Contact UsGet started

Creating a backend group

Written by
Updated at October 17, 2024

To create a backend group:

  1. In the management console, select the folder you want to create a backend group in.

  2. In the list of services, select Application Load Balancer.

  3. In the left-hand panel, select Backend groups.

  4. Click Create backend group.

  5. Enter a name for the backend group.

  6. Select the backend group type:

    • HTTP: For HTTP or HTTPS traffic.
    • gRPC: For HTTP or HTTPS traffic with gRPC procedure calls.
    • Stream: For unencrypted TCP traffic or TCP traffic with TLS encryption support.

  7. (Optional) Enable session affinity. HTTP and gRPC backend groups support the following session affinity modes:

    • By IP address.
    • By HTTP header.
    • By cookie.

    Stream backend groups support session affinity by client IP address.

    Note

    Currently, session affinity only works if a single backend is active (has a positive weight) in a group of backends, includes one or more target groups, and the MAGLEV_HASH load balancing mode is selected for it.

  8. Under Backends, click Add. Specify the backend settings:

    • Backend Name.

    • Weight: Backend relative weight when distributing traffic. If the option is disabled in the field, the backend endpoints will not receive any traffic (weight will be equal to 0).

    • Backend Type (for an HTTP backend group): Target group (Application Load Balancer target groups) or Bucket (Object Storage bucket). For a gRPC or Stream backend group, the type of any backend is Target group. For more information about backend types, see Backend types.

    • The settings described below are only applicable to backends of the Target group type:

      • Under Load balancing settings:

        • Balancing mode: Mode for distributing traffic across backend endpoints.
        • Panic mode threshold: Percentage of healthy endpoints for enabling panic mode: the load balancer will distribute requests across all endpoints, regardless of health check results.
        • Locality aware routing: Percentage of incoming traffic that a load balancer node routes to the backends from its availability zone. The remaining traffic is evenly distributed between other availability zones. For more information, see Locality aware routing.
        • Strict locality: If this option is enabled, the load balancer will respond with an error (503 Service Unavailable) if no application backends are running in the availability zone that accepted the request.

      • Under Protocol settings:

        • For a HTTP backend group:

          • HTTP/2: Option to use HTTP/2 when routing requests to the backend of an HTTP backend group. By default, the protocol version is 1.1. Backend groups of the gRPC type only support HTTP/2 connections.

          • Protocol: Backend connection protocol: HTTP (without encryption) or HTTPS (with TLS encryption). For HTTPS, specify:

            • SNI: Host domain name for Server Name Indication, an extension to the TLS protocol.
            • Trusted root certificate: Specify a root CA for a certificate chain installed on backend endpoints. X.509 certificates in PEM format are supported.

        • For a gRPC backend group:

          • Protocol: Backend connection protocol: Plain-text or Encrypted. For the encrypted protocol, set SNI and Trusted root certificate (see above).

        • For a Stream backend group:

          • PROXY protocol: If this option is enabled, the load balancer will send metadata about its connection to the client, including its IP, to the backend over the PROXY protocol from HAProxy.

          • Protocol: Backend connection protocol: Plain-text or Encrypted. For the encrypted protocol, set SNI and Trusted root certificate (see above).

    • The settings described below are only applicable to backends of the Bucket type in backend groups of the HTTP type:

      • Bucket ID format: Select List or ID.
      • Bucket: Select a bucket from the list or specify its ID.

    • Under HTTP health check, gRPC health check, or Stream health check:

      • Timeout, s: Response timeout.

      • Interval: Interval for sending check requests.

      • Healthy threshold: Number of consecutive successful checks at which the endpoint is considered healthy. It is ignored when the load balancer has just started: one health check is enough.

      • Unhealthy threshold: Number of consecutive failed checks after which the endpoint is considered unhealthy. It is ignored if the backend has responded with the 503 Service Unavailable HTTP status code once: it is immediately considered unhealthy.

      • Port.

      • Type: Protocol to use for health checks: HTTP, gRPC, or Stream. The check type may be the same as the backend group type. Also specify:

        • For the HTTP type:

          • Path: Path in the URI of a request to the endpoint.
          • Authority: Value of the Host header for HTTP/1.1 or the :authority pseudo-header for HTTP/2 to be sent to the backend endpoints during health checks.
          • HTTP/2: Option to use HTTP v.2.

        • For the gRPC type:

          • Service name: Name of the gRPC service to be checked. If no service is specified, the backend general health is checked.

        • For the Stream type:

          • Send: Data to be sent to the endpoint for a health check.
          • Receive: Data to be received from the endpoint for it to pass the health check.

