User Guide - HUAWEI CLOUDstatic.huaweicloud.com/upload/files/pdf/.../20170414095949_36424.pdf · 1.1.2 Public Network Load Balancer ... Elastic Load Balance User Guide 1 Overview

Elastic Load Balance

User Guide

Issue 01

Date 2018-04-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 01 (2018-04-30) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

Contents

1 Product Description...................................................................................................................... 11.1 What Is Elastic Load Balance?.......................................................................................................................................11.2 Load Balancer Type........................................................................................................................................................11.3 Components.................................................................................................................................................................... 21.4 Functions........................................................................................................................................................................ 31.5 Advantages..................................................................................................................................................................... 31.6 Related Services............................................................................................................................................................. 41.7 Application Scenarios.....................................................................................................................................................4

2 Getting Started............................................................................................................................... 62.1 Configuration Process.....................................................................................................................................................62.2 Creating a Classic Load Balancer...................................................................................................................................72.3 Creating an Enhanced Load Balancer...........................................................................................................................15

3 Management................................................................................................................................. 243.1 Load Balancer...............................................................................................................................................................243.2 Listener......................................................................................................................................................................... 263.3 Whitelist........................................................................................................................................................................273.4 Backend ECS................................................................................................................................................................293.5 Certificate..................................................................................................................................................................... 33

4 Monitoring.................................................................................................................................... 424.1 ELB Metrics................................................................................................................................................................. 424.2 Setting Alarm Rules......................................................................................................................................................434.3 Viewing ELB Metrics...................................................................................................................................................44

5 Audit.............................................................................................................................................. 465.1 Operations Recorded by CTS....................................................................................................................................... 465.2 Viewing Audit Logs......................................................................................................................................................47

6 Best Practices................................................................................................................................ 496.1 Enhanced Load Balancer.............................................................................................................................................. 496.2 Classic Load Balancer.................................................................................................................................................. 50

7 FAQs...............................................................................................................................................517.1 Can I Adjust the Bandwidth of a Load Balancer?........................................................................................................ 517.2 What Load Balancing Algorithms Does ELB Support?...............................................................................................51

Elastic Load BalanceUser Guide Contents


ii

7.3 Does ELB Support ECSs Running Different OSs?...................................................................................................... 527.4 How Many Load Balancers Can I Have?..................................................................................................................... 527.5 How Can ELB Support Multiple Certificates?.............................................................................................................527.6 How Can I Configure a Public or Private Network Load Balancer?............................................................................527.7 What Functions Do Listeners Provide?........................................................................................................................ 527.8 What Is the Relationship Between the Load Balancing Algorithms and Sticky Session Types?.................................527.9 What Are Protocols and Frontend Ports?..................................................................................................................... 537.10 What Are ECS Protocols and Ports?.......................................................................................................................... 547.11 Is the EIP Assigned to the ELB Service Exclusively Used?...................................................................................... 547.12 What Is the Impact of Deleting a Load Balancer?......................................................................................................547.13 How Do I Rectify a Health Check Failure?................................................................................................................547.14 How Can I Obtain the Real IP Address of a Visitor?................................................................................................. 557.15 What Types of Sticky Sessions Does ELB Support?..................................................................................................55

8 Appendix.......................................................................................................................................568.1 Configure the TOA Plug-in.......................................................................................................................................... 56

9 Change History............................................................................................................................ 62

Elastic Load BalanceUser Guide Contents


iii

1 Product Description

1.1 What Is Elastic Load Balance?Elastic Load Balance (ELB) is a service that distributes incoming application traffic acrossmultiple Elastic Cloud Servers (ECSs) based on the forwarding policies. This improves thefault tolerance and increases the availability of your applications.

With ELB, you can create a load balancer, configure the listening ports, and add backendECSs to the load balancer. You can also check the running state of backend ECSs to ensurethat requests are sent to healthy ECSs.

1.2 Load Balancer TypeELB provides two types of load balancers: enhanced load balancer and classic load balancer.You can select an appropriate type based on application scenarios and requirements. Bothtypes of load balancers can be Internet-facing or internal.

Classic Load Balancer

Classic load balancers are applicable to web services with low access traffic and simpleapplication models.

Enhanced Load Balancer

Enhanced load balancers are applicable to web services with high access traffic. They forwardthe requests based on the domain name or URL, making request routing more flexible.Compared with classic load balancers, enhanced load balancers provide comprehensive Layer7 load balancing capabilities and more powerful forwarding performance.

Differencesl Application Scenarios

Enhanced load balancers forward the requests based on the domain name or URL,making request routing more flexible. Therefore, they are applicable to web serviceswith high access traffic. Compared with classic load balancers, enhanced load balancers

Elastic Load BalanceUser Guide 1 Product Description


1

provide comprehensive Layer 7 load balancing capabilities and more powerfulforwarding performance.Classic load balancers are applicable to web services with low access traffic and simpleapplication models.

l PerformanceTable 1-1 lists the functions supported by enhanced load balancers and classic loadbalancers.

Table 1-1 Function comparison

Function Classic Load Balancer Enhanced LoadBalancer

Internet-facing andinternal load balancing

Supported Supported

Load balancing at Layer 4and Layer 7

Supported UDP not supported

Load balancing algorithm(round robin, leastconnections, and source IPhash)

Supported Supported

Sticky session Supported Supported

WebSocket protocol Supported Supported

HTTP/2 protocol Not supported Supported

ECSs as backend servers Supported Supported

Access control (whitelist) Not supported Supported

Standard OpenStack APIs Not supported Supported

1.3 ComponentsELB consists of the following components:

l Load balancerA load balancer serves as a single point of contact for clients. It accepts incoming trafficfrom clients and routes requests to its backend ECSs in one or more Availability Zones(AZs). It also monitors the health of backend ECSs and ensures that it routes the trafficonly to healthy ECSs. To use ELB, you must first create a load balancer and add at leastone listener and backend ECS to the load balancer.

l ListenerAfter creating a load balancer, you need to add a listener to the load balancer. Thelistener is configured with a protocol and port number for connections from clients to theload balancer.

l Backend ECS



2

At least one ECS must be added to the load balancer to receive the requests forwarded bythe listener.

1.4 Functions

Classic Load Balancerl Protocol Compliance

Classic load balancers support the following protocols: TCP and UDP at Layer 4, andHTTP and HTTPS at Layer 7.

l Health CheckThe health check is to monitor the running state of backend ECSs so that load balancersends requests only to the ECSs that are running properly. After a faulty ECS is restored,the load balancer will send requests to this ECS again. The health check protocolsinclude TCP, UDP, and HTTP.

l Sticky SessionAfter the sticky session feature is enabled, the load balancer route requests in one sessionto the same backend ECS for processing.

l Load Balancing AlgorithmThe following algorithms are supported:– Round robin: Each connection request is forwarded to the next ECS in sequence so

that all requests are distributed evenly to all ECSs.– Least connections: New connection requests are forwarded to the ECS processing

the least connections.– Source IP hash: The source IP address of the request is used as the hash key to

identify the ECS in the static fragment table.l Certificate Management

ELB allows you to manage HTTPS certificates. You do not need to upload thecertificates the backend ECSs.

Enhanced Load Balancer

Enhanced load balancers also provide the following extra functions:

l Domain Name and URL MatchingFor Layer-7 load balancing (only HTTP is supported for now), requests can beforwarded to different backend cloud host groups based on the domain name and URL

l Access ControlA whitelist can be added to allow specified IP addresses to access the load balancers.

l ECS Weight Assigning

1.5 AdvantagesBoth types of load balancers have the following advantages:l high Performance



3

ELB can process up to 100 million concurrent connections. This makes ELB capable ofhandling massive access requests.

l High AvailabilityELB is deployed in cluster mode and can distribute incoming application traffic acrossmultiple ECSs in multiple AZs.

l Flexible ExpansionIncoming traffic is intelligently distributed to ECSs. ELB can work with Auto Scaling(AS) to flexibly expand the service capabilities of your applications.

l Easy to UseELB can be quickly deployed, and diverse protocols and algorithms are available,enabling you to easily configure load distribution policies for different scenarios.

