Creating a Network Load Balancer Backend Set

Create a backend set to create logical entities consisting of a network load balancing policy, health check policy, and a list of backend servers for a network load balancer.

For prerequisite information, see Backend Sets for Network Load Balancers.

    1. On the Network load balancers list page, select the network load balancer that you want to work with. If you need help finding the list page or the network load balancer, see Listing Network Load Balancers.
    2. On the details page, select Backend sets.
    3. Select Create backend set.
    4. Enter the following information:
      • Name: Specify a friendly name for the backend set. It must be unique within the load balancer, and it can't be changed. Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.

      • IP protocol version: The network load balancer listener and backend set must use the same IP protocol version.
      • Preserve source ID: Check to preserve the original source and destination header (IP addresses and ports) of each incoming packet all the way to the backend server.

      • Health check: Specify the test parameters to confirm the health of backend servers.

          • Protocol: Specify the protocol to use for health check queries:

            • HTTP

            • HTTPS

            • TCP

            • UDP

            • DNS See DNS Health Checking for more information on how to configure your health check policies for the DNS protocol.

            Important

            Configure the health check protocol to match the application or service. See Health Check Policies.

            For both TCP and UDP, the provided data must be base64 encoded. Use any base64 encoding tool to convert the plain text strings to based64 encoded strings, and use the encoded strings for the health check configuration. For example, the following plain text string:

            this is the request data for my NLB backend health check

            is encoded as:

            dGhpcyBpcyB0aGUgcmVxdWVzdCBkYXRhIGZvciBteSBOTEIgYmFja2VuZCBoZWFsdGggY2hlY2s

            The encoded string is what undergoes the health check configuration.

            The supported maximum length of the string before base64 encoding is 1024 bytes. If the string exceeds the limit, the configuration call fails with an HTTP status code 400.

          • Transport protocol: (DNS only) Specify the transport protocol used to send traffic when DNS is selected as the protocol:

            • UDP

            • TCP

          • Port: Specify the backend server port against which to run the health check. You can enter the value '0' to have the health check use the backend server's traffic port.

          • Interval in MS: Specify how often to run the health check, in milliseconds. The default is 10000 (10 seconds).

          • Timeout in MS: Specify the maximum time in milliseconds to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. The default is 3000 (3 seconds).

          • Number of retries: Specify the number of retries to try before a backend server is considered "unhealthy." This number also applies when recovering a server to the "healthy" state. The default is 3.

          • Request Data: (Required for UDP, and optional for TCP only) Enter the request message included in the request. This request data is included in the single request to the backend server. The request data is compared against the response data

          • Response Data: (Required for UDP, and optional for TCP only) Enter the response message against which the health check feature sends a single request to the backend server is compared. If a match, the health check passes.

          • Status code: (HTTP and HTTPS only) Specify the status code a healthy backend server must return.

          • URL path (URI): (HTTP and HTTPS only) Specify a URL endpoint against which to run the health check.

          • Response body (regular expression): Provide a regular expression for parsing the response body from the backend server.

          • Query name: (DNS only) Provide a DNS domain name for the query.

          • Query class: (DNS only) Select from the following options:

            • IN: Internet (default)

            • CH: Chaos

          • Query type: (DNS only) Select from the following options:

            • A: Indicates a hostname corresponding IPv4 address. (default)

            • AAAA: Indicates a hostname corresponding IPv6 address.

            • TXT: Indicates a text field.

          • Acceptable response codes: Select one or more from the following options:

            • RCODE:0 NOERROR DNS query completed successfully.

            • RCODE:2 SERVFAIL Server failed to complete the DNS request.

            • RCODE:3 NXDOMAIN Domain name doesn't exist.

            • RCODE:5 REFUSED The server refused to answer for the query.

          • Fail open: (Optional) Select to have the network load balancer continue to move traffic to the backend servers in this backend set using the current configuration, even if all the backend servers' states becomes unhealthy.

          • Enable instant failover: (Required for DNS, optional for all other protocols) Select to redirect existing traffic to a healthy backend server if the current backend server becomes unhealthy. This feature doesn't work if Fail open is enabled and all backend servers become unhealthy.

      • Show advanced options: Click this link to access more options. Select the tab for the corresponding functionality:

        • Load balancing policy: Select one of the following load balancing policies:

          5-Tuple hash: This policy distributes incoming traffic based on 5-Tuple (source IP and port, destination IP and port, protocol) Hash.

          3-Tuple hash This policy ensures that requests from a particular client are always directed to the same backend server based on 3-Tuple (source IP, destination IP, protocol) Hash.

          2-Tuple hash: This policy routes incoming traffic to the same backend server based on 2-Tuple (Source/Destination) Hash.

    5. Click Create backend set.

    The backend set you created appears in the Backend set list.

  • Use the oci nlb backend-set create command and required parameters to create a network load balancer backend set:

    oci nlb backend-set create --name name --network-load-balancer-id network_load_balancer_ocid --health-checker health_checker --policy policy [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateBackendSet operation to create a backend set for a network load balancer.