Create HTTP Load Balancer

Objective

This guide provides instructions on how to create a HTTP load balancer in VoltConsole using guided configuration that walks you through the steps of configuring meta data to advanced configuration. This includes configuring the required objects for the virtual host. To know more about virtual host concepts, see Virtual Host.

Using guided creation for HTTP load balancer, you can create the following types of load balancers:

  • HTTP load balancer
  • HTTPS load balancer with your own TLS certificate
  • HTTPS load balancer with automatic TLS certificate (minted by Volterra)

Using the instructions provided in this guide, you can perform the following:

  • Create and advertise a HTTP load balancer
  • Create and advertise a HTTPS load balancer with your TLS certificate or with the certificate minted by Volterra.

Automatic Certificate Generation

In case of HTTPS load balancer with automatic TLS certificate, Volterra generates certificates for the domains using the LetsEncrypt Automatic Certificate Management Environment (ACME) server. Volterra acts as the ACME client and obtains the certificates as per the following sequence:

CnfSeq
Figure: Automatic Certificate Generation Sequence

The following is the list of activities for automatic certificate generation:

  • Volterra acts as ACME client and creates a new order with the domain configured in the virtual host.
  • LetsEncrypt issues a DNS challenge for a TXT record to be created under the domain with specified text message. It also provides a nonce that Volterra requires to sign with its private key pair.
  • Volterra adds the required TXT record in the delegated domain and verifies that the TXT record is resolved.

    Note: This requires the parent DNS domain to be configured with the NS record pointing to the delegated name servers. For instructions, see the Delegate Domain document.

  • Once the record is resolved, Volterra notifies LetsEncrypt CA that it is ready to finalize the validation.
  • LetsEncrypt validates that the challenge is satisfied and verifies the signature on the nonce.
  • Volterra sends a certification signing request asking LetsEncrypt CA to issue a certificate for the specified domain.
  • LetsEncrypt CA verifies the signatures on the request and issues a certificate for the domain.

The certificates issued by the automatic generation process have a validity period of 90 days. Volterra performs automatic renewal before the expiry and obtains new certificates.


Prerequisites

The following prerequisites apply:

  • VES account

  • A valid DNS domain delegated to Volterra.

    • Note: For instructions on how to delegate your domain to Volterra, see Delegate Domain.
  • A Volterra CE site in case of deploying your applications on CE site.

    • Note: If you do not have a site, create a site using the instructions included in the Create a Site guide. See Deploy guides to deploy your applications on Volterra network cloud or edge cloud.

Configuration

The following video shows a tutorial for HTTP load balancer creation:

The configuration option to create the HTTP load balancer guides you through the steps for required configuration. This document covers each guided step and explains the required actions to be performed for each step.

Step 1: Log into the VoltConsole and navigate to the HTTP load balancer configuration.

Change to your application namespace. You can navigate to the HTTP load balancers from either of the following ways:

  • Select Virtual Hosts in the configuration menu and Load Balancers -> HTTP Load Balancers in the options.

NavVHs
Figure: Navigation through Virtual Hosts Menu

  • Select Manage in the configuration menu and HTTP Load Balancers in the options.

NavMan
Figure: Navigation through Manage Menu

Step 2: Start the load balancer creation and enter metadata and basic configuration.

Click Add HTTP load balancer to open the load balancer creation form and perform following steps:

Step 2.1: Configure metadata, domains, and load balancer type.
  • Enter a name in the Metadata section.
  • Select from the left menu or scroll to the Basic Configuration section and enter domain name in the Domains field. Click Add item to add more domains.
  • Select an option for the Select Type of Load Balancer. The following are the supported options:

    • Select HTTP to create the HTTP load balancer.
    • Select HTTPS to create the HTTPS load balancer with automatic TLS certificate.
    • Select HTTPS with BYOC to create the HTTP load balancer with your TLS certificate.

This example configures HTTPS load balancer with automatic TLS certificate.

Metadata
Figure: Metadata and Basic Configuration

Note: Optionally, select HTTP Redirect to HTTPS and Add HSTS Header checkboxes for HTTPS or HTTPS with BYOC options. In case of HTTPS with BYOC, set the TLS configuration using the Configure option under the HTTP Loadbalancer TLS Parameters field.

Step 2.2: Configure default route origin pools.

Click Configure in the Default Route Origin Pools field and add origin pool as per the following guidelines:

  • Click Add item in the Default Route Origin Pools screen and in the Origin Pool field, select an existing pool or click Create new pool to load a new pool creation form. This example shows creating new pool.
  • In the pool creation form, enter a name for your pool in the metadata section.
  • In the Select Type of Origin Server field of Basic Configuration section, select a type of origin server. This example sets the default option of Public DNS Name of Origin Server.
  • Enter DNS name for the DNS Name field.
  • Optionally, enter a port number in the Port field, select an option for the LoadBalancer Algorithm and Endpoint Selection fields.
  • Optionally, select a healthcheck object or create one from the Health Check object field in the List of Health Check(s) section.
  • Optionally, select TLS for the Enable TLS for Origin Servers field. Set an SNI for SNI field, select an option for the Origin Servers Verification field, enter a URL for the Trusted CA URL field, and select MTLS for the MTLS with Origin Servers field and configure TLS certificates using the Configure option under the enabled MTLS field.
  • Click Continue to apply the origin pool to the Default Route Origin Pools configuration.
  • Optionally, configure a weight to the origin pool using the Weight option and click Apply to add the origin pool.