      Alert

      If all backends in an availability zone with health checks enabled fail the checks, traffic will stop routing to the zone, even if there are working backends without health checks in the zone.

      We recommend configuring health checks for all backends.

      To add a health check, click Add health check at the bottom of the backend section and specify the check settings.

      To remove a health check, click next to the HTTP health check, gRPC health check, or Stream health check title, and select Delete.

  9. Click Create.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Note

You can create a gRPC backend group in the management console or using Terraform.

  1. View the description of the CLI command to create a backend group:

    yc alb backend-group create --help

  2. Create a backend group by running the command:

    yc alb backend-group create <backend_group_name>

    Result:

    id: a5dg2cv4ngne********
name: test-backend-group
folder_id: aoerb349v3h4********
created_at: "2021-02-11T20:46:21.688940670Z"

  3. Add a backend and health check to the group.

    Alert

    If all backends in an availability zone with health checks enabled fail the checks, traffic will stop routing to the zone, even if there are working backends without health checks in the zone.

    We recommend configuring health checks for all backends.

    All backends within the group must be of the same type: HTTP, gRPC, or Stream.

    HTTP backend

    Run this command:

    yc alb backend-group add-http-backend \
  --backend-group-name <backend_group_name> \
  --name <name_of_backend_being_added> \
  --weight <backend_weight> \
  --port <backend_port> \
  --target-group-id=<target_group_ID> \
  --panic-threshold 90 \
  --http-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\
timeout=10s,interval=2s,host=<host_address>,path=<path>

    Where:

    • --panic-threshold: Panic mode threshold
    • --http-healthcheck: Resource health check parameters:
      • port: Port
      • healthy-threshold: Healthy threshold
      • unhealthy-threshold: Unhealthy threshold
      • timeout: Timeout
      • interval: Interval
      • host: Host address
      • path: Path

    Result:

    id: a5dqkr2mk3rr********
name: <backend_group_name>
folder_id: aoe197919j8e********
http:
  backends:
  - name: <backend_name>
    backend_weight: "1"
    load_balancing_config:
      panic_threshold: "90"
    port: "80"
    target_groups:
      target_group_ids:
      - a5d2iap3nue9********
    healthchecks:
    - timeout: 10s
      interval: 2s
      healthy_threshold: "10"
      unhealthy_threshold: "15"
      healthcheck_port: "80"
      http:
        host: <host_address>
        path: <path>
created_at: "2021-02-11T20:46:21.688940670Z"
    gRPC backend

    Run this command:

    yc alb backend-group add-grpc-backend \
  --backend-group-name <backend_group_name> \
  --name <name_of_backend_being_added> \
  --weight <backend_weight> \
  --port <backend_port> \
  --target-group-id=<target_group_ID> \
  --panic-threshold 90 \
  --grpc-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\
timeout=10s,interval=2s,service-name=<gRPC_service_name>

    Where:

    • --panic-threshold: Panic mode threshold.
    • --grpc-healthcheck: Resource health check parameters:
      • port: Port.
      • healthy-threshold: Healthy threshold.
      • unhealthy-threshold: Unhealthy threshold.
      • timeout: Timeout.
      • interval: Interval.
      • service-name: Name of the gRPC service to check. If no service is specified, the backend general health is checked.

    Result:

    id: a5dqkr2mk3rr********
name: <backend_group_name>
folder_id: aoe197919j8e********
grpc:
  backends:
    - name: <backend_name>
      backend_weight: "12"
      load_balancing_config:
        panic_threshold: "90"
      port: "80"
      target_groups:
        target_group_ids:
          - a5d2iap3nue9********
      healthchecks:
        - timeout: 10s
          interval: 2s
          healthy_threshold: "10"
          unhealthy_threshold: "15"
          healthcheck_port: "80"
          grpc:
            service_name: <gRPC_service_name>
created_at: "2023-06-17T13:04:08.567141292Z"
    Stream backend

    Run this command:

    yc alb backend-group add-stream-backend \
  --backend-group-name <backend_group_name> \
  --name <name_of_backend_to_add> \
  --weight <backend_weight> \
  --port <backend_port> \
  --target-group-id=<target_group_ID> \
  --panic-threshold 90 \
  --enable-proxy-protocol \
  --stream-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\
timeout=10s,interval=2s,send-text=<data_to_endpoint>,receive-text=<data_from_endpoint>

    Where:

    • --panic-threshold: Panic mode threshold.
    • --enable-proxy-protocol: If this option is enabled, the load balancer will send metadata about its connection to the client, including its IP, to the backend over the PROXY protocol from HAProxy. If this option is not specified, only the load balancer's IP address will be provided to the backend.
    • --stream-healthcheck: Resource health check parameters:
      • port: Port.
      • healthy-threshold: Healthy threshold.
      • unhealthy-threshold: Unhealthy threshold.
      • timeout: Timeout.
      • interval: Interval.
      • send-text: Data to send to the endpoint for a health check.
      • receive-text: Data to receive from the endpoint for it to pass the health check.

