Advanced traffic management with IBM Cloud Load Balancer
Learn about the various advanced traffic-management features available with the IBM Cloud® Load Balancer service.
Max connections
Use the max connections configuration to limit the maximum number of concurrent connections against a given front-end virtual port. The maximum concurrent connections against a given front-end virtual port or system-wide across
all front-end virtual ports is 15000. By default, it is set to the maximum value of 15000.
Session persistence
The load balancer supports session persistence based on the source IP of the connection. As an example, if you have source IP type session persistence that is enabled for port 80 (HTTP), then subsequent HTTP connection
attempts from the same source IP client are persistent on the same back-end server. This feature is available for all three supported protocols (HTTP, HTTPS, and TCP).
The load balancer also supports session persistence based on the HTTP Cookie. For example, if you have HTTP Cookie type session persistence that is enabled for port 80 (HTTP), when the load balancer receives its first
response from the back-end server, it adds a cookie with the name IBMCLB and a value of back-end server UUID in the response header. All subsequent HTTP requests with this cookie that arrives at the load balancer
are persistent on the same back-end server. This feature is available for both HTTP and HTTPS.
HTTP keep alive
The load balancer supports HTTP keep alive when it is enabled on both the client and back-end servers. The load balancer attempts to reuse the server-side HTTP connections to increase connection efficiency and reduce latency.
Connection timeouts
The following timeout values are used by the load balancer:
| Name | Description | Default timeout | User configurable |
|---|---|---|---|
| Server-side connection attempt | The maximum time window that the load balancer can use to establish a TCP connection with the back-end server. If the connection attempt is unsuccessful, the load balancer tries the next available server, according to the load-balancing method that you configured. | 5 seconds | No |
| Client-side idle connection | The maximum idle time after which the load balancer brings down the client-side connection, if the client failed to close its connection properly. | 50 seconds | Yes |
| Server-side idle connection | The maximum idle time (with back-end protocol configuration of TCP) after which the load balancer closes the server-side connection. When HTTP is used as the back-end protocol, if the load balancer doesn't receive an HTTP response within the idle timeout period, it returns an error message to the client. | 50 seconds | Yes |
Server-side and client-side idle connection timeout values can be configured by using the API, cURL or from the CLI.
You can configure the server timeout (ParameterName: serverTimeout) and client timeout (ParameterName: clientTimeout) value in seconds up to 2 hours (Range: 1 - 7200 seconds) by using UpdateLoadBalancerProtocols method of SoftLayer_Network_LBaaS_Listener service. If you do not provide the server or client timeout values, the load balancer uses the default value (mentioned in the table) for the corresponding timeout.
Setting the timeout value with the API
You can set the client and server timeout values with the API and cURL.
To set the timeout value with the API, follow these steps:
import SoftLayer
from pprint import pprint
#Your load balancer UUID
uuid = 'set me'
#New protocols to add
protocolConfigurations = [
{
"listenerUuid": "69fad83a-e850-4b72-a4d3-af94d5bf5437",
"serverTimeout": 60,
"clientTimeout": 60
},
{
"listenerUuid": "e4b8cfd0-1e27-4d3e-a8ed-595b198cd683",
"frontendPort": 1450,
"maxConn": 1002,
"serverTimeout": 80,
"clientTimeout": 80
}
]
#Create the API client
client = SoftLayer.Client()
listener_service = client['Network_LBaaS_Listener']
_mask = "mask[listeners]"
try:
response = listener_service.updateLoadBalancerProtocols(uuid, protocolConfigurations, mask=mask)
pprint(response)
except SoftLayer.SoftLayerAPIError as e:
print("Unable to add protocols: %s, %s" % (e.faultCode, e.faultString))
For more information, see updating a protocol in the IBM Cloud Load Balancer API reference page.
To set the timeout values by using cURL, follow these steps:
-
Get load balancer information:
curl -g -u $SL_USER:$SL_APIKEY -X POST -d '{"parameters":["CLB_UUID"]}' 'https://api.softlayer.com/rest/v3.1/SoftLayer_Network_LBaaS_LoadBalancer/getLoadBalancer' | jq -
Get load balancer listeners:
curl -g -u $SL_USER:$SL_APIKEY -X GET 'https://api.softlayer.com/rest/v3.1/SoftLayer_Network_LBaaS_LoadBalancer/CLB_ID/getListeners' | jq -
Use the listener ID you obtained in the previous step to get listener details:
curl -g -u $SL_USER:$SL_APIKEY -X GET 'https://api.softlayer.com/rest/v3.1/SoftLayer_Network_LBaaS_Listener/CLB_LISTENER_ID/getObject' | jq -
Set client or server timeout values:
curl -g -u $SL_USER:$SL_APIKEY -X POST -d '{"parameters": ["LB_UUID", [{"listenerUuid": "LISTENER_UUID", "clientTimeout": 1000}]]}' 'https://api.softlayer.com/rest/v3.1/SoftLayer_Network_LBaaS_Listener/updateLoadBalancerProtocols.json' | jqObtain the load balancer UUID and listener UUID from the previous steps.
Setting the timeout value from the CLI
To set the timeout values from the CLI, follow these steps:
-
Get the load balancer list in your account:
ibmcloud sl loadbal list -
Get the ID of the required load balancer for which you want set the timeout value:
ibmcloud sl loadbal detail <LB-id> -
Edit the parameters obtained from previous command:
ibmcloud sl call-api SoftLayer_Network_LBaaS_Listener updateLoadBalancerProtocols --parameters '["LB_UUID",[{"tlsCertificateId":null,"listenerUuid":"LISTENER_UUID","clientTimeout": <Value in seconds>}]]' -
Verify your changes:
ibmcloud sl loadbal detail <LB-id>
Setting long idle connection timeout values can cause your data path traffic to experience latencies or be blocked because the idle connections are counted toward the maximum concurrent connections of 15,000. Consider the idle connection timeout value along with the maximum number of concurrent connections to ensure that your data path traffic is not disrupted.
Preserving end-client IP address
IBM Cloud Load Balancer works as a reverse proxy, which handles incoming traffic from the client. It establishes a separate connection to the back-end server instance by using its own IP address. For HTTP connections with the back-end servers
(against front-end HTTP or HTTPS connections), the load balancer preserves the original client IP address by including it inside the X-Forwarded-For HTTP header. For TCP connections, the original client IP information is not preserved.
Preserving end-client protocol
IBM Cloud Load Balancer preserves the original protocol that is used by the client for front-end HTTP and HTTPS connections by including it inside the X-Forwarded-Proto HTTP header. This behavior does not apply to TCP protocols
because the load balancer does not look at Layer-7 traffic when the TCP protocol is used.