Enhanced load balancer

[更新: 2019年7月18日]

This page explains the detailed specifications and operation instructions of the En-hanced Load Balancer appliance .

Overview

The Enhanced Load Balancer is an HTTP/HTTPS private load balancer appliance for large-scale configurations. It behaves as a proxy-type load balancer installed in the SAKURA Cloud global network. This is different from the Load balancer appliance which connects to a switch constructed by the customer and functions as a DSR-type load bal-ancer, and GSLB which balances access to the real server through an IP address supporting DNS. This function is appropriate for environments requiring a large-scale, high-performance, and high-functionality load balancer.

Main functions

  • This is a proxy-type load balancer specialized for HTTP and HTTPS.
  • By setting an SSL certificate, HTTPS load can be offloaded from the real server to the load balancer. SNI is supported, and four SSL certificates can be set for a single enhanced load balancer.
  • In addition to specifying SAKURA Cloud for the real server used as the load balancing destination, you can also specify SAKURA VPS , Dedicated server , and other global IP addresses provided to customers by SA-KURA internet.
  • Heighten availability by performing a health check for the real server in accordance with the set conditions and excluding real servers which failed to respond for a certain period of time from the allocation destinations.
  • Monitor the virtual IP address (VIP). If it stops responding due to a DoS attack, etc., you can activate the VIP failover function for automatically changing the VIP address.
  • Via the sorry server setting function, you can set a server for temporarily providing in-formation to the client at the time of malfunction or maintenance.
  • The status of the real server and operation status such as load are displayed in an easy-to-understand format using graphs, etc., at the control panel.
  • You can change the plan at any time depending on the load status, enabling a flexible and low-cost operation. For example, you can change to a plan with higher specs during high-load time periods and for special events.

Specifications

Enhaced load balancer specifications are as follows.

Network configuration method Proxy method
Protocol capable of load balancing HTTP, HTTPS, WebSocket (ws,wss)
*Does not support IPv6 connection
Encryption protocol supported during HTTPS connection TLS 1.2, TLS 1.3
HTTP/2 connection Supported (enabled by default when using HTTPS)
Change to redundant load balancer Redundancy already supported through standard multiple configurations
Virtual IP address (VIP), port number One global IP address is assigned to each server (more cannot be added)/You can set two listen ports
Maximum number of real servers that can be set 40 servers
Allocation algorithm least connection
Session maintenance function 対応(クッキー方式)
※詳しくは セッション維持機能 の項目を参照ください
Health check result ●Number of checks for Server Down: a server is assessed as being down after three consecutive time outs (for http, any status code other than \”200\
(Time Out is the same number of seconds as those specified at Check Interval)
●Number of checks for Server Up: the transition to Server Up is made after two consecutive successful tries.
*Time Out refers to the time until establishment of a TCP connection during TCP monitoring. During http monitoring, it is the time until receipt of the http response.
SSL certificate formats that can be set PEM format, RSA 1024/2048bit, ECDSA secp256r1, public key, intermediate certifi-cate, private key
Additional header at time of proxy to real server Add the following HTTP headers.
X-Real-IP: Access origin IP address
X-Forwarded-For: Access origin IP address
X-Forwarded-Proto: Termination protocol ("http" or "https")
SSL session ticket Compatible

New creation

Creation of a new enhanced load balancer and management of pre-existing enhanced load balancers is performed by selecting Enhanced LB under Global from the menu on the left side of the control panel. The created enhanced load balancer is displayed in the list. You can manage an enhanced load balancer by double-clicking its name from the list.

Note

The enhanced load balancer is a global resource inependent of zone. Therefore, regard-less of the zone selected from the top-left of the control panel, all enhanced load balancers creat-ed on SAKURA Cloud will be displayed for the logged-in account.

To create a new enhanced load balancer, click Create on the upper right .

A screen for the creation of a new enhanced load balancer will be displayed.

Enter the following information in each field.