    Result:

    id: ds77tero4f5********
name: <backend_group_name>
folder_id: b1gu6g9ielh6********
stream:
  backends:
  - name: <backend_name>
backend_weight: "1"
    port: "80"
    target_groups:
      target_group_ids:
      - ds7eof3r2cte********
    healthchecks:
      - timeout: 10s
        interval: 2s
        healthy_threshold: "10"
        unhealthy_threshold: "15"
        healthcheck_port: "80"
        stream:
          send:
            text: <data_to_endpoint>
          receive:
            text: <data_from_endpoint>
    enable_proxy_protocol: true
created_at: "2022-04-06T09:17:57.104324513Z"

Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.

For more information about the provider resources, see the documentation on the Terraform website or the mirror.

If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. In the Terraform configuration file, describe the parameters of the resource to create:

    resource "yandex_alb_backend_group" "test-backend-group" {
  name                     = "<backend_group_name>"
  session_affinity {
    connection {
      source_ip = <IP_address_session_affinity_mode>
    }
  }
  stream_backend {
    name                   = "<backend_name>"
    weight                 = 1
    port                   = 80
    target_group_ids       = ["<target_group_ID>"]
    load_balancing_config {
      panic_threshold      = 90
    }
    enable_proxy_protocol  = true
    healthcheck {
      timeout              = "10s"
      interval             = "2s"
      healthy_threshold    = 10
      unhealthy_threshold  = 15
      stream_healthcheck {
        send               = "<data_to_endpoint>"
        receive            = "<data_from_endpoint>"
      }
    }
  }
}

    Where:

    • yandex_alb_backend_group: Backend group parameters:

      • name: Backend group name.

      • session_affinity: Session affinity settings. This is an optional parameter.

        Note

        Currently, session affinity only works if a single backend is active (has a positive weight) in a group of backends, includes one or more target groups, and the MAGLEV_HASH load balancing mode is selected for it.

        • connection: Mode of session affinity by IP address (source_ip). It can either be true or false. The cookie and header modes are also available. Only one of the modes should be specified. If the backend group is of the Stream type (consists of the stream_backend resources), you can only use the connection mode for session affinity.

      • http_backend, grpc_backend, and stream_backend: Backend type. All backends within the group must be of the same type: HTTP, gRPC, or Stream.

    Backend parameters:

    • name: Backend name.

    • port: Backend port.

    • weight: Backend weight.

    • target_group_ids: Target group ID. To get a list of available target groups, run the following CLI command: yc alb target-group list.

    • load_balancing_config: Balancing parameters:

      • panic_threshold: Panic mode threshold.

    • enable_proxy_protocol: With this option enabled, the load balancer will send metadata about its connection to the client, including its IP, to the backend over the PROXY protocol from HAProxy. If the option is not specified, only the load balancer's IP address will be provided to the backend. This parameter is only available for Stream type backends.

    • healthcheck: Health check parameters:

      • timeout: Timeout.
      • interval: Interval.
      • healthy_threshold: Healthy threshold.
      • unhealthy_threshold: Unhealthy threshold.
      • http_healthcheck: HTTP health check parameters:
        • path: Path.
        • host: Host address.
      • grpc_healthcheck: gRPC health check parameters:
        • service_name: Name of the gRPC service to be checked. If no service is specified, the backend general health is checked.
      • stream_healthcheck: Stream health check parameters:
        • send: Data to send to the endpoint for a health check.
        • receive: Data to receive from the endpoint for it to pass the health check.

      Alert

      If all backends in an availability zone with health checks enabled fail the checks, traffic will stop routing to the zone, even if there are working backends without health checks in the zone.

      We recommend configuring health checks for all backends.

    For more information about the yandex_alb_backend_group resource properties, see the Terraform provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    Terraform will create all the required resources. You can check the new resources using the management console or this CLI command:

    yc alb backend-group list

Use the create REST API method for the BackendGroup resource or the BackendGroupService/Create gRPC API call.

See also

Previous
Deleting a target group
Next
Getting information about a backend group