Enabling Network Load Balancer Backed Set Source Preservation
Configure your network load balancer's backend set so that the original source IP of the packet is preserved when it is forwarded to the member backend servers.
These instructions are for enabling the Source Preservation feature in an existing network load balancer backend set. You can enable this feature when you first create the backend set. See Creating a Backend Set for more information.
If you enable this option, the network load balancer preserves the source IP of the packet when it is forwarded to backend servers that are members of the configured backend set. Backend servers see the original source IP. If source/destination preservation is enabled for the network load balancer (see Enabling Source/Destination Preservation), then this parameter cannot be disabled. The value is true by default. No network address translation (NAT) occurs on the source IP and port.
If enabled, the compute instance selects the backend servers. Otherwise, you can add the backend servers using IP addresses.
There can be approximately 21,500 active connections to the backend server listener port per Availability Domain (AD) when source preservation is not enabled in the backend set configuration. If incoming connections from all the ADs are distributed evenly, the number of active connections per backend server listener port in a three-AD region can reach 64,500. You can either add more listener ports at the same backend server or use alternative backend servers to scale the number of active connections per network load balancer.
- On the Network load balancers list page, select the network load balancer that you want to work with. If you need help finding the list page or the network load balancer, see Listing Network Load Balancers.
- On the details page, select Backend sets.
- From the Actions menu for the backend set you want, select Edit.
- Select Preserve source IP to preserve the header information (IP addresses and ports) of incoming packets all the way to the backend server. Clear to disable this feature.
- Click Save changes.
Use the
--is-preserve-source trueoption when running the oci nlb backend-set create or oci nlb backend-set update commands to create or update a network load balancer's backend set, respectively, to preserve the source IP:oci nlb backend-set create --name name --network-load-balancer-id network_load_balancer_ocid ... --is-preserve-source trueor
oci nlb backend-set update --backend-set-name backend_set_name --network-load-balancer-id network_load-balancer_ocid ... --is-preserve-source trueFor a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Include the
isPreserveSource=trueoption when creating or updating a network load balancer's backend set, respectively, to preserve the source IP. See CreateBackendSet or UpdateBackendSet for more information.