Creating an Internal Load Balancer

You can create an internal load balancer to distribute incoming network traffic between several virtual machines (VMs) of a Net.

Creating an Internal Load Balancer Using Cockpit v2

Before you begin:

  1. Create a Net with a Subnet. For more information, see Nets.

  2. Create a security group for the load balancer with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security groups of the VMs that send it requests.

    • Allow the outbound flows going to all the security groups of backend VMs.

  3. Configure the security group of future backend VMs with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security group of the load balancer.

For more information, see Security Groups.

  1. In the Load Balancers dashboard, click IconAddFull Create Load Balancer.
    The CREATE LOAD BALANCER dialog box appears.

  2. In the Name field, type a name for the load balancer.

    • This name must be unique for the whole Region.

    • It must follow domain name rules. That is, it can contain up to 32 alphanumeric characters or hyphens, but cannot start or end with a hyphen.

    Click Next.

  3. From the Type list, select internal.

  4. From the Subnet list, select the Subnet in which you want to create the load balancer.

  5. From the Security Group list, select:

    1. Proceed with a default security group to select the default security group of the Net.

    2. Select a security group to select a security group for the load balancer.

  6. Click Next, then review the settings you have specified for the load balancer.

  7. Click Create.
    The load balancer is created.

    The load balancer is available about 1 minute after its creation.

Creating an Internal Load Balancer Using OSC CLI

Before you begin:

  1. Create a Net. For more information, see Nets.

  2. Create a security group for the load balancer with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security groups of the VMs that send it requests.

    • Allow the outbound flows going to all the security groups of backend VMs.

  3. Configure the security group of future backend VMs with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security group of the load balancer.

For more information, see Security Groups.

The CreateLoadBalancer command creates a load balancer.
The load balancer is created with a unique Domain Name Service (DNS) name. It receives the incoming traffic and routes it to its registered virtual machines (VMs).
By default, this action creates an Internet-facing load balancer, resolving to public IPs. To create an internal load balancer in a Net, resolving to private IPs, use the LoadBalancerType parameter.
You must specify either the Subnets or the SubregionNames parameters.

For more information, see About Load Balancers.

Request sample: Creating an internal load balancer in a Net
$ osc-cli api CreateLoadBalancer --profile "default" \
    --LoadBalancerName "private-lb-example" \
    --Listeners '[
        {
          "BackendPort": 80,
          "BackendProtocol": "TCP",
          "LoadBalancerPort": 80,
          "LoadBalancerProtocol": "TCP",
        },
      ]' \
    --Subnets '["subnet-12345678"]' \
    --SecurityGroups '["sg-12345678"]' \
    --LoadBalancerType "internal"

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • Listeners: One or more listeners to create.

  • LoadBalancerName: The unique name of the load balancer (32 alphanumeric or hyphen characters maximum, but cannot start or end with a hyphen).

  • LoadBalancerType: (optional) The type of load balancer: internet-facing or internal. Use this parameter only for load balancers in a Net.

  • SecurityGroups: (optional) (Net only) One or more IDs of security groups you want to assign to the load balancer. If not specified, the default security group of the Net is assigned to the load balancer.

  • Subnets: (optional) (Net only) The ID of the Subnet in which you want to create the load balancer. Regardless of this Subnet, the load balancer can distribute traffic to all Subnets. This parameter is required in a Net.

  • Tags: (optional) One or more tags assigned to the load balancer.

The CreateLoadBalancer command returns the following elements:

  • LoadBalancer: Information about the load balancer.

  • ResponseContext: Information about the context of the response.

Result sample: Creating an internal load balancer in a Net
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "LoadBalancer": {
    "Tags": [],
    "SourceSecurityGroup": {
      "SecurityGroupName": "security-group-example",
      "SecurityGroupAccountId": "123456789012"
    },
    "SecuredCookies": false,
    "Subnets": [
      "subnet-12345678"
    ],
    "NetId": "vpc-12345678",
    "BackendVmIds": [],
    "ApplicationStickyCookiePolicies": [],
    "SecurityGroups": [
      "sg-12345678"
    ],
    "LoadBalancerType": "internal",
    "AccessLog": {
      "PublicationInterval": 60,
      "IsEnabled": false
    },
    "DnsName": "internal-private-lb-example.123456789.eu-west-2.lbu.outscale.com",
    "HealthCheck": {
      "UnhealthyThreshold": 2,
      "Timeout": 5,
      "CheckInterval": 30,
      "Protocol": "TCP",
      "HealthyThreshold": 10,
      "Port": 80
    },
    "LoadBalancerStickyCookiePolicies": [],
    "SubregionNames": [
      "eu-west-2a"
    ],
    "Listeners": [
      {
        "BackendPort": 80,
        "BackendProtocol": "TCP",
        "LoadBalancerPort": 80,
        "LoadBalancerProtocol": "TCP"
      }
    ],
    "LoadBalancerName": "private-lb-example"
  }
}

Creating an Internal Load Balancer Using AWS CLI

Before you begin:

  1. Create a VPC. For more information, see Nets.

  2. Create a security group for the load balancer with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security groups of the instances that send it requests.

    • Allow the outbound flows going to all the security groups of backend instances.

  3. Configure the security group of future backend instances with the following rules:

    • Allow inbound flows in the protocol on the port you want.

    • Allow the inbound flows coming from the security group of the load balancer.

For more information, see Security Groups.

To create an internal load balancer, use the create-load-balancer command following this syntax:

Request sample
$ aws elb create-load-balancer \
    --profile YOUR_PROFILE \
    --load-balancer-name my-load-balancer \
    --listeners Protocol=TCP,LoadBalancerPort=80,InstanceProtocol=TCP,InstancePort=58 \
    --subnets subnet-12345678 \
    --security-groups sg-12345678 sg-87654321 \
    --scheme internal \
    --endpoint https://lbu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • load-balancer-name: The name of the load balancer.

    • This name must be unique for the whole Region.

    • It must follow domain name rules. That is, it can contain up to 32 alphanumeric characters or hyphens, but cannot start or end with a hyphen.

  • listeners: One or more listeners for the load balancer. This attribute requires the following elements for each listener:

    To add several listeners, separate each of them with a space.

    • Protocol: The routing protocol of the load balancer (HTTP, HTTPS, TCP or SSL).

    • LoadBalancerPort: The port on which the load balancer is listening (between 1 and 65535, both included).

    • InstancePort: The port on which the backend instances are listening (between 1 and 65535, both included).

    • (optional) SSLCertificateId: The OUTSCALE Resource Name (ORN) of an SSL certificate. For more information, see Getting Information About a Server Certificate.

      An SSL certificate is required only if the load balancer protocol is HTTPS or SSL.

      For more information about how to configure your listener when using SSL certificates, see Configuring a Load Balancer for SSL Termination or SSL Passthrough.

  • subnets: The ID of the subnet in which you want to create the load balancer. Regardless of this subnet, the load balancer can distribute traffic to all subnets.

  • (optional) security-groups: One or more IDs of security groups you want to assign to the load balancer. If not specified, the default security group of the VPC is assigned to the load balancer.

  • scheme: The type of load balancer you want to create (here, internal).

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The create-load-balancer command returns the following element:

  • DNSName: The DNS name assigned to the load balancer.

Result sample
 {
    "DNSName": "my_load_balancer_1234567890.lbu.eu-west-2.outscale.com"
}

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.