Managing Backend Servers

This topic describes how to manage backend servers for use with a load balancer. For information about managing load balancers, see Managing Load Balancers.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment  you should work in.

For administrators: For a typical policy that gives access to load balancers and their components, see Let network admins manage load balancers.

Also, be aware that a policy statement with inspect load-balancers gives the specified group the ability to see all information about the load balancers. For more information, see Details for Load Balancing.

If you're new to policies, see Getting Started with Policies and Common Policies.

Working with Backend Servers

When you implement a load balancer, you must specify the backend servers (Compute instances ) to include in each backend set . The load balancer routes incoming traffic to these backend servers based on the policies you specified for the backend set. You can use the Console to add and remove backend servers in a backend set.

To route traffic to a backend server, the Load Balancing service requires the IP address of the compute instance and the relevant application port. If the backend server resides within the same VCN as the load balancer, Oracle recommends that you specify the compute instance's private IP address. If the backend server resides within a different VCN, you must specify the public IP address of the compute instance. You also must ensure that the VCN's security rules allow Internet traffic.

Warning

When you add backend servers to a backend set, you specify either the instance OCID or an IP address for the server to add. An instance with multiple VNICs attached can have multiple IP addresses pointing to it.

  • If you identify a backend server by OCID, Load Balancing uses the primary VNIC's primary private IP address.
  • If you identify the backend servers to add to a backend set by their IP addresses, it is possible to point to the same instance more than once.

To enable backend traffic, your backend server subnets must have appropriate ingress and egress security rules. When you add backend servers to a backend set, you can specify the applicable network security groups (NSGs). If you prefer to use security lists for your VCN, the Load Balancing service Console can suggest security list rules for you. You also can configure them yourself through the Networking service. See Security Lists for more information.

Tip

To accommodate high-volume traffic, Oracle strongly recommends that you use stateless security rules for your load balancer subnets.

You can add and remove backend servers without disrupting traffic.

Health Status

The Load Balancing service provides health status indicators that use your health check policies to report on the general health of your load balancers and their components. You can see health status indicators on the Console List and Details pages for load balancers, backend sets, and backend servers. You also can use the Load Balancing API to retrieve this information.

For general information about health status indicators, see Editing Health Check Policies.

Backend Server Health Summary

The Console list of a backend set's backend servers provides health status summaries that indicate the overall health of each backend server. The primary and standby load balancers both provide health check results that contribute to the health status. Health status indicators have four levels. The meaning of each level is:

  • OK: The primary and standby load balancer health checks both return a status of OK.
  • WARNING: One health check returned a status of OK and one did not.
  • CRITICAL: Neither health check returned a status of OK.
  • UNKNOWN: One or both health checks returned a status of UNKNOWN or the system was unable to retrieve metrics.

To view the health status details for a specific backend server, click its IP Address.

For guidance on detecting and correcting common issues, see Health Status.

Backend Server Health Details

The Details page for a backend set provides the same Overall Health status indicator found in the backend set's list of backend servers. It also reports the following data for the two health checks performed against each backend server:

IP ADDRESS
The IP address of the health check status report provider, which is a Compute instance managed by the Load Balancing service. This identifier helps you differentiate same-subnet load balancers that report health check status.
The Load Balancing service ensures high availability by providing one primary and one standby load balancer. To diagnose a backend server issue, you must know the source of the health check report. For example, a misconfigured security rule might cause one load balancer instance to report that a backend server is healthy. The other load balancer instance might return an unhealthy status. In this case, one of the two load balancer instances cannot communicate with the backend server. Reconfigure the security rules to restore the backend server's health status.
STATUS
The status returned by the health check. Possible values include:
  • OK

    The backend server's response satisfied the health check policy requirements.

  • INVALID_STATUS_CODE

    The HTTP response status code did not match the expected status code specified by the health policy.

  • TIMED_OUT

    The backend server did not respond within the timeout interval specified by the health policy.

  • REGEX_MISMATCH

    The backend server response did not satisfy the regular expression specified by the health policy.

  • CONNECT_FAILED

    The health check server could not connect to the backend server.

  • IO_ERROR

    An input or output communication error occurred while reading or writing a response or request to the backend server.

  • OFFLINE

    The backend server is set to offline, so health checks are not run.

  • UNKNOWN

    Health check status is not available.