Enhanced load balancers also feature the following:l Reliability

Both Internet-facing and internal load balancers support cross-AZ load balancing, theSLA level reaches 99.99%. The consistent hashing algorithm makes the trafficdistribution more balanced.

l Easy O&MELB allows you to monitor your applications and their performance in real time withCloud Eye metrics at the granularity of an individual listener.

1.6 Related Servicesl Virtual Private Cloud (VPC)

ELB requires elastic IP addresses and bandwidth assigned in the VPC service.l Auto Scaling (AS)

ELB can work with AS to automatically add backend ECSs to or remove backend ECSsfrom the load balancer.

l Identity and Access Management (IAM)ELB requires authentication provided by IAM.

l Cloud Trace Service (CTS)CTS records the resource operations performed on ELB resources.

l Cloud EyeAfter you have enabled ELB, you can use Cloud Eye to view the status of monitoredobjects, without requiring additional plug-ins to be installed.

1.7 Application Scenariosl High Traffic Services

For services with high volume of traffic, such as large portals and mobile applicationstores, ELB evenly distributes the access traffic to multiple backend ECSs. The stickysession feature ensures that requests from the same client are forwarded to the samebackend ECS, improving the access efficiency.

l Services with Significant Traffic Peaks



4

ELB automatically scales its request handling capacity according to the incoming traffic.Deep integration with AS enables ELB to automatically add or remove backend ECSs,improving the service flexibility. This makes ELB ideal for services that have significanttraffic peaks, such as e-commerce websites, mobile games, and live websites.

l SPOF EliminationELB routinely performs health checks backend ECSs to monitor their healthy state. If abackend ECS becomes faulty, ELB automatically distributes incoming requests tohealthy backend ECSs, ensuring the service continuity.This makes ELB the right choice for services that require high reliability, such as officialwebsites, toll collection systems, and common web services.

l Cross-AZ Load BalancingELB can distribute traffic across AZs. If an AZ becomes faulty, ELB distributes thetraffic to backend ECSs in other AZs that are running properly.Banking, policing, and large application systems can use ELB to ensure high serviceavailability.



5

2 Getting Started

2.1 Configuration ProcessWhen using ELB to distribute the incoming traffic to multiple backend ECSs, you need tocreate a load balancer, add a listener to the load balancer, configure the health check, and addbackend ECSs to the listener.

Figure 2-1 shows the configuration process.

Elastic Load BalanceUser Guide 2 Getting Started


6

Figure 2-1 Configuration flowchart

2.2 Creating a Classic Load Balancer

Scenarios

This section describes how to quickly create a classic load balancer.

Prepare for Creationl Select the network type of the load balancer.

– Public network (Internet-facing)

A public network load balancer provides load balancing services through the publicIP address, and routes requests from the clients to backend ECSs over the Internet.

– Private network (internal)

A private network load balancer provides load balancing services through theprivate IP address, and routes requests from the clients to backend ECSs in a VPC.

l Select the protocol.



7

Protocol Description Application Scenarios

Layer 4 TCP l Source IP address–basedsticky sessions

l Fast data transfer

l Scenarios that require highreliability and data accuracy,such as file transfer, emailsending and receiving, andremote login

l Web applications thatfeature a number ofconcurrent connections andrequire high performance

Layer 4 UDP l Low reliabilityl Fast data transfer

Scenarios that focus ontimeliness rather thanreliability, such as video chat,game, and real-time financialmarket information push

Layer 7 HTTP l Cookie-based stickysessions

l X-Forward-For requestheader

Applications in which the datacontent needs to be identified,such as web applications andmobile games

Layer 7 HTTPS

l An extension of HTTP forencrypted datatransmission that canprevent unauthorizedaccess

l SSL offloadingEncryption anddecryption are performedon the load balancer toreduce the work load ofbackend ECSs.

l Multiple encryptionprotocols and ciphersuites

Applications that requireencrypted transmission

l Select the load balancing algorithm.

– Round robin: Each connection request is forwarded to the next ECS in sequence sothat all requests are distributed evenly to all ECSs.

– Least connections: New connection requests are forwarded to the ECS processingthe least connections.

– Source IP hash: The source IP address of the request is used as the hash key toidentify the ECS in the static fragment table.

Create a Classic Load Balancer1. Log in to the management console.

2. In the upper left corner of the page, click and select the desired region and project.



8

3. Under Network, click Elastic Load Balance.4. On the Elastic Load Balance page, click Create Classic Load Balancer and specify the

parameters by referring to Table 2-1.

Table 2-1 Load balancer parameters

Parameter Description Example Value

Name Specifies the load balancer name. elb_01

Type Specifies the load balancer type. You canselect Public network or Private network.l Public network: A public network load

balancer the routes requests from theclients to backend ECSs over the Internet.

l Private network: A private network loadbalancer routes the requests from theclients to backend ECSs in a VPC.

Private network

VPC Specifies the VPC to which the load balancerbelongs.You can select an existing VPC or click ViewVPC to create one.For more information about VPC, see theVirtual Private Cloud User Guide.

VPC_01

AZ Specifies the AZ of a load balancer. Thisparameter is required when you selectPrivate network for Type.

AZ1

EIP Specifies the public IP address that will bebound to the load balancer for loadbalancing. This parameter is available whenyou select Public network for Type. Twooptions are available for you:l New EIP: The system will assign a new

EIP to the load balancer.l Use existing: An existing IP address will

be used.

10.154.56.194



9


EIP Type Specifies the link type (BGP) when a newEIP is used.l Static BGP: When changes occur on a

network using static BGP, carriers cannotadjust network configurations in real timeto ensure optimal user experience.

l Dynamic BGP: When changes occur on anetwork using dynamic BGP, routingprotocols provide automatic, real-timeoptimization of network configurations,ensuring network stability and optimaluser experience.

Dynamic BGP

EIP Asks you to select an EIP when you selectUse existing for EIP.

N/A

Subnet Specifies the subnet to which the loadbalancer belongs when you select Privatenetwork for Type.

N/A

Virtual IPAddress

Specifies the virtual IP address (VIP) thatwill be bound to the load balancer. Thisparameter is available when you selectPrivate network for Type. Two options areavailable:l Automatically assign: The system will

assign a VIP to the load balancer.l Manually specify: You need to enter an

IP address.

Automaticallyassign

Virtual IPAddress

Asks you to enter an IP address when youselect Manually specify for Virtual IPAddress.

Manually specify

Security Group Specifies the security group to which theload balancer belongs. This parameter isavailable when you select Private networkfor Type.

N/A

Billing Mode Specifies how you will be charged whenapplying for a new EIP. You can selectBandwidth or Traffic.

Bandwidth

Bandwidth Specifies the public network bandwidth inMbit/s.

100

Description Provides supplementary information aboutthe load balancer.

N/A

5. Click Next.6. After confirming the specifications, click Submit.



10

Add a ListenerAfter creating a load balancer, you must add a listener to this load balancer. Perform thefollowing operations to add a listener:

1. Log in to the management console.

2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. On the Elastic Load Balance page, locate the row that contains the target load balancer

and click its name.5. In the Listeners area, click Add Listener. In the displayed Add Listener dialog box,

specify the parameters by referring to Table 2-2.

Table 2-2 Listener parameters

Parameter Description ExampleValue

Name Specifies the listener name. listener01

Load BalancingProtocol/Port

Specifies the protocol and port used for loadbalancing. A public network load balancersupports the following protocols:l HTTP: load balancing at Layer 7l TCP: load balancing at Layer 4l HTTPS: encrypted load balancing at Layer 7l UDP: load balancing at Layer 4A private network load balancer supports thefollowing protocols:l HTTP: load balancing at Layer 7l TCP: load balancing at Layer 4l HTTPS: encrypted load balancing at Layer 7

TCP/80HTTP/80HTTPS/443

ECS Protocol/Port Specifies the protocol and port used by backendECSs.

