynamic BGP: When changes occur on a network using dynamic BGP, routing protocols provide automatic, real-time optimization of network configurations, ensuring network stability and optimal user experience. Specifies the charging mode. You can select Bandwidth or Traffic. Specifies the public network bandwidth when a new EIP is used. VPC_01 10.154.56.194 Dynamic BGP Bandwidth 100 Description Describes the load balancer. N/A Table 3-2 Parameter description Parameter Description Example Value Name Specifies the load balancer name. elb_01 Type Specifies the load balancer type, Public network or Private network. Public network: indicates that the load balancer is used in the public network. Private network: The traffic from the same VPC is automatically distributed to multiple ECSs. Select Private network. Private network Issue 14 (2018-02-28) 16

3 Management Parameter Description Example Value VPC AZ Subnet LB Virtual IP Address Security Group Specifies the VPC to which the load balancer belongs. You can select an existing VPC or click View VPC to apply for a new one. For more information about VPC, see the Virtual Private Cloud. Provides information about the AZ. The ECS associated with the load balancer will be created in the specified AZ. Specifies the subnet to which the load balancer belongs when you select Private network for Type. You can select Automatic or Manual. If you select Manual, enter an IP address. Specifies the security group to which the load balancer belongs when you select Private network for Type. NOTE A security group has two types of rules. You need to ensure that the rules are not deleted. Outbound rule: Packets destined for the same security group are forwarded. Inbound rule: Packets from the same security group are forwarded. For details about how to view security rules, see How Can I View Security Rules? VPC_01 N/A subnet01 192.168.1.10 sg-1 Description Describes the load balancer. N/A 6. Click Next. Query a Load Balancer Disable a Load Balancer 7. Confirm the specifications and click Submit. 1. Log in to the management console. 2. Under Network, click Elastic Load Balance. 3. In the Load Balancer area, view details about a load balancer, including its status and bandwidth. From the drop-down list in the upper right corner of the load balancer list, query a load balancer through Name, ID, or Service IP Address. 1. On the Elastic Load Balance page of the management console, locate the row that contains the target load balancer and click Disable in the Operation column. Issue 14 (2018-02-28) 17

3 Management Enable a Load Balancer Modify the Bandwidth Delete a Load Balancer a. In the displayed dialog box, click OK. 1. On the Elastic Load Balance page of the management console, locate the row that contains the target load balancer and click Enable in the Operation column. 2. In the displayed dialog box, click OK. 1. Log in to the management console. 2. Under Network, click Elastic Load Balance. 3. On the displayed page, locate the row that contains the target load balancer and click Modify Bandwidth in the Operation column. 4. Adjust the bandwidth as required and click OK. 1. On the Elastic Load Balance page of the management console, locate the row that contains the target load balancer and click Delete in the Operation column. 2. In the displayed dialog box, click OK. NOTE If the target load balancer has backend ECSs added, it cannot be deleted. 3.2 Listener Add a Listener 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. In the navigation pane on the left, choose Elastic Load Balance. On the displayed page, click the name of the target load balancer. 5. In the Listener area, click Add Listener. 6. In the displayed dialog box, set parameters as prompted. Table 3-3 Parameter description Parameter Description Example Value Name Specifies the listener name. listener01 Issue 14 (2018-02-28) 18

3 Management Parameter Description Example Value LB Protocol/Port ECS Protocol/Port LB Mode Default Certificate Specifies the load distribution protocol and port. The public network load balancer supports the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing UDP: layer-4 load balancing The private network load balancer supports the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing Specifies the enabled protocol and port. HTTP: layer-7 load balancing TCP: layer-4 load balancing UDP: layer-4 load balancing When LB Protocol is set to UDP, ECS Protocol is UDP by default. Specifies the load balancing algorithm. Round robin: A new connection request is distributed to the next ECS in sequence so that all requests are distributed evenly among all ECSs. Least connections: New connections are distributed to the ECS processing the least connections. Source IP address algorithm: The source IP address of the request is used as the HashKey to identify the ECS in the static fragment table. Choose an appropriate algorithm as the access traffic changes to improve the load balancing capability. Specifies the certificate used by HTTPS load balancers. You can select a created certificate or create one. For details about how to create a certificate, see section 3.4 Certificate. This parameter is available only when LB Protocol is set to HTTPS. TCP/80 UDP/80 HTTP/80 HTTPS/443 TCP/22 HTTP/80 Round robin cert-miij/ 9125267e1b1 a4526b346cd fb9b9f856a Issue 14 (2018-02-28) 19

3 Management Parameter Description Example Value Enable SNI SNI Certificate SSL Protocol SSL Cipher Sticky Session Specifies whether to enable the Server Name Indication (SNI) function when LB Protocol is set to HTTPS. SNI is an extension to Transport Layer Security (TLS) when a server uses multiple domain names and certificates. It allows the client to submit the domain name information when sending an SSL handshake request. After receiving the request, ELB queries the right certificate based on the domain name and returns it to the client. If no certificate is found, ELB returns a default one. Specifies the certificate associated with the domain name when LB Protocol is set to HTTPS. You can select a created certificate or create one. For details about how to create a certificate, see section 3.4 Certificate. Specifies the SSL protocol used by HTTPS load balancers. This parameter is used to enable specified encryption protocols: TLSv1.2 TLSv1.2 TLSv1.1 TLSv1 This parameter is available only when LB Protocol is set to HTTPS. Specifies the SSL password used by HTTPS load balancers. The following options are available: Default Cipher Extended Cipher Strict Cipher This parameter is available only when LB Protocol is set to HTTPS. Extended Cipher can be selected for SSL Cipher only when SSL Protocol is set to TLSv1.2 TLSv1.1 TLSv1. Specifies whether to enable sticky session. If sticky session is enabled, requests from the same client will be distributed to the same ECS for processing. NOTE The sticky session feature is supported only when LB Mode is set to Round robin. N/A N/A N/A N/A - Issue 14 (2018-02-28) 20

