Enabling Network Load Balancer Backed Set Source Preservation

Configure your network load balancer's backend set so that the original source IP of the packet is preserved when it is forwarded to the member backend servers.

These instructions are for enabling the Source Preservation feature in an existing network load balancer backend set. You can enable this feature when you first create the backend set. See Creating a Backend Set for more information.

If you enable this option, the network load balancer preserves the source IP of the packet when it is forwarded to backend servers that are members of the configured backend set. Backend servers see the original source IP. If source/destination preservation is enabled for the network load balancer (see Enabling Source/Destination Preservation), then this parameter cannot be disabled. The value is true by default. No network address translation (NAT) occurs on the source IP and port.

If enabled, the compute instance selects the backend servers. Otherwise, you can add the backend servers using IP addresses.

Note

There can be approximately 21,500 active connections to the backend server listener port per Availability Domain (AD) when source preservation is not enabled in the backend set configuration. If incoming connections from all the ADs are distributed evenly, the number of active connections per backend server listener port in a three-AD region can reach 64,500. You can either add more listener ports at the same backend server or use alternative backend servers to scale the number of active connections per network load balancer.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Network load balancer. The Network load balancers page appears.
    2. Select the Compartment from the list. All network load balancers in that compartment are listed in tabular form.
    3. Select a State from the list to limit the network load balancers displayed to that state.
    4. Select the network load balancer containing the backend set that you want to edit. The network load balancer's Details page appears.
    5. Click Backend sets under Resources. The Backend sets list appears. All backend sets are listed in tabular form.
    6. Click the backend set that you want to edit. The backend set's Details page appears.
    7. Click Edit.

      You can also click the Actions menu (Actions Menu) for the backend set you want to edit and select Edit. The Edit backend set dialog box appears.

    8. Check Preserve source IP to preserve the header information (IP addresses and ports) of incoming packets all the way to the backend server. Clear to disable this feature.
    9. Click Save changes.
  • Use the --is-preserve-source true option when running the oci nlb backend-set create or oci nlb backend-set update commands to create or update a network load balancer's backend set, respectively, to preserve the source IP:

    oci nlb backend-set create --name name --network-load-balancer-id network_load_balancer_ocid ... --is-preserve-source true

    or

    oci nlb backend-set update --backend-set-name backend_set_name --network-load-balancer-id network_load-balancer_ocid ... --is-preserve-source true

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Include the isPreserveSource=true option when creating or updating a network load balancer's backend set, respectively, to preserve the source IP. See CreateBackendSet or UpdateBackendSet for more information.