TCP/22



11


Load BalancingAlgorithm

Specifies the algorithm that the load balanceruses for distributing the traffic.l Round robin: Each connection request is

forwarded to the next ECS in sequence sothat all requests are distributed evenly to allECSs.

l Least connections: New connectionrequests are forwarded to the ECSprocessing the least connections.

l Source IP hash: The source IP address ofthe request is used as the hash key to identifythe ECS in the static fragment table.

Choose an appropriate algorithm to distributethe traffic and improve load balancingcapabilities.

Round robin

Default Certificate Specifies the certificate used by an HTTPS loadbalancer.You can select an existing certificate or createone. For details about how to create acertificate, see section 3.5 Certificate.This parameter is available only when LoadBalancing Protocol is set to HTTPS.

cert-miij/9125267e1b1a4526b346cdfb9b9f856a

Enable SNI Specifies whether to enable the Server NameIndication (SNI) function when LoadBalancing Protocol is set to HTTPS.SNI is an extension to Transport Layer Security(TLS) when a server uses multiple domainnames and certificates. This function allows theclient to submit the domain name informationwhen sending an SSL handshake request. Afterreceiving the request, ELB queries the rightcertificate based on the domain name andreturns the certificate to the client. If nocertificate is found, ELB returns a default one.

N/A

SNI Certificate Specifies the certificate associated with thedomain name when Load Balancing Protocolis set to HTTPS.You can select an existing certificate or clickCreate Certificate to create one.

N/A



12


SSL Protocol Specifies the SSL protocol used by an HTTPSload balancer. This parameter is used to enable aspecified encryption protocol:l TLSv1.2l TLSv1.2 TLSv1.1 TLSv1This parameter is available only when LoadBalancing Protocol is set to HTTPS.

N/A

SSL Cipher Specifies the SSL password used by an HTTPSload balancer. The following options areavailable:l Default Cipherl Extended Cipherl Strict CipherThis parameter is available only when LoadBalancing Protocol is set to HTTPS. OnlyExtended Cipher is available when SSLProtocol is set to TLSv1.2 TLSv1.1 TLSv1.

N/A

Sticky Session Specifies whether to enable the sticky sessionfeature.After the sticky session feature is enabled, theload balancer route requests in one session tothe same backend ECS for processing.NOTE

The sticky session feature is supported only whenLoad Balancing Mode is set to Round robin.

N/A

StickinessDuration (min)

Specifies the period of time that sticky sessionswill be maintained. This parameter is availableonly when the sticky session feature is enabled.The parameter value ranges from 1 to 1440.

5

Check Mode Specifies the protocol and port used forperforming health checks on ECSs.NOTE

When UDP is used for health check, the securitygroup rules of backend ECSs must allow access usingthe ICMP protocol.

HTTP/80

Interval (s) Specifies the maximum amount of time betweenhealth checks.

5

Timeout (s) Specifies the amount of time you need to waitwhen receiving a response from the healthcheck.

10



13


Healthy Threshold Specifies the threshold at which the healthcheck result is considered normal. It indicatesthe number of consecutive successful healthchecks necessary for a backend ECS to beconsidered healthy.

3

UnhealthyThreshold

Specifies the threshold at which the healthcheck result is considered abnormal. It indicatesthe number of consecutive successful healthchecks necessary for a backend ECS to beconsidered unhealthy.

3

Check Path Specifies the health check URL. This parameteris available only when Check Mode is set toHTTP.NOTE

Special characters -/.%?#&= can be contained in thepath.

/test.html

6. Click OK.

Add Backend ECSsYou must add backend ECSs in running state to your listener so that the load balancer candistribute the traffic to the ECSs. Perform the following operations to add backend ECSs:



and click its name.5. In the Listeners area, locate the row that contains the target listener and click Add

Backend ECS in the Operation column.6. In the displayed Add Backend ECS dialog box, select the subnet and backend ECSs to

be added. You can filter backend ECSs by their name or IP address.7. Click OK.

Delete a Load BalancerYou can delete a load balancer if you do not need it any more. Perform the followingoperations to delete the listener.


2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.

1. On the Elastic Load Balance page, locate the row that contains the target load balancer,click More the Operation column, and select Delete from the drop-down list.



14

2. In the displayed Delete Load Balancer dialog box, click OK.

NOTE

If the load balancer has listeners, delete the listeners before deleting the load balancer.

2.3 Creating an Enhanced Load Balancer

Scenarios

This section describes how to quickly create an enhanced load balancer.

Prepare for Creationl Select the protocol.

Protocol Description Application Scenario

Layer 4 TCP l Source IP address–basedsticky sessions

l Fast data transfer

l Scenarios that requirehigh reliability and dataaccuracy, such as filetransfer, email sendingand receiving, andremote login

l Web applications thatfeature a number ofconcurrent connectionsand require highperformance

Layer 7 HTTP l Cookie-based stickysessions

l X-Forward-For requestheader

Applications in which thedata content needs to beidentified, such as webapplications and mobilegames

Layer 7 HTTPS l Unified certificatemanagementYou can upload certificatesto the load balancer. Thedecryption operations areperformed on the loadbalancer to reduce the workload of backend ECSs.

l Multiple encryptionprotocols and cipher suites

Applications that requireencrypted transmission

l Select the load balancing algorithm.

– Weighted round robin: Connection requests are forwarded to backend ECSs insequence based on the weight you have assigned so that all requests are evenlydistributed to the ECSs.



15

– Weighted least connections: New connection requests are forwarded to the ECSprocessing the least connection requests, and the number of requests handled by thisECS depends on the assigned weight value.

– Source IP hash: The source IP address of the request is used as the hash key toidentify the ECS in the static fragment table.

Create an Enhanced Load Balancer1. Log in to the management console.

2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. On the Elastic Load Balance page, click Create Enhanced Load Balancer and specify

the parameters based on Table 2-3.



Name Specifies the load balancer name. elb93wd

VPC Specifies the VPC to which the loadbalancer belongs.You can select an existing VPC or clickView VPC to create one.For more information about VPC, see theVirtual Private Cloud User Guide.

vpc-4536

Subnet Specifies the subnet to which the loadbalancer belongs.

subnet-4536

Virtual IPAddress

Specifies the IP address of the load balancer.You can select Automatically assign orManually specify. If you select Manuallyspecify, enter an IP address.

Manually specify

Virtual IPAddress

Asks you enter an IP address for the loadbalancer if you select Manually specify forVirtual IP Address.

192.168.1.10



16


EIP Specifies the public IP address that will bebound to the load balancer for routing theaccess requests received from clients overthe Internet to multiple ECSs.The following options are available:l Not required: No EIP will be bound to

the load balancer. Therefore, the loadbalancer cannot receive requests fromclients over the Internet.

l New EIP: The system will assign a newEIP.

l Use existing: An existing EIP will bebound to the load balancer. You need toselect an EIP.

Use existing

EIP Type Specifies the link type (BGP) when a newEIP is used.l Static BGP: When changes occur on a

network using static BGP, carriers cannotadjust network configurations in realtime to ensure optimal user experience.

l Dynamic BGP: When changes occur ona network using dynamic BGP, routingprotocols provide automatic, real-timeoptimization of network configurations,ensuring network stability and optimaluser experience.

Dynamic BGP

Billing Mode Specifies how you will be charged whenapplying for a new EIP. You can selectBandwidth or Traffic.

Bandwidth

Public NetworkBandwidth(Mbit/s)

Specifies the public network bandwidthwhen a new EIP is used.

100

Description Provides supplementary information aboutthe load balancer.

N/A

5. Click Next.

6. Confirm the specifications and click Submit.

Add a Listener1. Log in to the management console.


3. Under Network, click Elastic Load Balance.



17

4. On the Elastic Load Balance page, locate the row that contains the target load balancerand click its name.

5. In the Listeners area, click Add Listener.6. In the displayed Add Listener dialog box, configure the parameters by referring to

Table 2-4. When Protocol is set to HTTPS, a certificate must be deployed for the loadbalancer.


Item Parameter Description Example Value

Listener Name Specifies the listener name. listener01

Protocol/Frontend Port

Specifies the protocol and portused for load balancing.The port value ranges from 1 to65535, and the followingprotocols are available:l HTTP: load balancing at

Layer 7l TCP: load balancing at

Layer 4l HTTPS: HTTPS-based load

balancing

HTTP/80

BackendProtocol

Specifies the protocol and portused by backend ECSs.