Performance upper limit (*) Select from the five types displayed for the CPS (Connection Per Second) which is the performance upper limit for the enhanced load balancer to be created.
The price varies depending on each performance upper limit value. The fee chart displayed at the top of the screen will adjust accordingly whenever a radio button is selected.
*The performance upper limit value listed in the chart is for when http is being used. When https is being used, performance is one-tenth of when using http.
VIP failover Tick the checkbox to activate the VIP failover function.
*For details, please refer to VIP failover function.
セッション維持 セッション維持機能を有効にする場合にチェックを入れます。
※詳しくは セッション維持機能 の項目を参照ください。
Monitoring method (*) Select either "http" or "tcp" as the live monitoring method for the real server.
Host header
*Displayed only when "http" is selected as the monitoring method
If entered in the form, it will be requested by appending the entered string to the http request header "Host: " when monitoring the real server
Path (*)
*Only display when "http" is selected as the monitoring method
Enter the path for the GET request during monitoring of the real server.
Check interval (sec.) (*) Specify the interval for live monitoring of the real server from a range of 10 to 60 sec-onds.
Sorry server Specify the host to be displayed when all balancing destinations are down.
To do this, you can use the radio buttons to specify either "entry" (enter an arbitrary host IP address or port number) or "select from server " (select from created servers in the logged-in account).
Name/explanation/tag/icon As with servers, disks, and other appliances, easy-to-understand name settings, tags, and classification by the: ref: icon <icon> function are possible.

Required items are denoted by an asterisk ().
*A sorry server responds when either all real servers have been determined as down, or when all real servers are inactive. A sorry server is useful for notifying the client when servers are down or maintenance is being performed.
*When the monitoring method is http, a server is only considered to be functioning normally if the response http status code is "200". All other status codes are regarded as abnormal.
*Monitoring of real servers is performed from the VIP address displayed in the Information tab. At the real server, specify settings in order to enable normal response to the enhanced load bal-ancer. For example, clear access restrictions as necessary.

When creation is complete, it will added to the list on the Enhanced Load Balancer Management screen. You can review detailed information by double-clicking the load balancer.

Settings

Other than information specified when creating a new item such as settings for the listen port to registration of certificates for when using https, etc., regristration of real servers occurs on this screen.

Note

The Edit button located at the bottom-right of the Information tab can be used to make a change to Name, Explanation, Tag, Icon, and other basic items specified when creating a new server. The Change Monitoring Method button located on the upper-right can be used to change the monitoring method as well as to check intervals and sorry server settings.

Listen protocol/port settings

Specify the listen protocol and port number for the enhanced load balancer. Click the Listen Port tab to display ports that have been preset. To add a new port, select Add.

A settings dialog box will be displayed. Please complete the form. All fields are re-quired.

Proxy method Select either http or https as the protocol used for proxy.
Redirect to HTTPS
*Only display when "http" is selected for the proxy method
By selecting Activate, the client will be redirected to HTTPS when connecting to HTTP.
HTTP/2 support
*Display only when "https" is selected for the proxy method
When Activate is selected, connection using HTTP/2 is supported.
Listen port number Specify the listen port number.

Important

If https has been selected, it is necessary to set the SSL certificate. Furthermore, com-munication via http is always used regardless of whether or not the proxy method is selected for communication between the enhanced load balancer and the real server. If you only want to permit the real server to connect from the enhanced load balancer, we recommend taking measures such as restricting to only the networks displayed in the proxy origin network that are displayed in the enhanced load balancer information.

After specifying settings, click the Update button on the upper right to apply and save changes.

Note

The registration list can be edited with the Pencil icon [pencil] on the right and deleted with the Delete icon [cross]. After editing/deleting, click the Update button to save changed val-ues to the load balancer.

Registering a real server

Register the real server that is to be the load balancing destination. Click the Real Serv-er tab to display a list of registered real servers. To add a server, select Add.

A Settings Dialog Box will be displayed. Please enter information in the form.

IP address Specify the IP addresses of the real server.
Port number Specify the port number for when connecting to the real server.
Enabled/disabled Specify whether or not to activate the registered real server.

*IP Address and Port Number are required fields. To activate the setting value at the time of operation update, please select Activate. If you only want to register to the list but do not want to activate the setting value at that time, select Deactivate.

After specifying settings, click the Update button on the upper right to apply and save changes.

Note

The registration list can be edited with the Pencil icon [pencil] on the right and deleted with the Delete icon [cross]. After editing/deleting, click the Update button to save changed val-ues to the load balancer.

SSL certificate settings

When https has been set as the proxy method of the listen port, the SSL Certificate Settings button will be added and displayed at the top of the screen. Settings related to SSL can be speci-fied from this menu.

「追加/変更」

You can perform initial registration of an SSL certificate as well as update and delete registered certificates.

