Contact UsGet started

Create an internal network load balancer

Written by
Improved by
Updated at May 13, 2025

Note

To create an internal network load balancer, you need the load-balancer.privateAdmin role.

You can only set the load balancer type (internal or external) when creating it and cannot change it later.

Note

The internal load balancer listener gets a random IP address within the selected subnet.

To create an internal network load balancer:

  1. In the management console, select the folder where you want to create a load balancer.

  2. In the list of services, select Network Load Balancer.

  3. Click Create a network load balancer.

  4. Name the load balancer. Follow these naming requirements:

    • It must be from 2 to 63 characters long.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • It must start with a letter and cannot end with a hyphen.

  5. Select Internal as your load balancer type.

  6. Under Listeners, add a listener:

    1. Click Add listener.
    2. In the window that opens, specify these listener settings:

      • Name.

      • Subnet where the load balancer will route traffic.

      • Protocol: TCP or UDP.

        Note

        By default, the listener uses TCP. To use UDP, contact technical support.

      • Port where the listener will listen for incoming traffic. The possible values range from 1 to 32767.

      • Target port to which the load balancer will redirect traffic. The possible values range from 1 to 32767.

    3. Click Add.

  7. Under Target groups, add a target group:

    1. Click Add target group.
    2. Select a target group or create a new one:
      • In the Target group field, select Create target group.
      • In the window that opens, enter a target group name.
      • Add VMs to the target group.
      • Click Create.
    3. Optionally, under Health check, click Configure. In the window that opens, specify the resource health check settings:
      • Name.
      • Type: HTTP or TCP. For HTTP health checks, specify the URL in the Path field.
      • Port for health checks. The possible values range from 1 to 32767.
      • Timeout in sec: Response timeout in seconds.
      • Interval in sec: Health check interval in seconds.
      • Healthy threshold: Number of successful checks required to consider the VM ready to receive traffic.
      • Unhealthy threshold: Number of failed checks before traffic is no longer routed to the VM.
    4. Click Apply.

  8. Click Create.

If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Before you create a load balancer, make sure to create a target group for it.

  2. See the description of the CLI command for creating a network load balancer:

    yc load-balancer network-load-balancer create --help

  3. To create an internal load balancer with a listener and a target group, run this command:

    yc load-balancer network-load-balancer create <load_balancer_name> \
   --type=internal \
   --listener name=<listener_name>,`
             `port=<port>,`
             `target-port=<target_port>,`
             `protocol=<protocol>,`
             `internal-subnet-id=<subnet_ID>,`
             `internal-ip-version=<IP_address_version> \
   --target-group target-group-id=<target_group_ID>,`
                 `healthcheck-name=<health_check_name>,`
                 `healthcheck-interval=<health_check_interval>s,`
                 `healthcheck-timeout=<health_check_timeout>s,`
                 `healthcheck-unhealthythreshold=<number_of_failed_checks_to_get_Unhealthy_status>,`
                 `healthcheck-healthythreshold=<number_of_successful_checks_to_get_Healthy_status>,`
                 `healthcheck-tcp-port=<TCP_port>,`
                 `healthcheck-http-port=<HTTP_port>,`
                 `healthcheck-http-path=<URL>

    Where:

    • --type: Load balancer type.
    • --listener: Listener settings:
      • name: Listener name.
      • port: Port on which the load balancer will listen to incoming traffic. The possible values range from 1 to 32767.
      • target-port: Port to which the load balancer will redirect traffic. The possible values range from 1 to 32767.
      • protocol: Protocol the listener will use, tcp or udp.
      • internal-subnet-id: Subnet ID.
      • internal-ip-version: Internal IP address version, ipv4 or ipv6.

    • --target-group: Target group parameters and health check settings:

      • target-group-id: Target group ID.

        To find out the ID, get a list of target groups in the folder.

      • healthcheck-name: Health check name.

      • healthcheck-interval: Health check interval in seconds. The possible values range from 1s to 60s. The interval must be at least 1 second longer than the response timeout.

      • healthcheck-timeout: Response timeout in seconds. The possible values range from 1s to 60s.

      • healthcheck-unhealthythreshold: Number of failed checks before traffic is no longer routed to the VM. The possible values range from 2 to 10.

      • healthcheck-healthythreshold: Number of successful checks required to consider the VM ready to receive traffic. The possible values range from 2 to 10.

      • healthcheck-tcp-port: Port for TCP health checks. The possible values range from 1 to 32,767.

      • healthcheck-http-port: Port for HTTP health checks. The possible values range from 1 to 32,767.

      • healthcheck-http-path: URL for HTTP health checks.

      You cannot specify both healthcheck-tcp-port and healthcheck-http-port at the same time.

      Warning

      Use the <time_in_seconds>s format, e.g., 20s, for the healthcheck-interval and healthcheck-timeout values.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

To create an internal load balancer with a listener and a target group:

  1. Describe the network load balancer settings in the configuration file.

    Here is an example of the configuration file structure:

    resource "yandex_lb_network_load_balancer" "foo" {
  name = "<load_balancer_name>"
  type = "internal"
  deletion_protection = "<deletion_protection>"
  listener {
    name = "<listener_name>"
    port = <port_number>
    internal_address_spec {
      subnet_id = "<subnet_ID>"
      ip_version = "<IP_address_version>"
    }
  attached_target_group {
    target_group_id = "<target_group_ID>"
    healthcheck {
      name = "<health_check_name>"
        http_options {
          port = <port_number>
          path = "<URL>"
        }
    }
  }
}

    Where:

    • name: Name of the network load balancer.
    • type: Type of the network load balancer. Use internal to create an internal load balancer.
    • deletion_protection: Deletion protection for the internal network load balancer. You cannot delete a load balancer with this option enabled. This does not apply to its listeners or target groups. The default value is false.
    • listener: Listener settings:
      • name: Listener name.
      • port: Port number (ranging from 1 to 32767) on which the load balancer will listen to incoming traffic.
      • internal_address_spec: Specification of the listener for the external load balancer settings:
        • subnet_id: Subnet ID.
        • ip_version: External IP address version, ipv4 or ipv6. The default value is ipv4.
    • attached_target_group: Description of the network load balancer's target group settings:

      • target_group_id: Target group ID.