N/A

Certificates Specifies the certificate to beused when the frontend protocolis HTTPS.

-

Description Provides supplementaryinformation about the listener.

N/A

BackendECS group

Backend ECSGroup

Specifies a group of backendECSs that have the samefeatures.l Create nowl Not required

Create now



18


LoadBalancingAlgorithm

Specifies the algorithm that theload balancer uses fordistributing the traffic.l Weighted round robin:

Connection requests areforwarded to backend ECSsin sequence based on theweight you have assigned sothat all requests are evenlydistributed to the ECSs.

l Weighted leastconnections: Newconnection requests areforwarded to the ECSprocessing the leastconnection requests, and thenumber of requests handledby this ECS depends on theassigned weight value.

l Source IP hash: The sourceIP address of the request isused as the hash key toidentify the ECS in the staticfragment table.

NOTEChoose an appropriate algorithm todistribute the traffic and improveload balancing capabilities.

Weighted roundrobin



19


Sticky SessionType

After the sticky session featureis enabled, the load balancerroute requests in one session tothe same backend ECS forprocessing.Specifies the sticky sessiontype. The following options areavailable:l Source IP hash: The source

IP address of the request isused as the hash key toidentify the ECS in the staticfragment table.

l HTTP cookie: The loadbalancer generates a cookieafter it receives a requestfrom a client. All thesubsequent requests with thecookie are distributed to thesame backend ECS forprocessing.

l App cookie: This type ofsticky session relies onbackend applications. Allrequests with the cookiegenerated by backendapplications are distributedto the same backend ECS forprocessing.

NOTEOnly Source IP address isavailable when TCP is used as thefrontend protocol. If HTTP orHTTPS is used as the frontendprotocol, the sticky session typecan be HTTP cookie or Appcookie. Choose an appropriatesticky session type to distribute theaccess traffic and improve loadbalancing capabilities.

Source IP address

Cookie Name Specifies the cookie name.When App cookie is selected,you need to enter a cookiename.

cookie1223

Description Provides supplementaryinformation about the backendECS group.



20


Healthcheck

Health CheckMode

Specifies the protocol used forhealth check. The value can beTCP or HTTP and cannot bemodified once it is set.

HTTP

Specifies theport used forhealth check.

The value ranges from 1 to65535.NOTE

If no health check port is specified,the port of each backend ECS isused.

80

Interval (s) Specifies the maximum amountof time between health checks.

5

Timeout (s) Specifies the amount of timeyou need to wait when receivinga response from the healthcheck.

10

Check Path Specifies the health check path,which is a URL. This parameteris required if Health CheckMode is set to HTTP.

/index.html

MaximumRetries

Specifies the maximum numberof retries for the health check.The value ranges from 1 to 10.

3

HTTP Method Specifies the HTTP requestmethod. This parameter isrequired if Health Check Modeis set to HTTP.

GET

HTTP StatusCode

Specifies the returned statuscode for an HTTP. Thisparameter is required if HealthCheck Mode is set to HTTP orHTTPS.

201

7. Click OK.

Add a WhitelistYou can add a whitelist of specified IP addresses to control access to the listener.

For detailed operations, see section 3.3 Whitelist.



21

NOTICEAdding the whitelist may cause risks. Once the whitelist is set, only the IP addresses specifiedin the whitelist can access the listener.If access control is enabled but no whitelist is added, the listener cannot be accessed.

Add Backend ECSs

You must add backend ECSs in running state to your listener so that the load balancer candistribute the traffic to the ECSs. Perform the following operations to add backend ECSs:



and click its name.5. Click Backend ECS Group, locate the row that contains the target listener, and click

Add Backend ECS in the Operation column.6. Enter the backend port number and select the backend ECSs to be added. You can filter

backend ECSs by their name or private IP address.7. Click OK.

Bind an EIP to a Load Balancer

You can bind an EIP to a load balancer to receive requests over the Internet.


2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. Locate the row that contains the target load balancer and click its name.5. On the load balancer details page, click Bind following EIP and select the EIP to be

bound from the drop-down list.

6. Click to bind the EIP to the load balancer.

NOTE

Click Unbind if you do not need this EIP.

Delete a Load Balancer

You can delete a load balancer if you do not need it any more. Perform the followingoperations to delete the listener.





22

1. On the Elastic Load Balance page, click Delete in the Operation column.2. In the displayed Delete Load Balancer dialog box, click OK.

NOTE

If the load balancer has listeners, delete the listeners before deleting the load balancer.



23

3 Management

3.1 Load Balancer

OverviewA load balancer serves as a single point of contact for clients. To load balance, you mustcreate a load balancer and add at least a listener and backend ECS to the load balancer.

ELB provides two types of load balancers: enhanced load balancer and classic load balancer.You can select an appropriate type based on application scenarios and requirements.

For details about how to create a classic load balancer, see section 2.2 Creating a ClassicLoad Balancer. For details about how to create an enhanced load balancer, see section 2.3Creating an Enhanced Load Balancer.

Internet-facing Load BalancerA public network load balancer provides load balancing services through the public IPaddress, and routes requests from the clients to backend ECSs over the Internet.

Elastic Load BalanceUser Guide 3 Management


24

Figure 3-1 Internet-facing load balancer

Internal Load BalancerA private network load balancer provides load balancing services through the private IPaddress, and routes requests from the clients to backend ECSs in a VPC.



25

Figure 3-2 Internal load balancer

3.2 Listener

Scenarios

After creating a load balancer, you need to add at least one listener to the load balancer. Alistener is a process that checks for connection requests using the protocol and port numberfor connections from clients to the load balancer.

The listener defines the health check configuration, through which the load balancerautomatically checks the running state of backend ECSs. If a backend ECS becomes faulty,the load balancer will stop forwarding the traffic to this ECS.

Add a Listener1. Log in to the management console.


3. Under Network, click Elastic Load Balance.


5. In the Listeners area, click Add Listener.

6. In the displayed Add Listener area, specify the parameters as prompted.

For detailed parameter descriptions of enhanced load balancers, see Table 2-4. Fordetailed parameter descriptions of classic load balancers, see Table 2-2.



26

Delete a Listener1. Log in to the management console.


and click its name.5. In the Listeners area, perform the following operation:

– Locate the row that contains the target listener, click More in the Operationcolumn, and select Delete to delete an enhanced load balancer.

– Locate the row that contains the target listener, click Delete in the Operationcolumn to delete a classic load balancer.

NOTE

If the listener has a backend ECS, remove the ECS first.

3.3 WhitelistYou can add a whitelist to specify the IP addresses that can access the listener.

NOTICEOnly enhanced load balancers provide this function. Adding the whitelist may cause servicerisks. Once the whitelist is set, only the IP addresses specified in the whitelist can access thelistener.If access control is enabled but no whitelist is added, the listener cannot be accessed.

Add a Whitelist1. Log in to the management console.



5. In the Listeners area, locate the row that contains the target listener, click More in theOperation column, and select Configure Access Control from the drop-down list. Inthe displayed Configure Access Control dialog box, enable Access Control and enterthe IP addresses as prompted.



27

Figure 3-3 Configuring access control

Table 3-1 Parameter description


Access Control l If access control isenabled but nowhitelist is not added,no IP address isallowed to access thelistener.

l If access control isenabled and thewhitelist is added, onlyIP addresses specifiedin the whitelist canaccess the listener.

l If access control isdisabled, load listenercan be accessed fromany IP address.

-



28


Whitelist Lists the IP addresses ornetwork segments that canaccess the listener.NOTE

A maximum of 300 IPaddresses or networksegments can be entered. Acomma (,) is used to separateevery two IP addresses ornetwork segments.

10.168.2.24,10.168.16.0/24

6. Click OK.

3.4 Backend ECS

Scenarios

This section provides operations for you to add backend ECSs to a load balancer or removeECSs from a load balancer when you do not want to use them.