3 Management Parameter Description Example Value Stickiness Duration (min) Check Mode Interval (s) Timeout (s) Healthy Threshold Unhealthy Threshold Check Path The duration ranges from 1 to 1440 min if LB Protocol is set to TCP or UDP. The duration ranges from 1 to 1440 min if LB Protocol is set to HTTP or HTTPS. NOTE If you enable sticky session, you need to set the stickiness duration. Specifies the protocol and port used for performing health checks on ECSs. Specifies the maximum interval for one health check. Specifies the maximum timeout duration for one health check. Specifies the threshold at which a backend ECS is considered healthy. It indicates the number of consecutive successful health checks necessary for the status of a backend ECS to change from abnormal to normal. Specifies the threshold at which a backend ECS is considered unhealthy. It indicates the number of consecutive failed health checks necessary for the status of a backend ECS to change from normal to abnormal. Specifies the URL for health check. This parameter is displayed only when HTTP is selected for Check Mode. NOTE Special characters -/.%?#&= can be contained in the URL. 5 HTTP/80 5 10 3 3 /test.html 7. Click OK. To ensure that a load balancer stops sending requests to a backend ECS being removed and that existing connections are retained, the draining function is enabled for layer-4 and layer-7 load balancers. When a backend ECS is removed, connections scheduled for this ECS will be retained for the configured duration. After the duration is exceeded, connections will be stopped. The duration is 5 min for layer-4 load balancing. You can use APIs to enable or disable layer-4 load balancing and configure the connection retention duration. For details, see section Creating a Listener in the Elastic Load Balance API Reference. Issue 14 (2018-02-28) 21

3 Management Modify a Listener 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. In the navigation pane on the left, choose Elastic Load Balance. On the displayed page, click the name of the target load balancer. 5. In the Listener area, click More in the Operation column of the target listener. 6. In the displayed dialog box, set parameters as prompted. Table 3-4 Parameter description Parameter Description Example Value Name Specifies the listener name. listener01 LB Protocol/Port ECS Protocol/Port Specifies the load distribution protocol and port. The public network load balancer supports the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing UDP: layer-4 load balancing The private network load balancer supports the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing Specifies the enabled protocol and port. HTTP: layer-7 load balancing TCP: layer-4 load balancing UDP: layer-4 load balancing When LB Protocol is set to UDP, ECS Protocol is UDP by default. TCP/80 UDP/80 HTTP/80 HTTPS/443 TCP/22 HTTP/80 Issue 14 (2018-02-28) 22

3 Management Parameter Description Example Value LB Mode Default Certificate Enable SNI SNI Certificate Specifies the load balancing algorithm. Round robin: A new connection request is distributed to the next ECS in sequence so that all requests are distributed evenly among all ECSs. Least connections: New connections are distributed to the ECS processing the least connections. Source IP address algorithm: The source IP address of the request is used as the HashKey to identify the ECS in the static fragment table. Choose an appropriate algorithm as the access traffic changes to improve the load balancing capability. Specifies the certificate used by HTTPS load balancers. You can select a created certificate or create one. For details about how to create a certificate, see section 3.4 Certificate. This parameter is available only when LB Protocol is set to HTTPS. Specifies whether to enable the Server Name Indication (SNI) function when LB Protocol is set to HTTPS. SNI is an extension to Transport Layer Security (TLS) when a server uses multiple domain names and certificates. It allows the client to submit the domain name information when sending an SSL handshake request. After receiving the request, ELB queries the right certificate based on the domain name and returns it to the client. If no certificate is found, ELB returns a default one. Specifies the certificate associated with the domain name when LB Protocol is set to HTTPS. You can select a created certificate or create one. For details about how to create a certificate, see section 3.4 Certificate. Round robin cert-miij/ 9125267e1b1 a4526b346cd fb9b9f856a N/A N/A Issue 14 (2018-02-28) 23

3 Management Parameter Description Example Value SSL Protocol SSL Cipher Sticky Session Stickiness Duration (min) Check Mode Interval (s) Timeout (s) Specifies the SSL protocol used by HTTPS load balancers. This parameter is used to enable specified encryption protocols: TLSv1.2 TLSv1.2 TLSv1.1 TLSv1 This parameter is available only when LB Protocol is set to HTTPS. Specifies the SSL password used by HTTPS load balancers. The following options are available: Default Cipher Extended Cipher Strict Cipher This parameter is available only when LB Protocol is set to HTTPS. Extended Cipher can be selected for SSL Cipher only when SSL Protocol is set to TLSv1.2 TLSv1.1 TLSv1. Specifies whether to enable sticky session. If sticky session is enabled, requests from the same client will be distributed to the same ECS for processing. NOTE The sticky session feature is supported only when LB Mode is set to Round robin. The duration ranges from 1 to 1440 min if LB Protocol is set to TCP or UDP. The duration ranges from 1 to 1440 min if LB Protocol is set to HTTP or HTTPS. NOTE If you enable sticky session, you need to set the stickiness duration. Specifies the protocol and port used for performing health checks on ECSs. Specifies the maximum interval for one health check. Specifies the maximum timeout duration for one health check. N/A N/A - 5 HTTP/80 5 10 Issue 14 (2018-02-28) 24