        To find out the ID, get a list of target groups in the folder.

      • healthcheck: Health check settings. Specify a name, a port number ranging from 1 to 32767, and a path for health checks.

    For more information about the resources you can create with Terraform, see this article.

  2. Create a network load balancer:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    This will create all the resources you need in the specified folder. You can check the new resources and their settings using the management console.

To create an internal network load balancer, use the create REST API method for the NetworkLoadBalancer resource or the NetworkLoadBalancerService/Create gRPC API call.

Examples

Creating an internal load balancer without a listener

Create an internal network load balancer named internal-lb-test-1 without a listener and a target group.

To create an internal load balancer without a listener, run this command:

yc load-balancer network-load-balancer create internal-lb-test-1 \
   --type=internal

  1. In the configuration file, describe the load balancer settings, skipping the listener and attached_target_group sections:

    resource "yandex_lb_network_load_balancer" "foo" {
  name = "internal-lb-test-1"
  type = "internal"
  deletion_protection = "true"

    For more information about the resources you can create with Terraform, see this article.

  2. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  3. Create a network load balancer.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

Use the create API method, providing the following in the request body:

{
  "folderId": "<folder_ID>",
  "name": "internal-lb-test-1",
  "type": "INTERNAL"
}

Creating an internal load balancer with a listener and attached target group

Create an internal network load balancer with a listener and attached target group with the following test settings:

  • Name: internal-lb-test-2
  • Listener settings:
    • Name: test-listener
    • Port: 80
    • Target port: 81
    • Protocol: TCP
    • Subnet ID: b0cp4drld130********
    • IP address version: ipv4
  • Target group ID: enpu2l7q9kth********
  • Target group health check settings:
    • Name: http
    • Health check interval: 2 seconds
    • Response timeout: 1 second
    • Unhealthy threshold: 2
    • Healthy threshold: 2
    • Port for HTTP health checks: 80
    • URL for health checks: /

Run this command:

yc load-balancer network-load-balancer create internal-lb-test-2 \
   --type=internal \
   --listener name=test-listener,`
             `port=80,`
             `target-port=81,`
             `protocol=tcp,`
             `internal-subnet-id=b0cp4drld130********,`
             `internal-ip-version=ipv4 \
   --target-group target-group-id=enpu2l7q9kth********,`
                 `healthcheck-name=http,`
                 `healthcheck-interval=2s,`
                 `healthcheck-timeout=1s,`
                 `healthcheck-unhealthythreshold=2,`
                 `healthcheck-healthythreshold=2,`
                 `healthcheck-http-port=80,`
                 `healthcheck-http-path=/

  1. In the configuration file, describe the load balancer, including the listener and attached_target_group sections:

    resource "yandex_lb_network_load_balancer" "internal-lb-test" {
  name = "internal-lb-test-2"
  type = "internal"
  deletion_protection = "true"
  listener {
    name        = "test-listener"
    port        = 80
    target_port = 81
    protocol    = "tcp"
    internal_address_spec {
      subnet_id  = "b0cp4drld130********"
      ip_version = "ipv4"
    }
  }
  attached_target_group {
    target_group_id = "enpu2l7q9kth********"
    healthcheck {
      name                = "http"
      interval            = 2
      timeout             = 1
      unhealthy_threshold = 2
      healthy_threshold   = 2
      http_options {
        port = 80
        path = "/"
      }
    }
  }
}

    For more information about the resources you can create with Terraform, see this article.

  2. Make sure the settings are correct.

    1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.

    2. Run this command:

      terraform validate

      Terraform will show any errors found in your configuration files.

  3. Create a network load balancer.

    1. Run this command to view the planned changes:

      terraform plan

      If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

    2. If everything looks correct, apply the changes:

      1. Run this command:

        terraform apply

      2. Confirm updating the resources.

      3. Wait for the operation to complete.

Use the create API method, providing the following in the request body:

{
  "folderId": "<folder_ID>",
  "name": "internal-lb-test-2",
  "type": "INTERNAL",
  "listenerSpecs": [
    {
      "name": "test-listener",
      "port": "80",
      "protocol": "TCP",
      "targetPort": "81",
      "internalAddressSpec": {
        "subnetId": "b0cp4drld130********",
        "ipVersion": "IPV4"
      }
    }
  ],
  "attachedTargetGroups": [
    {
      "targetGroupId": "enpu2l7q9kth********",
      "healthChecks": [
        {
          "name": "http",
          "interval": "2s",
          "timeout": "1s",
          "unhealthyThreshold": "2",
          "healthyThreshold": "2",
          "httpOptions": {
            "port": "80",
            "path": "/"
          }
        }
      ]
    }
  ]
}
Previous
Creating a load balancer
Next
Stopping and starting a load balancer