Before adding a backend ECS, check whether the security group rule of the backend ECS isconfigured to permit 100.125.0.0/16 in the inbound direction, and configure the protocol andport used for health check. Otherwise, the health check cannot be performed on the addedbackend ECS.

Add Backend ECSs1. Log in to the management console.


and click its name.5. Backend ECS

– For classic load balancers, locate the row that contains the target listener and clickAdd Backend ECS in the Operation column. In the displayed Add Backend ECSdialog box, select the subnet and backend ECSs to be added.

– For enhanced load balancers, click the Backend ECS Group tab, locate the targetECS group, and click Add Backend ECS in the Operation column.

6. Click OK.

Remove Backend ECSs1. Log in to the management console.




29


5. Select the backend ECSs to be removed.– For classic load balancers, locate the target listener in the Listeners area and click

the number in the Backend ECSs column. In the displayed Remove Backend ECSdialog box, select the ECSs.

– For enhanced load balancers, click Backend ECS Group and locate the target ECSgroup. Click the number in the Backend ECSs column. In the displayed RemoveBackend ECS dialog box, select the ECSs.

6. To remove a single backend ECS, locate the row that contains the target ECS and clickRemove in the Operation column. To remove multiple backend ECSs, select all ECSsto be removed and click Remove above the ECS list.

7. In the dialog box displayed, click OK.

Add a Backend ECS GroupYou can add a backend ECS group only for an enhanced load balancer. Perform the followingoperation to add the backend ECS group:



and click its name.5. Under the Backend ECS Group tab, click Add Backend ECS Group. In the displayed

dialog box, specify the parameters.

Table 3-2 Backend ECS group parameters


BackendECS group

Name Specifies the name of thebackend ECS group.

pool-6wk8

BackendProtocol

l HTTPl TCP

HTTP



30








Weighted roundrobin

Sticky Session After the sticky session featureis enabled, the load balancerroute requests in one session tothe same backend ECS forprocessing.NOTE

The sticky session feature issupported only when LoadBalancing Mode is set to Roundrobin.

-



31


Sticky SessionType





Source IP address


cookie1223


Healthcheck

Health CheckMode


HTTP


5



32



10


/index.html

MaximumRetries


3

3.5 Certificate

ScenariosA certificate is required when the listener uses the HTTPS protocol. You can upload acertificate and bind it to the listener to provide the HTTPS service.

Create a Certificate1. Log in to the management console.

2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. On the displayed page, click the Certificates tab.5. Click Create Certificate and configure the following parameters in the displayed dialog

box.– Load Balancer Type: Select Enhanced or Classic.– Certificate Name– Description– Certificate Content: The content must be in PEM format.– Private Key

Private Key: This must be an unencrypted private key. The format is as follows:



33

NOTE

l Private Key

Private Key: This must be an unencrypted private key. The format is as follows:-----BEGIN PRIVATE KEY-----[key]-----END PRIVATE KEY-----

l If a certificate chain is used, you need to configure all the content and private keys fromthe sub-certificate to the root certificate and ensure that the content is configured in thesame sequence as the private keys.

For example, if you have three certificates in a sequence of sub-certificate > intermediatecertificate > root certificate, the configuration sequence is the same.

6. Click OK.

Delete a Certificate

Only certificates that are not in use can be deleted.


2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. On the displayed page, click the Certificates tab.5. Locate the row that contains the target certificate and click Delete in the Operation

column.6. In the displayed dialog box, click OK.

Modify a Certificate1. Log in to the management console.

2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. On the displayed page, click the Certificates tab.5. Locate the row that contains the target certificate and click Modify in the Operation

column.6. In the displayed Modify Certificate dialog box, modify the certificate information.7. Click OK.

Bind a Certificate1. Log in to the management console.

2. In the upper left corner of the page, click and select the desired region and project.3. Under Network, click Elastic Load Balance.4. On the Elastic Load Balance page, locate the target load balancer and click its name.5. In the Listeners area, click Add Listener.6. In the displayed Add Listener dialog box, specify the parameters as prompted. When

Protocol is set to HTTPS, a certificate must be deployed for the load balancer.



34

Table 3-3 Listener parameters


Name Specifies the listener name. listener01

Load BalancingProtocol/Port

Specifies the protocol and port used for loadbalancing. A public network load balancersupports the following protocols:l HTTP: load balancing at Layer 7l TCP: load balancing at Layer 4l HTTPS: encrypted load balancing at Layer 7l UDP: load balancing at Layer 4A private network load balancer supports thefollowing protocols:l HTTP: load balancing at Layer 7l TCP: load balancing at Layer 4l HTTPS: encrypted load balancing at Layer 7

TCP/80HTTP/80HTTPS/443

ECS Protocol/Port Specifies the protocol and port used by backendECSs.

TCP/22


Specifies the algorithm that the load balanceruses for distributing the traffic.l Round robin: Each connection request is

forwarded to the next ECS in sequence sothat all requests are distributed evenly to allECSs.

l Least connections: New connectionrequests are forwarded to the ECSprocessing the least connections.

l Source IP hash: The source IP address ofthe request is used as the hash key to identifythe ECS in the static fragment table.

Choose an appropriate algorithm to distributethe traffic and improve load balancingcapabilities.

Round robin

Default Certificate Specifies the certificate used by an HTTPS loadbalancer.You can select an existing certificate or createone. For details about how to create acertificate, see section 3.5 Certificate.This parameter is available only when LoadBalancing Protocol is set to HTTPS.

cert-miij/9125267e1b1a4526b346cdfb9b9f856a



35


Enable SNI Specifies whether to enable the Server NameIndication (SNI) function when LoadBalancing Protocol is set to HTTPS.SNI is an extension to Transport Layer Security(TLS) when a server uses multiple domainnames and certificates. This function allows theclient to submit the domain name informationwhen sending an SSL handshake request. Afterreceiving the request, ELB queries the rightcertificate based on the domain name andreturns the certificate to the client. If nocertificate is found, ELB returns a default one.

N/A

SNI Certificate Specifies the certificate associated with thedomain name when Load Balancing Protocolis set to HTTPS.You can select an existing certificate or clickCreate Certificate to create one.

N/A

SSL Protocol Specifies the SSL protocol used by an HTTPSload balancer. This parameter is used to enable aspecified encryption protocol:l TLSv1.2l TLSv1.2 TLSv1.1 TLSv1This parameter is available only when LoadBalancing Protocol is set to HTTPS.

N/A

SSL Cipher Specifies the SSL password used by an HTTPSload balancer. The following options areavailable:l Default Cipherl Extended Cipherl Strict CipherThis parameter is available only when LoadBalancing Protocol is set to HTTPS. OnlyExtended Cipher is available when SSLProtocol is set to TLSv1.2 TLSv1.1 TLSv1.

N/A

Sticky Session Specifies whether to enable the sticky sessionfeature.After the sticky session feature is enabled, theload balancer route requests in one session tothe same backend ECS for processing.NOTE

The sticky session feature is supported only whenLoad Balancing Mode is set to Round robin.

N/A



36


StickinessDuration (min)

Specifies the period of time that sticky sessionswill be maintained. This parameter is availableonly when the sticky session feature is enabled.The parameter value ranges from 1 to 1440.

5

Check Mode Specifies the protocol and port used forperforming health checks on ECSs.NOTE

When UDP is used for health check, the securitygroup rules of backend ECSs must allow access usingthe ICMP protocol.

HTTP/80

Interval (s) Specifies the maximum amount of time betweenhealth checks.

5

Timeout (s) Specifies the amount of time you need to waitwhen receiving a response from the healthcheck.

10

Healthy Threshold Specifies the threshold at which the healthcheck result is considered normal. It indicatesthe number of consecutive successful healthchecks necessary for a backend ECS to beconsidered healthy.

3

UnhealthyThreshold

Specifies the threshold at which the healthcheck result is considered abnormal. It indicatesthe number of consecutive successful healthchecks necessary for a backend ECS to beconsidered unhealthy.

3

Check Path Specifies the health check URL. This parameteris available only when Check Mode is set toHTTP.NOTE

Special characters -/.%?#&= can be contained in thepath.