3 Management Parameter Description Example Value Healthy Threshold Unhealthy Threshold Check Path Specifies the threshold at which a backend ECS is considered healthy. It indicates the number of consecutive successful health checks necessary for the status of a backend ECS to change from abnormal to normal. Specifies the threshold at which a backend ECS is considered unhealthy. It indicates the number of consecutive failed health checks necessary for the status of a backend ECS to change from normal to abnormal. Specifies the URL for health check. This parameter is displayed only when HTTP is selected for Check Mode. NOTE Special characters -/.%?#&= can be contained in the URL. 3 3 /test.html Delete a Listener 7. Click OK. To modify parameters related to the draining function of layer-4 load balancing, see section Modifying a Listener in the Elastic Load Balance API Reference. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. In the navigation pane on the left, choose Elastic Load Balance. On the displayed page, click the name of the target load balancer. 5. In the Listener area, click Delete in the Operation column of the target listener. 6. In the displayed dialog box, click OK. NOTE If a listener has backend ECSs added, it cannot be deleted. 3.3 Backend ECS Before adding backend ECSs, you need to check whether the rule of the security group to which the ECSs belong allows access by 100.125.0.0/16, and specify the protocol and port for health checks. If the protocol and port are not specified, the health of the added ECSs cannot be checked. To query the protocol and port for health checks, select the listener to which the backend ECSs are to be added and click View under Health Check. To configure the security group Issue 14 (2018-02-28) 25

3 Management Add Backend ECSs rule, choose Network > Virtual Private Cloud > Security Group. Locate the security group of the target ECSs on the Security Group page and click the security group name to query the rule. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, locate the row that contains the target load balancer and click its name. 5. In the Listener area, locate the row that contains the target listener and click Add Backend ECS in the Operation column. 6. In the displayed dialog box, select the subnet and then filter backend ECSs through the running status, ECS name, or IP address. 7. Click OK. View Backend ECSs Remove Backend ECSs 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, locate the row that contains the target load balancer and click its name. 5. In the Listener area, locate the row that contains the target listener and click the number in the Backend ECS Quantity column. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, locate the row that contains the target load balancer and click its name. 5. In the Listener area, locate the row that contains the target listener and click the number in the Backend ECS Quantity column. 6. To remove multiple backend ECSs, select the target ECSs and click Remove above the ECS list. To remove a single ECS, locate the row that contains the target ECS or select the target ECS, and click Remove. 7. In the displayed dialog box, click OK. Issue 14 (2018-02-28) 26

3 Management 3.4 Certificate Scenarios Create a Certificate This section describes how to manage HTTPS certificates. You can upload a certificate and bind it to an HTTPS listener to provide the HTTPS or TCP service. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, click the Certificate tab. 5. Click Create Certificate under Certificate. 6. In the displayed dialog box, specify the information based on Table 3-5. Table 3-5 Parameter description Parameter Manda tory Description Certificate Name Yes Specifies the certificate name. Description No Provides supplementary information about the certificate function. Domain Name No A domain name must be specified if a certificate is used for SNI. Each certificate can have only one domain name. Certificate Content Yes Specifies the certificate content. Only the PEM format is supported. NOTE If a certificate chain is used, you need to configure the content of all the certificates from the sub-certificate to the root certificate in sequence. For example, if you have three certificates: subcertificate, intermediate certificate, and root certificate, the correct configuration sequence is sub-certificate > intermediate certificate > root certificate. Private Key Yes This must be an unencrypted private key. Only the PEM format is supported. NOTE If a certificate chain is used, you need to configure the private key of the sub-certificate first and ensure that the configuration sequence of private keys is the same as that of the certificates. 7. Click OK. Issue 14 (2018-02-28) 27

3 Management Delete a Certificate Modify a Certificate Bind a Certificate Only certificates that are not in use can be deleted. Detailed operations are as follows: 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. In the navigation pane on the left, choose Elastic Load Balance. On the displayed page, click the Certificate tab under Load Balancer. 5. Locate the row that contains the target certificate and click Delete in the Operation column. 6. In the displayed dialog box, click OK. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. In the navigation pane on the left, choose Elastic Load Balance. On the displayed page, click the Certificate tab under Load Balancer. 5. Locate the row that contains the target certificate and click Modify in the Operation column. 6. In the displayed Modify dialog box, modify the certificate information. 7. Click OK. 1. Log in to the management console. 2. Click in the upper left corner and select the desired region and project. 3. Under Network, click Elastic Load Balance. 4. On the displayed page, click the name of the target load balancer for which an HTPPS listener is to be added. 5. Click Add Listener. 6. In the displayed Add Listener dialog box, set parameters as needed. If HTTPS is selected for LB Protocol, a certificate must be bound to the listener to be added. Issue 14 (2018-02-28) 28

3 Management Figure 3-1 Add Listener Table 3-6 Parameter description Parameter Description Example Value Name Specifies the listener name. listener01 LB Protocol/Port Specifies the load distribution protocol and port. HTTPS: encrypted layer-7 load balancing HTTPS/443 ECS Protocol/Port Specifies the enabled protocol and port. HTTP/80 LB Mode Specifies the load balancing algorithm. Round robin Default Certificate Enable SNI Specifies the certificate used by HTTPS load balancers. Specifies whether to enable the Server Name Indication (SNI) function when LB Protocol is set to HTTPS. cert-miij/ 9125267e1b1 a4526b346cd fb9b9f856a N/A Issue 14 (2018-02-28) 29

3 Management Parameter Description Example Value SNI Certificate SSL Protocol SSL Cipher Sticky Session Specifies the certificate associated with the domain name when LB Protocol is set to HTTPS. Specifies the SSL protocol used by HTTPS load balancers. Specifies the SSL password used by HTTPS load balancers. Specifies whether to enable sticky session. NOTE The sticky session feature is supported only when LB Mode is set to Round robin. N/A N/A N/A ON Stickiness Duration (min) The duration ranges from 1 to 1440 minutes if LB Protocol/Port is set to HTTPS. NOTE If you enable sticky session, you need to set the stickiness duration. 5 Check Mode Interval (s) Timeout (s) Healthy Threshold Unhealthy Threshold Check Path Specifies the protocol and port used for performing health checks on ECSs. Specifies the maximum interval for one health check. Specifies the maximum timeout duration for one health check. Specifies the threshold at which the health check result is considered normal. Specifies the threshold at which the health check result is considered abnormal. Specifies the URL for health check. NOTE Special characters -/.%?#&= can be contained in the URL. HTTP/80 5 10 3 3 / 7. Click OK. Issue 14 (2018-02-28) 30