LAST CHECKED
The date and time of the most recent health check.

Health status is updated every three minutes. No finer granularity is available.

Using the Console

To add one or more servers to a backend set
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. In the Resources menu, click Backend Sets, and then click the name of the backend set to which you want to add one or more backend servers.

    Tip

    If the load balancer has no backend sets, you must create one before you can specify a backend server.
  4. In the Resources menu, click Backends, and then click Add Backends.

    Tip

    You cannot add a backend server marked as Backup to a backend set that uses the IP Hash policy.
  5. Choose how to add backend servers: Specify how you want to add backend servers to the backend set:

    • Compute Instances: Choose this option to select from a list of available Compute instances.

      • Instances in <compartment>: Select (check) the instances you want to include in the backend set.

        To select instances from a different compartment, use the Change Compartment link and choose a compartment from the drop-down list.

        Tip

        You can choose instances from one compartment at a time. After you add instances from one compartment, you must repeat the Add Backends process to add instances from another compartment.

        Once you select an instance to add to the backend set, you can specify:

        • Port: Required. The backend server port to which the load balancer must direct traffic.
        • Weight: The load balancing weight assigned to the server. For more information, see How Load Balancing Policies Work.
      • Choose to manually configure subnet security list rules that allow the intended traffic or let the Load Balancing service create security list rules for you. To learn more about these rules, see Parts of a Security Rule.

        • Manually configure security list rules after the load balancer is created: When you choose this option, you must create your own rules after adding the backend servers.
        • Automatically add security list rules: When you choose this option, the Load Balancing service creates security list rules for you.

          The system displays a table for egress rules and a table for ingress rules. Each table lets you choose the security list that applies to the relevant subnet. You can then choose whether to apply the proposed rules for each affected subnet.

    • IP Addresses: Choose this option to enter the IP addresses of the backend servers (Compute instances) to add.

      • IP Address: Required. Specify the IP address of a backend server you want to add to the backend set.
      • Port: Required. Specify the server port to which the load balancer must direct traffic.
      • Weight: Required. Specify the load balancing weight to apply to this server. For more information, see How Load Balancing Policies Work.

      You can click the plus + icon to add another server to the list or click the X icon to remove a list item.

  6. Click Add.

To edit backend server settings
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. In the Resources menu, click Backend Sets, and then click the name of the backend set that includes the backend servers you want to edit.
  4. In the Resources menu, click Backends. A list of servers in the backend set appears.
  5. Select (check) the row corresponding to the backend server you want to edit.
  6. Choose an action from the Actions button drop-down list. The available actions include:

    1. Edit: Opens a single dialog box in which you can edit the port, weight, drain, offline, and backup settings.
    2. Edit Port: Opens a dialog box in which you can change the application port setting.
    3. Edit Weight: Opens a dialog box in which you can change the load balancing weight.
    4. Edit Drain State: Opens a dialog box in which you can change the drain state.

      If you set the server's drain status to true, the load balancer stops forwarding new TCP connections and new non-sticky HTTP requests to this backend server. This setting allows an administrator to take the server out of rotation for maintenance purposes.

    5. Edit Offline State: Opens a dialog box in which you can change the offline status.

      If you set the server's offline status to true, the load balance forwards no ingress traffic to this backend server.

    6. Edit Backup State: Opens a dialog box in which you can change the backup status.

      If you set the server's backup status to true, the load balancer forwards ingress traffic to this backend server only when all other backend servers not marked as backup fail the health check policy. This configuration is useful for handling disaster recovery scenarios.

      Warning

      Backend servers marked as Backup are not compatible with a load balancer that uses the IP Hash policy.
    7. Delete: Removes the server from the backend set.
    Tip

    You can select multiple servers to apply the same action to each one.
  7. Click Save Changes.
To remove a server from a backend set
  1. Open the navigation menu. Under the Core Infrastructure group, go to Networking and click Load Balancers.
  2. Click the name of the Compartment that contains the load balancer you want to modify, and then click the load balancer's name.
  3. In the Resources menu, click Backend Sets, and then click the name of the backend set from which you want to remove a server.
  4. In the Resources menu, click Backends. A list of servers in the backend set appears.

  5. Select (check) the row corresponding to the backend server you want to edit.
  6. Choose the Delete action from the Actions button drop-down list.
  7. Confirm when prompted.