/test.html



Listener Name Specifies the listener name. listener01



37


Protocol/Frontend Port

Specifies the protocol and portused for load balancing.The port value ranges from 1 to65535, and the followingprotocols are available:l HTTP: load balancing at

Layer 7l TCP: load balancing at

Layer 4l HTTPS: HTTPS-based load

balancing

HTTP/80

BackendProtocol

Specifies the protocol and portused by backend ECSs.

N/A

Certificates Specifies the certificate to beused when the frontend protocolis HTTPS.

-

Description Provides supplementaryinformation about the listener.

N/A

BackendECS group

Backend ECSGroup

Specifies a group of backendECSs that have the samefeatures.l Create nowl Not required

Create now



38








Weighted roundrobin



39


Sticky SessionType

After the sticky session featureis enabled, the load balancerroute requests in one session tothe same backend ECS forprocessing.Specifies the sticky sessiontype. The following options areavailable:l Source IP hash: The source

IP address of the request isused as the hash key toidentify the ECS in the staticfragment table.




Source IP address


cookie1223




40


Healthcheck

Health CheckMode


HTTP

Specifies theport used forhealth check.

The value ranges from 1 to65535.NOTE

If no health check port is specified,the port of each backend ECS isused.

80


5


10


/index.html

MaximumRetries


3

HTTP Method Specifies the HTTP requestmethod. This parameter isrequired if Health Check Modeis set to HTTP.

GET

HTTP StatusCode

Specifies the returned statuscode for an HTTP. Thisparameter is required if HealthCheck Mode is set to HTTP orHTTPS.

201

7. Click OK.



41

4 Monitoring

4.1 ELB MetricsAfter you enable the ELB service, you can view the status of the load balancer on the CloudEye console without installing any plug-in. Table 4-1 lists the monitoring metrics of theclassic and enhanced load balancers and Table 4-2 lists monitoring metrics of the enhancedload balancing listener.

Table 4-1 Monitoring metrics of the classic and enhanced load balancers

Metric Description

ConcurrentConnections

Specifies the total number of concurrent connections processed by themonitored object.

ActiveConnections

Specifies the total number of active connections processed by themonitored object.

InactiveConnections

Specifies the total number of inactive connections processed by themonitored object.

NewConnections

Specifies the total number of new connections processed by themonitored object.

IncomingPackets

Specifies the number of incoming packets on the monitored object persecond.

OutgoingPackets

Specifies the number of outgoing packets on the monitored object persecond.

Inbound Rate Specifies the number of incoming bytes on the monitored object persecond.

Outbound Rate Specifies the number of outgoing bytes on the monitored object persecond.

AbnormalHosts

Specifies the number of abnormal backend ECSs.

Elastic Load BalanceUser Guide 4 Monitoring


42

Metric Description

Normal Hosts Specifies the number of normal backend ECSs.

Table 4-2 Monitoring metrics of enhanced load balancing listeners

Metric Description

ConcurrentConnections

Specifies the total number of concurrent connections processed by themonitored object.

ActiveConnections

Specifies the total number of active connections processed by themonitored object.

InactiveConnections

Specifies the total number of inactive connections processed by themonitored object.

NewConnections

Specifies the total number of new connections processed by themonitored object.

IncomingPackets

Specifies the number of incoming packets on the monitored object persecond.

OutgoingPackets

Specifies the number of outgoing packets on the monitored object persecond.

Inbound Rate Specifies the number of incoming bytes on the monitored object persecond.

Outbound Rate Specifies the number of outgoing bytes per second on the monitoredobject.

4.2 Setting Alarm Rules1. Log in to the management console.2. Under Management & Deployment, click Cloud Eye.3. In the left navigation pane, choose Alarm > Alarm Rule.4. On the Alarm Rule page, click Add Alarm Rule to add an alarm rule, or modify an

existing alarm rule.The following operations use the modification of an existing alarm rule as an example.

a. Click the name of the target alarm rule.b. In the upper right corner of the displayed tab page, click Modify.c. On the Modify Alarm Rule page, set parameters as prompted.



43

Figure 4-1 Modifying an alarm rule

d. Click OK.

After the alarm rule is modified, the system automatically sends you a notificationwhen an alarm that complies with the alarm rule is generated.

NOTE

For more information about ELB alarm rules, see Cloud Eye User Guide.

4.3 Viewing ELB Metrics

Scenarios

Cloud Eye can be used monitor the running state of your load balancers. You can view themetrics of each load balancer on the management console.

Monitored data requires a period of time for transmission and display. The status of each loadbalancer displayed on the Cloud Eye dashboard is not the latest. For a load balancer that isjust created, you need to wait for about 5 minutes to 10 minutes to view its monitoring data.

Prerequisitesl The load balancer has been running properly for a period of time.

Cloud Eye does not display the metrics of stopped, faulty, or deleted load balancers.

NOTE

Cloud Eye stops monitoring load balancers that remain in stopped or faulty state for over 24 hoursand removes them from the monitoring list. However, the alarm rules for such load balancers arenot automatically deleted.

l You have configured alarm rules for your load balancers.

Without alarm rules configured in Cloud Eye, the monitoring data is unavailable. Fordetails, see section 4.2 Setting Alarm Rules.



44

Procedure1. Log in to the management console.2. Under Management & Deployment, click Cloud Eye.3. In the navigation pane on the left, choose Cloud Service Monitoring > Elastic Load

Balance in the Operation column.4. Locate the target load balancer and click View Monitoring Graph.



45

5 Audit

With Cloud Trace Service (CTS), you can record operations associated with ELB for laterquery, audit, and backtrack operations.

5.1 Operations Recorded by CTSTable 5-1 lists the operations that can be recorded by CTS.

Table 5-1 ELB operations that can be recorded by CTS

Action Resource Type Trace

Configuring access logs accesslog create access log

Deleting access logs accesslog delete access log

Creating a certificate certificate create certificate

Updating a certificate certificate update certificate

Deleting a certificate certificate delete certificate

Creating a health check healthmonitor create healthmonitor

Updating a health check healthmonitor update healthmonitor

Deleting a health check healthmonitor delete healthmonitor

Adding a forwardingpolicy

l7policy create forwarding policy

Updating a forwardingpolicy

l7policy update forwarding policy

Deleting a forwardingpolicy

l7policy delete forwarding policy

Adding a forwarding rule l7rule create forwarding rule

Updating a forwarding rule l7rule update forwarding rule

Elastic Load BalanceUser Guide 5 Audit


46

Action Resource Type Trace

Deleting a forwarding rule l7rule delete forwarding rule

Adding a listener listener create listener

Updating a listener listener update listener

Deleting a listener listener delete listener

Creating a load balancer loadbalancer create loadbalancer

Updating a load balancer loadbalancer update loadbalancer

Deleting a load balancer loadbalancer delete loadbalancer

Adding a backend ECS member add backend ecs

Updating a backend ECS member update backend ecs

Removing a backend ECS member remove backend ecs

Creating a backend ECSgroup

pool create backend member group

Updating a backend ECSgroup

pool update backend member group

Deleting a backend ECSgroup

pool delete backend member group

5.2 Viewing Audit Logs

Scenarios

After CTS is enabled, CTS starts recording operations on cloud resources. The CTSmanagement console stores the last seven days of operation records.

This section describes how to query the last seven days of operation records on the CTSconsole.

Procedure1. Log in to the management console.

2. Click in the upper left corner of the management console and select a region andproject.

3. Click Service List. Under Management & Deployment, choose Cloud Trace Service.4. Choose Trace List in the navigation pane on the left.5. Specify the filters used for querying traces. The following four filters are available:

– Trace Source, Resource Type, and Search BySelect the filter from the drop-down list.



47

When you select Trace name for Search By, you also need to select a specific tracename.When you select Resource ID for Search By, you also need to select or enter aspecific resource ID.When you select Resource name for Search By, you also need to select or enter aspecific resource name.

– Operator: Select a specific operator (a user other than tenant).– Trace Rating: Available options include all trace status, normal, warning, and

incident. You can only select one of them.– Start time and end time: You can specify the time period to query traces.