4 Typical Application Scenarios 4 Typical Application Scenarios 4.1 Configuration Process and Scenario Selection Configuration Process When using ELB to distribute traffic among multiple backend ECSs, you need to create a load balancer, add a listener to the load balancer, configure the health check (create a certificate if the listener uses HTTPS), and add backend ECSs to the listener. Figure 4-1 shows the ELB configuration process. Figure 4-1 ELB configuration process Issue 14 (2018-02-28) 31

4 Typical Application Scenarios Scenario Selection Select an appropriate scenario based on service requirements. Sections 4.2 Configuring a TCP Public Network Load Balancer Using Short Connections to 4.9 Configuring an HTTPS Public Network Load Balancer with Sticky Session Enabled introduce different service scenarios. Sections 4.2 Configuring a TCP Public Network Load Balancer Using Short Connections to 4.5 Configuring a TCP Public Network Load Balancer Using Long Connections and with Sticky Session Enabled introduce scenarios in which TCP is used. Long connections or short connections may be used and sticky session may be enabled or disabled. Different services are processed in different ways and may use long or short connections as required. Long and short connections are balanced through the load balancer, for which different configurations are required to achieve varied effect. A short connection contains only one request and one response. If the number of requests is large, connections will be created and then stopped frequently. A long connection keeps active for a long time and will not be stopped easily. Therefore, long connections are not created frequently. Different algorithms are used to achieve a balance. You are advised to adopt the polling algorithm for TCP used for short connections and adopt the least connections algorithm for TCP used for short connections. Sections 4.6 Configuring an HTTP Public Network Load Balancer to 4.9 Configuring an HTTPS Public Network Load Balancer with Sticky Session Enabled introduce scenarios in which HTTP or HTTPS is used. HTTP and HTTPS are mostly used for short connections. HTTPS is superior to HTTP in security, but inferior in performance. If the security requirement is high, HTTPS is recommended. Otherwise, HTTP is recommended. 4.2 Configuring a TCP Public Network Load Balancer Using Short Connections Introduction Configuration The load balancer forwards TCP messages evenly to backend ECSs without requiring user login or authentication on the client. After messages are forwarded, the connection is stopped. When new messages need to be forwarded, a new connection is created. The load balancer forwards data using TCP. A large number of short connections exist. Backend ECSs can process messages evenly. Requests from a client do not need to be sent to the same backend ECS. 1. Create a load balancer. Specify the following information as required: Name Public network Issue 14 (2018-02-28) 32

4 Typical Application Scenarios VPC Bandwidth 2. Add a listener. Specify the following information as required: Select TCP for LB Protocol. Select TCP for ECS Protocol. Select Round robin (you can also select Least connections but Round robin is recommended). Disable Sticky Session. Select TCP for Check Mode. 3. Select and add the target ECSs. 4. Check the health status of the target ECSs. 4.3 Configuring a TCP Public Network Load Balancer Using Short Connections and with Sticky Session Enabled Introduction Configuration Requests from a specified client are forwarded to the same backend ECS for processing. The load balancer forwards data using TCP. A large number of short connections exist. Backend ECSs can process messages evenly. Requests from a client must be sent to the same backend ECS. 1. Create a load balancer. Specify the following information as required: Name Public network VPC Bandwidth 2. Add a listener. Specify the following information as required: Select TCP for LB Protocol. Select TCP for ECS Protocol. Select Round robin for LB Mode. Enable Sticky Session. Configure Stickiness Duration, which must be longer than the session timeout duration. For example, if the session timeout duration is 3000s, you can set Stickiness Duration to 3600s. Select TCP for Check Mode. 3. Select and add the target ECSs. 4. Check the health status of the target ECSs. Issue 14 (2018-02-28) 33

4 Typical Application Scenarios 4.4 Configuring a TCP Public Network Load Balancer Using Long Connections Introduction Configuration The load balancer forwards messages using long TCP connections, such as Diameter or database connections. The load balancer forwards data using TCP. A large number of long connections exist. Backend ECSs can process messages evenly. Requests from a client do not need to be sent to the same backend ECS. 1. Create a load balancer. Specify the following information as required: Name Public network VPC Bandwidth 2. Add a listener. Specify the following information as required: Select TCP for LB Protocol. Select TCP for ECS Protocol. Select Least connections for LB Mode. Disable Sticky Session. Select TCP for Check Mode. 3. Select and add the target ECSs. 4. Check the health status of the target ECSs. 4.5 Configuring a TCP Public Network Load Balancer Using Long Connections and with Sticky Session Enabled Introduction Requests from a client must be sent to the same backend ECS. The load balancer forwards data using TCP. A large number of long connections exist. Backend ECSs can process messages evenly. Requests from a client must be sent to the same backend ECS. Issue 14 (2018-02-28) 34

4 Typical Application Scenarios Configuration 1. Create a load balancer. Specify the following information as required: Name Public network VPC Bandwidth 2. Add a listener. Specify the following information as required: Select TCP for LB Protocol. Select TCP for ECS Protocol. Select Round robin for LB Mode. Enable Sticky Session. Configure Stickiness Duration, which must be longer than the session timeout duration. For example, if the session timeout duration is 3000s, you can set Stickiness Duration to 3600s. Select TCP for Check Mode. 3. Add backend ECSs. Select the target ECSs. 4. Check the health status of the target ECSs. 4.6 Configuring an HTTP Public Network Load Balancer Introduction The load balancer forwards data using HTTP. User authentication is not required. Sticky Session is disabled. Configuration 1. Table 4-1 describes the load balancer configuration. Table 4-1 Parameter description Parameter Name Type VPC EIP EIP Type Description Enter a name you prefer. Select Public network. Choose a VPC from the drop-down list. You can only add backend ECSs in the same VPC to a listener. Select New EIP or Existing EIP. If you select New IP, a new public IP address will be assigned to you and bound to your load balancer. Select Dynamic BGP. Issue 14 (2018-02-28) 35