Settings To register the entered SSL certificate, select Activate. To delete and deactivate a regis-tered SSL certificate, select Deactivate.
*If Deactivate is selected, the following input form will be hidden.
SSL certificate Enter the certificate.
Intermediate certificate If an intermediate certificate is affiliated with the SSL certificate, complete this form.
Private key Enter the private key for the SSL certificate.

When input is complete, select Update to execute operations selected at Settings. When the SSL certificate is registered, the SSL Certificate Expiration Date item will be displayed on the Information tab screen enabling confirmation of the registered certificate’s expiration date.

Attention

If Deactivate is selected for the Settings item, all saved SSL certificate information will be permanently deleted. Please use this operation with caution.

The enhanced load balancer supports SNI. In addition to the primary certificate, it is possible to specify settings for three additional certificates. To display optional tabs #1 to #3, select Add SSL Certificate located at the top-right of the add screen. You can then set an SSL certificate for each tab.

Navigate to the SSL Certificate Expiration Date Alert Settings screen of the Simple monitoring service. Here, you can easily specify settings for the expi-ration alert of the set SSL certificate. For further details, please refer to the SSL Certificate Expiration Date Alert function page.

Plan change

After a load balancer has been created, it is possible to change the performance upper limit value that was specified at the time of creation. Select the enhanced load balancer that you want to change and then click Change Plan on the upper right.

A dialog box will be displayed. Select the performance upper limit value that you want to change.

Session maintenance function

クライアントのブラウザに対して接続ごとに一意な文字列のCookieをセットすることで、クライアントと通信する実サーバを固定化する機能です。継続的にサーバ側との双方向通信が必要となるWebアプリケーションなどで、実サーバ群が個別のクライアント追跡のための情報を共有する必要が無くなり、開発やシステムの簡略化に役立ちます。

Settings

新規作成画面内の「セッション維持」の項目で「有効にする」のチェックボックスをチェックします。

VIP failover function

The VIP failover function constantly monitors the response from the virtual IP (VIP) address that is used when the client connects to the enhanced load balancer. If no response is received, the function automatically changes to a different VIP address. This prevents a contin-ued status in which the site fails to responds due to a DoS attack, etc., and further heightens availability.

Important

When the VIP failover function is activated and an enhanced load balancer is created, the DNS name will be issued in conjunction with the VIP address as the connection point on the client side. VIP failover is initialized by changing the response IP address when lookup is per-formed for the DNS name. Therefore, in order to follow the VIP address changed by the client and ensure that the failover function operates correctly, CNAME settings must be specified for the DNS name that issued the service host name.
The estimate time from detection of VIP address non-response to failover operation is approxi-mately 5 minutes.

To activate the VIP failover function, tick the VIP Failover box on the create new screen when creating the load balancer.

Attention

After the enhanced load balancer has been created, it will no longer be possible to switch between activate/deactivate status for the VIP failover function.

After creation of the load balancer is complete, the issued DNS name can be confirmed from the Information tab.

In relation to this DNS name, set CNAME for the service domain name you want to per-form load balancing with the enhanced load balancer.

See also

example.jp zone record example settings
in the case of service domain name: secure.example.jp
and issued DNS name: site-abcdefg1234567.proxylb1.sakura.ne.jp:
secure CNAME site-abcdefg1234567.proxylb1.sakura.ne.jp.

When using the VIP failover function to change the VIP address, an email notification as shown below will sent to the email address that was set as the Emergency contact email address (if an address has not been set, the notification will be sent to the email address registered as the member ID). The email will include details of the new VIP and the time of change.

From: さくらのクラウド <noreply@sakura.ad.jp>
Subject: [エンハンスドロードバランサ] VIPフェイルオーバ発生のお知らせ

※ このメッセージは自動送信されています。

さくらのクラウドエンハンスドロードバランササービスです。
下記のご契約においてVIPの到達性がなくなったため
フェイルオーバ処理を実施しました。

リソースID:              1131000XXXXX
FQDN:                   site-XXXXXXX-proxylb1.sakura.ne.jp
旧VIP:                  163.43.XXX.XXX
新VIP:                  163.43.YYY.YYY
フェイルオーバ発生時刻:   2019-03-28 12:34:56 (JST)

上記の通りVIPが変更になっておりますので、念のためお客様にて
疎通のご確認をお願いします。

Activity graph

The number of external connections to the enhanced load balancer can be confirmed through at the Activity tab.

Connections for individual real servers can be confirmed at the Real Server tab, where real servers are registered/deleted.