6. Click on the left of a trace to expand its details.

Figure 5-1 Expanding trace details

7. Click View Trace in the Operation column. On the displayed View Trace dialog box,view details of the trace.

Figure 5-2 View Trace



48

6 Best Practices

6.1 Enhanced Load Balancer

ScenariosFor web services where users need to register and log in, such as www.taobao.com andwww.yhd.com (two online shopping malls in China), HTTP load balancing is recommended.The client and load balancer can communicate through a direct connection or VPN.

Prerequisitesl Web messages are forwarded over HTTP.l Cookie session persistence is enabled (a cookie ensures that requests of a user are sent to

the same ECS for processing, preventing login exception and timeout).l Requests can be evenly distributed (requests of different users are forwarded to different

ECSs to balance load).l Service fault detection and isolation are available.

Configuration Referencel Select a protocol.

– Select HTTP.l Select an algorithm.

– Weighted round robinl Enable Sticky Session.l Configure health check.

– Select either the TCP or HTTP health check mode. If you select the HTTP checkmode, you must ensure that an ECS health check page is available and that 200 isreturned when you visit the page.

Elastic Load BalanceUser Guide 6 Best Practices


49

6.2 Classic Load Balancer

ScenariosRequests from the same client are forwarded to the same ECS for processing.

l The load balancer forwards data using TCP.l A large number of long connections exist.l Backend ECSs can evenly process messages.l Requests from the same client must be forwarded to the same ECS for processing.

Configuration Reference1. Create a load balancer. Specify the following information as required:

– Name– Public network for Type– VPC– Bandwidth

2. Add a listener. Specify the following information as required:– Select TCP for Load Balancing Protocol.– Select TCP for ECS Protocol.– Select Round robin for Load Balancing Mode.– Enable Sticky Session.– Configure Stickiness Duration, which must be longer than the session timeout

duration. For example, if the session timeout duration is 3000s, you can setStickiness Duration to 3600s.

– Select TCP for Check Mode.3. Add backend ECSs. Select the target ECSs.4. Check the health status of the target ECSs.

Elastic Load BalanceUser Guide 6 Best Practices


50

7 FAQs

7.1 Can I Adjust the Bandwidth of a Load Balancer?You can adjust the bandwidth of a public network load balancer by adjusting that of the boundEIP. For details about how to modify the EIP bandwidth, see the Virtual Private Cloud UserGuide.

7.2 What Load Balancing Algorithms Does ELB Support?l Classic load balancers support the following algorithms:

– Round robin: sends requests to backend ECSs in polling mode. This forwardingrule applies to short-connection services, such as the HTTP service.

– Least connections: preferentially sends requests to the backend ECS with the leastconnections. This forwarding rule applies to long-connection services, such as thedatabase service.

– Source IP hash: The source IP address of the request is used as the hash key toidentify the ECS in the static fragment table. Requests from the same client will bedispatched to a specific backend ECS. This rule applies to TCP connections of loadbalancers that do not use cookies.

l The enhanced load balancers support the following algorithms:

– Weighted round robin: Connection requests are forwarded to backend ECSs insequence based on the weight you have assigned so that all requests are evenlydistributed to the ECSs. This algorithm is often used for short connections, such asHTTP services.

– Weighted least connections: New connection requests are forwarded to the ECSprocessing the least connection requests, and the number of requests handled by thisECS depends on the assigned weight value. This algorithm is often used for longconnections, such as database connection services.

– Source IP hash: The source IP address of the request is used as the hash key toidentify the ECS in the static fragment table. Requests from the same client will bedispatched to a specific backend ECS. This rule applies to TCP connections of loadbalancers that do not use cookies.

Elastic Load BalanceUser Guide 7 FAQs


51

7.3 Does ELB Support ECSs Running Different OSs?Yes.

ELB has no requirements for the OSs used on backend ECSs, only if your ECSs haveconsistent data and the same applications deployed. Although there are no specificrequirements for backend OSs, it is recommended that you install the same OS on all of yourECSs to simplify operation and maintenance (O&M).

7.4 How Many Load Balancers Can I Have?By default, a single user can create 10 enhanced load balancers and five classic loadbalancers.

If you need more load balancers, you can apply for a higher quota. The maximum number ofload balancers is 255.

7.5 How Can ELB Support Multiple Certificates?Each listener supports only one certificate or certificate chain. If you have multiplecertificates or certificate chains, you need to create more listeners.

7.6 How Can I Configure a Public or Private NetworkLoad Balancer?

When you create an enhanced load balancer, a virtual IP address (VIP) will be assigned and aprivate network load balancer is created by default. If you bind a public network IP address tothe VIP, the load balancer can serve as a public network load balancer. An enhanced loadbalancer supports public and private network access simultaneously.

When creating a classic load balancer, you can choose the public or private network type.

7.7 What Functions Do Listeners Provide?Listeners specify the load balancing protocol and port, ECS protocol and port, and forwardingpolicy.

7.8 What Is the Relationship Between the Load BalancingAlgorithms and Sticky Session Types?

The sticky session feature ensures that requests from the same user are forwarded to the samebackend ECS. Three types of sticky sessions are available. Table 7-1 and Table 7-2 list therelationships between load balancing algorithms and sticky session types.



52

Table 7-1 Session stickiness of enhanced load balancers


Sticky Session Type Layer 4 (TCP) Layer 7 (HTTP/HTTPS)

Weighted roundrobin

Source IP address Supported Not supported

HTTP cookie N/A Supported

App cookie N/A Supported

Weighted leastconnections

Source IP address Supported Not supported



Source IP address Source IP address Supported Supported



Table 7-2 Session stickiness of classic load balancers


Sticky SessionType

Layer 4 (TCP/UDP)

Layer 7 (HTTP/HTTPS)

Round robin Source IP address Supported Not supported


App cookie N/A Not supported

Least connections Source IP address Supported Not supported



Source IP address Source IP address Supported Supported



Round robin is recommended. Layer-4 sticky sessions use source IP addresses, and layer-7sticky sessions use HTTP cookies.

7.9 What Are Protocols and Frontend Ports?Enhanced load balancers support load balancing using TCP (layer 4), as well as HTTP andHTTPS (layer 7) protocols. Classic load balancers support load balancing using TCP andUDP (Layer 4), as well as HTTP and HTTPS (Layer 7). You can select a protocol and portbased on the service to provide.



53

Protocol Function

TCP Application deployment using TCP

UDP Application deployment using UDP

HTTP Web application

HTTPS Web applications using HTTPS

7.10 What Are ECS Protocols and Ports?Backend ECSs provide network service protocols and ports. For example, if InternetInformation Services (IIS) is installed on a Windows ECS, the default protocol is HTTP, andthe default port is 80.

7.11 Is the EIP Assigned to the ELB Service ExclusivelyUsed?

In the life cycle of your ELB service, this EIP is exclusively used by your ELB.

7.12 What Is the Impact of Deleting a Load Balancer?If your load balancer IP address has been correctly resolved to the domain name and the loadbalancer provides services properly, do not delete the load balancer. If the load balancer isdeleted, its IP address and service configuration will be released, and the deleted data cannotbe restored. If you recreate the load balancer, a new IP address will be assigned. You can alsospecify the original IP address when creating the load balancer.

7.13 How Do I Rectify a Health Check Failure?The ELB system initiates a heartbeat check on backend ECSs, and the load balancercommunicates with backend ECSs over an intranet. To achieve a successful health check, youmust ensure that your ECSs are routable from the intranet. You can perform the followingsteps to rectify a health check failure.

1. In the Listener area, locate the row that contains the listener for which the health checkfails, and click View in the Health Check column. A dialog box is displayed.– Health Check Mode: Ensure that the protocol has been configured and port has

been enabled for the ECS to be checked.– Check Path: If HTTP is used for the health check, check whether the health check

path for the ECS is correct.2. Ensure that software, such as the firewall, in the ECS, does not block the health check

source IP addresses.3. Check whether the rules of backend ECS security groups and network ACL allow access

by 100.125.0.0/16, and configure the protocol and port used for health check. Obtain thehealth check protocol and port from the dialog box displayed in 1.



54

– If the health check mode is not specified, the service port of the backend ECS willbe used.