4 Typical Application Scenarios Parameter Billing Mode Bandwidth Description Description Select Bandwidth. Set the bandwidth to 20 Mbit/s. Describes the load balancer. 2. Table 4-2 describes the listener configuration. Table 4-2 Parameter description Parameter Name Description Enter a name you prefer. LB Protocol/Port Select HTTP and enter 80. ECS Protocol/Port Select HTTP and enter 8000. LB Mode Sticky Session Select Round robin from the drop-down list. Disable this function. HTTP requests from a client are not sent to the same backend ECS. 3. Table 4-3 describes the health check configuration. Table 4-3 Parameter description Parameter Check Mode Description Select HTTP and enter 8000. When a port is configured, applications on the backend ECS must run properly. Otherwise, the health check will fail. Interval (s) Retain the default value (5). Timeout (s) Retain the default value (10). Healthy Threshold Retain the default value (3). Unhealthy Threshold Retain the default value (3). Check Path Enter /. Verification 1. Create a load balancer by performing the operations in section 3.1 Load Balancer. For detailed configuration, see section Configuration. 2. Add a listener for the created load balancer by performing the operations in section 3.2 Listener. For detailed configuration, see section Configuration. Issue 14 (2018-02-28) 36

4 Typical Application Scenarios 3. Add multiple backend ECSs for the added listener by performing operations in section 3.3 Backend ECS. NOTE Only backend ECSs in the same VPC can be added. When adding backend ECSs, ensure that application services on these ECSs are running properly. Otherwise, the Round robin algorithm will fail. 4. Click the Backend ECS tab and check the health status of the added backend ECSs. If Abnormal is displayed for an ECS, check whether the health check port is correctly configured and applications on the ECSs are running properly. 5. In the address bar of a browser, enter http://ip:port to access the ECSs. IP indicates the elastic IP address of the load balancer, and port is the load balancer port. 6. Browse the browser to check whether all added backend ECSs are accessed. If yes, the round robin is successful. If not, check the VPC. NOTE The following may cause the round robin fail: Exceptions may occur during the health check. The Sticky Session feature is enabled. The VPC is unstable. 4.7 Configuring an HTTP Public Network Load Balancer with Sticky Session Enabled Introduction The load balancer forwards data using HTTP. The request messages contain user authentication information. Sticky Session is enabled. Configuration 1. Create a load balancer. Specify the following information as required: Name Public network VPC Bandwidth 2. Add a listener. Specify the following parameters as prompted. Retain default values of parameters that are not involved. Select HTTP for LB Protocol. Select HTTP for ECS Protocol. Select Round robin for LB Mode. Enable Sticky Session. Configure Stickiness Duration, which must be longer than the session timeout duration. Issue 14 (2018-02-28) 37

4 Typical Application Scenarios For example, if the session timeout duration is 3000s, you can set Stickiness Duration to 3600s. Select TCP or HTTP for Check Mode and enter the port number. If you select HTTP, you must ensure that an ECS health check page is available and that 200 is returned when you access the page. 3. Add backend ECSs. Select the target ECSs. 4. Check the health status of the target ECSs. 4.8 Configuring an HTTPS Public Load Balancer Introduction The load balancer forwards data using HTTPS. User authentication is not required. Requests of a session do not need to be sent to the same backend ECS. Configuration 1. Create a load balancer. Specify the following information as required: Name Public network VPC Bandwidth 2. Add a listener. Specify the following information as required: Select HTTPS for LB Protocol. Select HTTP for ECS Protocol. Select Round robin for LB Mode. Disable Sticky Session. Select TCP or HTTP for Check Mode. If you select HTTP, you must ensure that an ECS health check page is available and that 200 is returned when you access the page. 3. Select and add the target ECSs. 4. Check the health status of the target ECSs. 4.9 Configuring an HTTPS Public Network Load Balancer with Sticky Session Enabled Introduction The load balancer forwards data using HTTPS. User authentication is required. Requests of a session must be sent to the same backend ECS. Issue 14 (2018-02-28) 38

4 Typical Application Scenarios Configuration 1. Create a load balancer. Specify the following information as required: Name Public network VPC Bandwidth 2. Add a listener. Specify the following information as required: Select HTTPS for LB Protocol. Select HTTP for ECS Protocol. Select Round robin for LB Mode. Enable Sticky Session. Configure Stickiness Duration, which must be longer than the session timeout duration. For example, if the session timeout duration is 3000s, you can set Stickiness Duration to 3600s. Select TCP or HTTP for Check Mode. If you select HTTP, you must ensure that an ECS health check page is available and that 200 is returned when you access the page. 3. Select and add the target ECSs. 4. Check the health status of the target ECSs. Issue 14 (2018-02-28) 39

5 FAQs 5 FAQs 5.1 What Is ELB? ELB is a service that automatically distributes access traffic to multiple ECSs to balance their service load. It improves the fault tolerance and expands the service capabilities of your applications. With a web-based console, you can create load balancers, configure the ports required for listening, and add backend ECSs for load balancers. ELB helps eliminate SPOFs, improving availability of the whole system. 5.2 What Types of Load Balancers Can I Choose? ELB provides two types of load balancer, public network load balancer and private network load balancer: Public network load balancer: enables Internet users to access backend ECSs. Private network load balancer: enables ECSs in a VPC to communicate with each other. You can select either type of load balancer as needed. 5.3 Can I Adjust the Bandwidth of a Load Balancer? You can adjust the bandwidth of public network load balancers. The bandwidth can range from 1 to 100 Mbit/s. For detailed operations, see "Modify the Bandwidth" in section Load Balancer. 5.4 Which Load Balancing Modes Are Supported? ELB supports the following load balancing modes: Round robin: sends requests to backend ECSs in turn. This forwarding rule applies to short connections, such as HTTP connections. Least connections: preferentially sends requests to the backend ECS with the least number of connections. This forwarding rule applies to long connections, such as database connections. Issue 14 (2018-02-28) 40