This example shows configuring two origin servers and round robin algorithm to select a server for requests.

OrigPools
Figure: Default Origin Pool Configuration

Step 3: Optionally, configure routes.

Select from the left menu or scroll down to the Routes Configuration section and perform the following:

  • Click Configure and on the Routes screen, click Add item.
  • Select an option in the Select Type of Route field as per the following guidelines:

    • Select Simple Route to match a patch and/or HTTP methods to forward the matching traffic to origin pools configured. Select method for HTTP Method and a path for the Path Match field. You can also configure specific origin pools for this using the Configure option in the Origin Pools field enabled for the simple route option.
    • Select Redirect Route to match a patch and/or HTTP methods to redirect the matching traffic to another URL. Select method for HTTP Method and a path for the Path Match field. Configure the redirect parameters Protocol, Host, Path for redirect URL, and Response Code.
    • Select Direct Response to match a patch and/or HTTP methods to send the response directly to the matching traffic. Select method for HTTP Method and a path for the Path Match field. Click Configure option in the Direct Response field, enter a response code, enter response text, and click Apply.

routes
Figure: Route Configuration

  • Click Apply to add the route.

Note: You can click Add item and add more routes as per your requirement.

Step 4: Configure VIP advertisement.

Select from the left menu or scroll down to the VIP Configuration section and select an option for the Where to Advertise the VIP as per the following guidelines:

aps
Figure: VIP Advertisement Options

  • Select Advertise on Internet to advertise the default VIP on the public network.
  • Select Advertise on Internet (Specified VIP) and enter an IP address in the Public IP field to advertise that IP as VIP on the public network.
  • Select Advertise Custom, click Configure in the Advertise Custom field enabled, and perform the configuration as per the following guidelines:

    • Select Site or Virtual Site or vK8s Service Network on RE options for the Select Where to Advertise field and select appropriate reference objects in the Reference fields. In case of site, you can also optionally set an IP address as the VIP.
    • Configure a TCP listener port or select default option for the TCP Listen Port Choice field. The default option sets port 80 for the HTTP load balancer and 443 for the HTTPS load balancer.

    vip
    Figure: VIP Custom Advertisement

    • Click Apply to add the custom VIP advertisement configuration.
  • Select Do Not Advertise to disable VIP advertisement.

This example configures VIP advertisement on internet.

IntAp
Figure: VIP Advertisement on Internet

Step 5: Optionally, set security configuration.

Select from the left menu or scroll down to the Security Configuration section and perform the configuration as per the following guidelines:

  • Click Configure in the CORS Policy field and set CORS policy configuration such as allow origin, methods, headers, etc. Click Apply to associate the CORS policy to the load balancer.
  • Select an option for the Select Web Application Firewall (WAF) Config field and select WAF or WAF rule accordingly. You can also create a WAF or WAF rule using the create option.
  • Select an option for the Select Type of Challenge and select a type of challenge and set the associated configuration using the enabled Edit option. Click Apply to apply the set configuration for the type of challenge selected.
  • Select an option for the User Identification Policy field and select an existing policy or create a new policy.
  • Select an option for the Rate Limiting field and use the enabled Edit option to configure the rate limiting parameters. Click Apply to apply the set rate limit parameters to the load balancer.

security
Figure: Security Configuration

Step 6: Optionally, set advanced configuration.

Select from the left menu or scroll down to the Advanced Configuration section and perform the configuration as per the following guidelines:

  • Click Add Location checkbox to specify the RE site name in the header responses.
  • Click Configure in the More Options field and perform the configuration as per the following guidelines:

    • Click Configure and add details in the Header Options field for each of the request headers and response headers fields to specify add and remove headers accordingly. Set a maximum value for the Maximum Request Header Size field.
    • In the Miscellaneous Options field, enter buffer value for the buffer policy, content length and type for the compression parameters, and custom error responses. Select the optional checkboxes as per your requirement.

headers misc
Figure: Headers and Miscellaneous Options Configuration

  • Click Apply to add the advanced configuration to the load balancer.
Step 7: Complete creating the load balancer.
  • Click Continue to complete creating the load balancer.

final
Figure: Load Balancer Created

  • Wait for the DNS Info and TLS Info to display the VIRTUAL_HOST_READY and CertificateValid values.
  • Verify that the requests to your virtual host domain are processed and load balanced between the configured origin servers.

Concepts


API References