– If the specified health check port is different from that of the backend ECS, both thehealth check port and service port must be permitted.

4. If the health check failure persists, contact technical support.

7.14 How Can I Obtain the Real IP Address of a Visitor?Layer-7 (HTTP) load balancing automatically obtains real IP addresses of visitors using theX-Forwarded-For HTTP header. This function is enabled by default and cannot be disabled.

Layer-4 (TCP) load balancing requires the TOA kernel module to obtain real IP addresses.

7.15 What Types of Sticky Sessions Does ELB Support?The enhanced load balancer supports the source IP address, HTTP_COOKIE, andAPP_COOKIE sticky session types. The classic load balancer supports the source IP addressand HTTP_COOKIE sticky session types.



55

8 Appendix

8.1 Configure the TOA Plug-in

Scenarios

ELB provides customized service management strategies for customers. Before customizingthe management strategies, ELB needs to obtain the IP address contained in the originalaccess request. The TOA kernel module installed on backend ECSs can be used to obtain IPaddresses (only IPv4 IP addresses) contained in the access requests.

This section describes how to compile the TOA kernel module in the OS.

The operations of configuring the TOA module for Linux OSs with kernel version of 2.6.32are different from those for Linux OSs with kernel version of 3.0 or later.

NOTE

It has been verified that the TOA module can work properly in any of the following OSs, but it does notsupport load balancers using the UDP protocol:

l CentOS 6.8 (kernel version 2.6.32)

l SUSE 11 SP3 (kernel version 3.0.76)

l CentOS 7/7.2 (kernel version 3.10.0)

l Ubuntu 16.04.3 (kernel version 4.4.0)

l OpenSUSE 42.2 (kernel version 4.4.36)

l CoreOS 10.10.5 (kernel version 4.9.16)

Prerequisitesl The development environment for compiling the kernel module must be the same as that

of the current kernel.l VMs can access the OS repositories.l Users other than root must have sudo permissions.

Procedurel In the following operations, the Linux kernel version is 3.0 or later.

Elastic Load BalanceUser Guide 8 Appendix


56

1. Prepare the compilation environment.

The following are operations for compiling the kernel module in different Linux OSs.Choose appropriate operations as needed.

– CentOS

i. Run the following command to install the GCC:

sudo yum install gcc

ii. Run the following command to install the make tool:

sudo yum install make

iii. Run the following command to install the kernel module development package(the versions of the development package header and module library must bethe same as that of the kernel):

sudo yum install kernel-devel-`uname -r`

– Ubuntu


sudo apt-get install gcc


sudo apt-get install make


sudo apt-get install linux-headers-`uname -r`

– SUSE


sudo zypper install gcc


sudo zypper install make


sudo zypper install kernel-default-devel

– CoreOS

For CoreOS, the kernel module is to be compiled in a container, which must bestarted before the kernel module is compiled.

For detailed operations, see the CoreOS documentation. Obtain the documentationfrom the following link:

https://coreos.com/os/docs/latest/kernel-modules.html

2. Compile the Kernel module.

a. Use the git tool and run the following command to download the TOA kernelmodule source code:

git clone https://github.com/Huawei/TCP_option_address.git



57

https://coreos.com/os/docs/latest/kernel-modules.html

NOTE

If the git tool is not installed, download the TOA kernel module source code from thefollowing link:

https://github.com/Huawei/TCP_option_address

b. Run the following commands to enter the source code directory and compile themodule:cd srcmakeIf no warning or error information is prompted, the compilation is successful. Verifythat the toa.ko file has generated in the current directory.

3. Load the Kernel module.

a. Run the following command to load the kernel module:sudo insmod toa.ko

b. Run the following command to check the module loading and to view the kerneloutput information:dmesg | grep TOAIf TOA: toa loaded is displayed in the command output, the kernel module hasloaded.

NOTE

After compiling the CoreOS kernel module in the container, copy the kernel module to thehost system and then load it in the host system. Because the container for compiling thekernel module shares the /lib/modules directory with the host system, you can copy thekernel module in the container to this directory so that the host system can use it.

4. Set the script for automatically loading the kernel module.To make the TOA kernel module take effect upon system start, you can add thecommand for loading the TOA kernel module to your startup script.You can use either of the following methods to automatically load the kernel module:– Add the command for loading the TOA kernel module to the customized startup

script as required.– Perform the following operations to configure the startup script:

i. Create the toa.modules file in the /etc/sysconfig/modules/ directory. This filecontains the TOA kernel module loading script.The following is an example of the content in the toa.modules file.#!/bin/sh/sbin/modinfo -F filename /root/toa/toa.ko > /dev/null 2>&1if [ $? -eq 0 ]; then/sbin/insmod /root/toa/toa.kofi/root/toa/toa.ko is the path of the TOA kernel module file. You need toreplace it with their actual path.

ii. Run the following command to add execution permissions for the toa.modulesstartup script:sudo chmod +x /etc/sysconfig/modules/toa.modules



58

https://github.com/Huawei/TCP_option_address

NOTE

After the kernel is upgraded, the current TOA kernel module does not match.Therefore, you need to compile the TOA kernel module again.

5. Install the Kernel module on multiple nodes.

To load the kernel module in the same OSs, copy the toa.ko file to VMs where thekernel module is to be loaded and then perform the operations in 3.

After the kernel module is successfully loaded, applications can obtain real IP addresscontained in the request.

NOTE

The OS version of the node must be the same as that of the kernel.

l In the following operations, the Linux kernel version is 2.6.32.

NOTE

The TOA plug-in supports the OSs (CentOS 6.8 image) with a kernel of 2.6.32-xx. Perform thefollowing steps to configure the TOA kernel module:

1. Obtain the kernel source code package Linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gzcontaining the TOA module from the following link:

http://kb.linuxvirtualserver.org/images/3/34/Linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz

2. Decompress the kernel source code package.

3. Modify compilation parameters.

a. Open the linux-2.6.32-220.23.1.el6.x86_64.rs folder.

b. Edit the net/toa/toa.h file.

Change the value of #define TCPOPT_TOA200 to #define TCPOPT_TOA254.

c. On the shell page, run the following commands:

sed -i 's/CONFIG_IPV6=m/CONFIG_IPV6=y/g' .config

echo -e '\n# toa\nCONFIG_TOA=m' >> .config

After the configuration, the IPv6 module is compiled into the kernel. TOA iscompiled into a separate kernel module and can be independently started andstopped.

d. Edit Makefile.

You can add description after the equal sign in EXTRAVERSION =. Thedescription will be displayed in uname -r, for example, -toa.

4. Run the following command to compile the software package:

make -j n

NOTE

n indicates the number of vCPUs. For example, if there are four vCPUs, n can be set to 4.

5. Run the following command to install the kernel module:

make modules_install

The following information is displayed.



59



Figure 8-1 Installing the kernel module

6. Run the following command to install the kernel:make installThe following information is displayed.

Figure 8-2 Installing the kernel

7. Open the /boot/grub/grub.conf file and configure the kernel startup upon system start.

a. Change the default startup kernel from the first kernel to the zeroth kernel. To do so,change default=1 to default=0.

b. Add the nohz=off parameter to the end of the line containing the vmlinuz-2.6.32-toa kernel. If nohz is not disabled, the CPU0 usage may be high, causing unevenstress.

Figure 8-3 Configuration File

c. Save the modification and exit. Restart the OS.During the restart, the system will load the vmlinuz-2.6.32-toa kernel.

8. After the restart, run the following command to load the TOA module:modprobe toa



60

You are advised to add the modprobe toa command to the startup script and the systemscheduled monitoring script.

Figure 8-4 Adding the modprobe toa command

After the TOA module is loaded, query the kernel information.

Figure 8-5 Querying the kernel



61

9 Change History

Release Date Description

2018-04-30 This issue is the first official release.

Elastic Load BalanceUser Guide 9 Change History


62

Documents

User Guide - HUAWEI CLOUDstatic.huaweicloud.com/upload/files/pdf/.../20170414095949_36424.pdf · 1.1.2 Public Network Load Balancer ... Elastic Load Balance User Guide 1 Overview