5 FAQs Source IP address algorithm: calculates the hash value of the request source IP address and sends requests to a matched ECS. This forwarding rule ensures that requests initiated from the same source IP address are sent to a fixed ECS. This rule applies to TCP connections that do not use cookies. 5.5 How Do I Select the LB Protocol? Select TCP in scenarios requiring high performance, concurrency, and throughput. Select HTTP for forwarding web pages. Select HTTPS if the data security is high. 5.6 Does ELB Support ECSs Running Different OSs? ELB has no requirements for the OSs used on backend ECSs. ELB will work correctly if your ECSs have consistent data and same applications deployed. Although there are no specific requirements for backend OSs, it is recommended that you install the same OS on all of your ECSs to simplify operation and maintenance (O&M). 5.7 How Many Load Balancers Can I Have? You can have a maximum of five load balancers by default. If you need more load balancers, please submit a work order to apply for a higher quota. You can apply for a maximum of 255 load balancers. Perform the following operations to submit a work order: 1. Click the username in the upper right corner of the console and then select Submit Work Order. 2. On the page displayed, select the cloud service region, service type, and question template as prompted, and enter required information in the Question Description box. 3. Click Submit. 5.8 Do I Need to Manually Apply for an IP Address for a Load Balancer? You can select an existing IP address that is automatically assigned or manually apply for a new one when creating the load balancer. 5.9 What Functions Do Listeners Provide? Listeners provide the following functions: Load balancing protocol and port configuration ECS protocol and port configuration Listening policy configuration Issue 14 (2018-02-28) 41

5 FAQs 5.10 What Are Load Balancing Protocols and Ports? Public network load balancers support the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing UDP: layer-4 load balancing Private network load balancers support the following protocols: HTTP: layer-7 load balancing TCP: layer-4 load balancing HTTPS: encrypted layer-7 load balancing Select an appropriate protocol and port based on the service requirements 5.11 What Are ECS Protocols and Ports? ECS protocols and ports are protocols and associated ports that backend ECSs use to provide network services. For example, if Internet Information Services (IIS) is installed on a Windows ECS, the default protocol is HTTP and the default port is 80. 5.12 Is the Public IP Address Exclusively Assigned to the ELB Service Being Used? Yes. During the lifecycle of your ELB service, the assigned public IP address is exclusively used by your load balancer. 5.13 How Do I Select an Appropriate Load Balancing Algorithm? For short TCP connections, select Round robin. For TCP long connections, select least connections. For HTTP and HTTPS (both are short connections), select least connections. 5.14 Will There Be Any Adverse Impact If I Delete My Load Balancers? If the IP address of a load balancer has been correctly resolved to the domain name and the load balancer are running properly, do not delete it. If you delete your load balancer, its IP address and configuration will be released, and deleted data cannot be restored. If you create another load balancer, the system will automatically assign a new IP address to this load balancer. Issue 14 (2018-02-28) 42

5 FAQs 5.15 How Do I Configure Health Check Parameters? Configure health check parameters as follows: Interval: specifies the duration between two health check events. Set it to 2 seconds. Timeout: specifies the wait time of a health check event. Set it to 5 seconds. Healthy Threshold: specifies the number of successful health checks for an ECS to be considered healthy. Set it to 3. Unhealthy Threshold: specifies the number of unsuccessful health checks for an ECS to be considered unhealthy. Set it to 3. Setting this parameter helps optimize user service and application status. 5.16 How Do I Select the Health Check Protocol? For TCP connections, select TCP for Health Check Mode. For UDP connections, select UDP for Health Check Mode. If accuracy requirement is high, select HTTP for Health Check Mode. 5.17 How Do I Configure Health Check Parameters? Retain default values of parameters, such as Interval, Timeout, Healthy Threshold, and Unhealthy Threshold. 5.18 How Do I Specify the HTTP Health Check Path? If you configure an HTTP health check, specify the URL of the health check page file. The default URL is the root directory /. You are advised to perform health checks on static pages, and the response code must be 200. If the health check page file is unavailable, you are advised to choose the TCP health check. If an ECS becomes faulty, requests will not be forwarded to it any more. 5.19 How Do I Rectify a Health Check Failure? The ELB system initiates a heartbeat check on backend ECSs. The load balancer communicates with backend ECSs over an intranet. To achieve a successful health check, you must ensure that your ECSs are routable from the intranet. You can perform the following steps to rectify a health check failure. 1. In the Listener area, locate the row that contains the listener for which the health check fails, and click View in the Health Check column. Check Mode: Ensure that the protocol has been configured and the port has been enabled for the ECSs to be checked. Check Path: If HTTP is used for health checks, check whether the health check path for backend ECSd is correct. Issue 14 (2018-02-28) 43

5 FAQs 2. Ensure that software, such as the firewall, on the backend ECS, does not block health check source IP addresses. 3. Check whether the rule of the security group to which backend ECSs belong allows access by 100.125.0.0/16, and configure the protocol and port used for health checks. The health check protocol and port can be obtained from the dialog box in step 1. 4. If the problem persists, contact technical support. 5.20 Why Cannot I Access a Load Balancer from Its Backend ECS? This issue is related to the ELB TCP implementation mechanism. Layer-4 load balancing does not allow an ECS in the backend ECS pool to serve as both a real server and a client when sending requests to the load balancer. This is because data packets are transmitted only within the ECS and become unreachable to the load balancer. In this case, the ECS fails to access the public IP address. 5.21 Why Do Many IP Addresses Accessing the Backend ECSs of a Load Balancer Begin with 100.125? This issue is caused by the health check. By using internal IP addresses of system servers, the ELB system forwards external access requests to backend ECSs, while performing health checks on those backend ECSs to ensure their health. When forwarding external access requests or initiating health check requests, the ELB system translates their source IP addresses into IP addresses starting with 100.125, for example, 100.125.0.0/16. To make your ELB available, ensure that the security group containing the ECSs allows traffic from these IP addresses. 5.22 How Can I Obtain the Real IP Address of a Visitor? Layer-7 load balancers automatically obtain real IP addresses of visitors using the X- Forwarded-For HTTP header. This function is enabled by default and cannot be disabled. Layer-4 load balancers require the TOA plug-in to obtain real IP addresses. For details about how to configure the TOA plug-in, see Configuring the TOA plug-in. 5.23 Do I Need to Enable Sticky Session? If user authentication is required, there are continuous sessions, or requests from the same client must be sent to the same backend ECS to ensure service continuity, you can enable the sticky session feature. If a load balancer only forwards messages, it is your choice to enable sticky session. Issue 14 (2018-02-28) 44

5 FAQs 5.24 How Can I Enable Sticky Session? Sticky session is enabled by default when you are adding a listener for your load balancer, and it remains enabled throughout the listener's lifecycle. If this feature is disabled, select the target listener from the listener list, click Modify in the Operation column, and turn on the Sticky Session switch in the displayed Modify Listener dialog box. 5.25 How Do I Set Stickiness Duration? After you enable sticky session, you need to set the stickiness duration, which must be longer than the session timeout duration. For example, if the session timeout duration is 1000s, you can set the stickiness duration to 1200s. 5.26 What Types of Sticky Sessions Does ELB Support? ELB supports the following types of sticky sessions: IP address based sticky sessions for layer-4 (TCP or UDP) load balancing Cookie-based sticky sessions for layer-7 (HTTP) load balancing 5.27 How Can I Handle Backend ECSs in the Abnormal [Deleted] State? If a backend ECS is in the Abnormal [Deleted] state, it has been deleted from the ECS service. It is recommended that you remove the ECS to better manage backend ECSs, optimize resource utilization, and prevent exceptions during traffic distribution. Figure 5-1 Backend ECS status 5.28 What Is the Maximum Number of Concurrent Connections to a Public IP Address? The default maximum number of concurrent connections to a public IP address is 100 thousand. To increase the number, submit a work order. Perform the following steps to submit a work order: Issue 14 (2018-02-28) 45

5 FAQs 1. Click the username in the upper right corner of the management console and select Submit Work Order from the drop-down list. 2. On the displayed page, select the cloud service region, service type, and question template as prompted, and then enter the required information in the Question Description box. 3. Click Submit. 5.29 What Is a Private Network Load Balancer? A private network load balancer allows ECSs in the same VPC to access each other. It distributes incoming traffic to backend ECSs in the VPC. 5.30 What Are the Application Scenarios of Private Network Load Balancers? In a system that consists of multiple subsystems or components, subsystems communicate with each other over the internal network. For example, a service node accesses the database nodes, or a subsystem or component makes API calls. In these scenarios, private network load balancers can be used to provides high availability functions, such as traffic distribution, horizontal expansion, and disaster recovery. 5.31 What Are the Precautions of Using UDP? In each health check, UDP and Ping packets are used to obtain the status of backend ECSs. Therefore, you must ensure that Internet Control Message Protocol (ICMP) is enabled on the backend ECSs. Log in to the backend ECS and run the following command as user root: cat /proc/sys/net/ipv4/icmp_echo_ignore_all If the returned value is 1, ICMP is disabled. If the returned value is 0, ICMP is enabled. If the UDP protocol is used, the health check result may be different from the actual status of ECSs. If a backend ECS runs Linux, the sending rate of ICMP packets on the ECS is restricted due to the anti-icmp attack protection mechanism of Linux. In this case, even when a service exception has occurred, ELB does not receive the error message "port XX unreachable" and still determines that the health check is successful. This results in an inconsistency between the health check result and the actual ECS status. A UDP listener cannot be not added for private network load balancers. 5.32 What Are the Precautions of Using HTTP or HTTPS? When using HTTP or HTTPS to upload files, ensure that the file size is smaller than 100 MB. To upload larger files, you are advised to use TCP. 5.33 How Can I View Security Group Rules? A security group is required to protect your private network load balancers. Issue 14 (2018-02-28) 46

5 FAQs You can perform the following operations to view security group rules: 1. Select a private network load balancer from the load balancer list and click its name. On the displayed Basic Information page, you can see the security group to which the load balancer belongs. 2. Click the name of the security group to view detailed information. Continue to click the name of the security group to view security group rules. Issue 14 (2018-02-28) 47

A Appendix A Appendix A.1 Configuring the TOA Plug-in Scenarios ELB provides customized service management strategies for customers. Before customizing the management strategies, ELB needs to obtain the IP address contained in the original access request. The TOA kernel module installed on backend ECSs can be used to obtain IP addresses (only IPv4 IP addresses) contained in the access requests. This section describes how to compile the TOA kernel module in the OS. The operations of configuring the TOA module for Linux OSs with kernel version of 2.6.32 are different from those for Linux OSs with kernel version of 3.0 or later. NOTE It has been verified that the TOA module can work properly in any of the following OSs, but it does not support load balancers using the UDP protocol: CentOS 6.8 (kernel version 2.6.32) SUSE 11 SP3 (kernel version 3.0.76) CentOS 7/7.2 (kernel version 3.10.0) Ubuntu 16.04.3 (kernel version 4.4.0) OpenSUSE 42.2 (kernel version 4.4.36) CoreOS 10.10.5 (kernel version 4.9.16) Prerequisites Procedure The development environment for compiling the kernel module must be the same as that of the current kernel. VMs can access the OS repositories. Users other than root must have sudo permissions. In the following operations, the Linux kernel version is 3.0 or later. 1. Prepare the compilation environment. Issue 14 (2018-02-28) 48

A Appendix The following are operations for compiling the kernel module in different Linux OSs. Choose appropriate operations as needed. CentOS i. Run the following command to install the gcc compiler: ii. iii. Ubuntu sudo yum install gcc Run the following command to install the make tool: sudo yum install make Run the following command to install the kernel module development package (the versions of the development package header and module library must be the same as that of the kernel): sudo yum install kernel-devel-`uname -r` i. Run the following command to install the gcc compiler: ii. iii. SUSE sudo apt-get install gcc Run the following command to install the make tool: sudo apt-get install make Run the following command to install the kernel module development package (the versions of the development package header and module library must be the same as that of the kernel): sudo apt-get install linux-headers-`uname -r` i. Run the following command to install the gcc compiler: ii. iii. CoreOS sudo zypper install gcc Run the following command to install the make tool: sudo zypper install make Run the following command to install the kernel module development package (the versions of the development package header and module library must be the same as that of the kernel): sudo zypper install kernel-default-devel For CoreOS, the kernel module is to be compiled in a container, which must be started before the kernel module is compiled. For detailed operations, see the CoreOS documentation. Obtain the documentation from the following link: https://coreos.com/os/docs/latest/kernel-modules.html 2. Compile the Kernel module. a. Use the git tool and run the following command to download the TOA kernel module source code: git clone https://github.com/huawei/tcp_option_address.git NOTE If the git tool is not installed, download the TOA kernel module source code from the following link: https://github.com/huawei/tcp_option_address Issue 14 (2018-02-28) 49

A Appendix b. Run the following commands to enter the source code directory and compile the module: cd src make If no warning or error information is prompted, the compilation is successful. Verify that the toa.ko file has generated in the current directory. 3. Load the Kernel module. a. Run the following command to load the kernel module: sudo insmod toa.ko b. Run the following command to check the module loading and to view the kernel output information: dmesg grep TOA If TOA: toa loaded is displayed in the command output, the kernel module has loaded. NOTE After compiling the CoreOS kernel module in the container, copy the kernel module to the host system and then load it in the host system. Because the container for compiling the kernel module shares the /lib/modules directory with the host system, you can copy the kernel module in the container to this directory so that the host system can use it. 4. Set the script for automatically loading the kernel module. To make the TOA kernel module take effect upon system start, you can add the command for loading the TOA kernel module to your startup script. You can use either of the following methods to automatically load the kernel module: Add the command for loading the TOA kernel module to the customized startup script as required. Perform the following operations to configure the startup script: i. Create the toa.modules file in the /etc/sysconfig/modules/ directory. This file contains the TOA kernel module loading script. ii. The following is an example of the content in the toa.modules file. #!/bin/sh /sbin/modinfo -F filename /root/toa/toa.ko > /dev/null 2>&1 if [ $? -eq 0 ]; then /sbin/insmod /root/toa/toa.ko fi /root/toa/toa.ko is the path of the TOA kernel module file. You need to replace it with their actual path. Run the following command to add execution permissions for the toa.modules startup script: sudo chmod +x /etc/sysconfig/modules/toa.modules NOTE After the kernel is upgraded, the current TOA kernel module does not match. Therefore, you need to compile the TOA kernel module again. 5. Install the Kernel module on multiple nodes. Issue 14 (2018-02-28) 50

A Appendix To load the kernel module in the same OSs, copy the toa.ko file to VMs where the kernel module is to be loaded and then perform the operations in 3. After the kernel module is successfully loaded, applications can obtain real IP address contained in the request. NOTE The OS version of the node must be the same as that of the kernel. In the following operations, the Linux kernel version is 2.6.32. NOTE The TOA plug-in supports the OSs (CentOS 6.8 image) with a kernel of 2.6.32-xx. Perform the following steps to configure the TOA kernel module: 1. Obtain the kernel source code package Linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz containing the TOA module from the following link: http://kb.linuxvirtualserver.org/images/3/34/ Linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz 2. Decompress the kernel source code package. 3. Modify compilation parameters. a. Open the linux-2.6.32-220.23.1.el6.x86_64.rs folder. b. Edit the net/toa/toa.h file. Change the value of #define TCPOPT_TOA200 to #define TCPOPT_TOA254. c. On the shell page, run the following commands: sed -i 's/config_ipv6=m/config_ipv6=y/g'.config echo -e '\n# toa\nconfig_toa=m' >>.config After the configuration, the IPv6 module is compiled into the kernel. TOA is compiled into a separate kernel module and can be independently started and stopped. d. Edit Makefile. You can add description after the equal sign in EXTRAVERSION =. The description will be displayed in uname -r, for example, -toa. 4. Run the following command to compile the software package: make -j n NOTE n indicates the number of vcpus. For example, if there are four vcpus, n can be set to 4. 5. Run the following command to install the kernel module: make modules_install The following information is displayed. Issue 14 (2018-02-28) 51

A Appendix Figure A-1 Installing the kernel module 6. Run the following command to install the kernel: make install The following information is displayed. Figure A-2 Installing the kernel 7. Open the /boot/grub/grub.conf file and configure the kernel startup upon system start. a. Change the default startup kernel from the first kernel to the zeroth kernel. To do so, change default=1 to default=0. b. Add the nohz=off parameter to the end of the line containing the vmlinuz-2.6.32- toa kernel. If nohz is not disabled, the CPU0 usage may be high, causing uneven stress. Figure A-3 Configuration File c. Save the modification and exit. Restart the OS. During the restart, the system will load the vmlinuz-2.6.32-toa kernel. 8. After the restart, run the following command to load the TOA module: modprobe toa Issue 14 (2018-02-28) 52

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback