Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Create an internal network load balancer

Written by
Improved by
Updated at October 30, 2024

Note

To create an internal network load balancer, you need the load-balancer.privateAdmin role.

You can only set the load balancer type (internal or external) when creating it. You cannot update its type afterwards.

Note

The internal load balancer's listener is assigned a random IP address from the range belonging to the selected subnet.

To create an internal network load balancer:

  1. In the management console, select the folder to create a load balancer in.

  2. In the list of services, select Network Load Balancer.

  3. Click Create a network load balancer.

  4. Enter a name. The naming requirements are as follows:

    • The name must be from 3 to 63 characters long.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • The first character must be a letter and the last character cannot be a hyphen.

  5. Select Internal as your load balancer type.

  6. Under Listeners, add a listener:

    1. Click Add listener.
    2. In the window that opens, set the listener parameters:

      • Name.

      • Subnet the load balancer will redirect traffic in.

      • Protocol: TCP or UDP.

        Note

        By default, the listener uses TCP. To use UDP, submit a request to technical support.

      • Port where the listener will listen for incoming traffic. The values range from 1 to 32767.

      • Target port the load balancer will redirect traffic to. The values range from 1 to 32767.

    3. Click Add.

  7. Under Target groups add a target group:

    1. Click Add target group.
    2. Select a target group or create a new one:
      • In the Target group field, select Create target group.
      • In the window that opens, enter a target group name.
      • Add VMs to the target group.
      • Click Create.
    3. Optionally, under Health check, click Configure. In the window that opens, specify the resource health check settings:
      • Name.
      • Type: HTTP or TCP. For health checks to use HTTP, specify the URL to check in the Path field.
      • Port for health checks. The values range from 1 to 32767.
      • Timeout in sec: Response timeout in seconds.
      • Interval in sec: Health check interval in seconds.
      • Healthy threshold: Number of successful checks required to consider a VM ready to receive traffic.
      • Unhealthy threshold: Number of failed checks to stop routing traffic to a VM.
    4. Click Apply.

  8. Click Create.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Before creating a load balancer, create a target group to attach to it.

  2. See the description of the CLI command to create a network load balancer:

    yc load-balancer network-load-balancer create --help

  3. To create an internal load balancer with a listener and a target group, run this command:

    yc load-balancer network-load-balancer create <load_balancer_name> \
   --type=internal \
   --listener name=<listener_name>,`
             `port=<port>,`
             `target-port=<target_port>,`
             `protocol=<protocol>,`
             `internal-subnet-id=<subnet_ID>,`
             `internal-ip-version=<IP_address_version> \
   --target-group target-group-id=<target_group_ID>,`
                 `healthcheck-name=<health_check_name>,`
                 `healthcheck-interval=<interval_between_checks>s,`
                 `healthcheck-timeout=<health_check_timeout>s,`
                 `healthcheck-unhealthythreshold=<number_of_failed_checks_to_get_Unhealthy_status>,`
                 `healthcheck-healthythreshold=<number_of_successful_checks_to_get_Healthy_status>,`
                 `healthcheck-tcp-port=<TCP_port>,`
                 `healthcheck-http-port=<HTTP_port>,`
                 `healthcheck-http-path=<URL>

    Where:

    • --type: Load balancer type.
    • --listener: Listener properties:
      • name: Listener name.
      • port: Port where the load balancer will accept incoming traffic. The values range from 1 to 32767.
      • target-port: Port to which the load balancer will redirect traffic. The values range from 1 to 32767.
      • protocol: Protocol the listener will use, tcp or udp.
      • internal-subnet-id: Subnet ID.
      • internal-ip-version: Internal IP address version, ipv4 or ipv6.

    • --target-group: Target group parameters and settings of its resource health checks:

      • target-group-id: Target group ID.

        To find out the ID, get a list of target groups in the folder.

      • healthcheck-name: Resource health check name.

      • healthcheck-interval: Health check interval in seconds. The possible values are from 1s to 60s. The interval must be at least 1 second longer than the waiting time.

      • healthcheck-timeout: Response timeout in seconds. The possible values are from 1s to 60s.

      • healthcheck-unhealthythreshold: Number of failed checks after which no traffic will be routed to a virtual machine. The possible values are from 2 to 10.

      • healthcheck-healthythreshold: Number of successful checks required to consider a virtual machine ready to receive traffic. The possible values are from 2 to 10.

      • healthcheck-tcp-port: Port for health checks via TCP. The possible values are from 1 to 32,767.

      • healthcheck-http-port: Port for health checks via HTTP. The possible values are from 1 to 32,767.

      • healthcheck-http-path: URL to perform health checks via HTTP.

      You cannot specify healthcheck-tcp-port and healthcheck-http-port at the same time.

      Warning

      The healthcheck-interval and healthcheck-timeout parameter values must be in <time_in_seconds>s format, e.g., 20s.

Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.

For more information about the provider resources, see the documentation on the Terraform website or the mirror.

If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

To create an internal load balancer with a listener and a target group:

  1. Describe the parameters of the network load balancer resource in a configuration file:

    Here is an example of the configuration file structure:

    resource "yandex_lb_network_load_balancer" "foo" {
  name = "<load_balancer_name>"
  type = "internal"
  deletion_protection = "<deletion_protection>"
  listener {
    name = "<listener_name>"
    port = <port_number>
    internal_address_spec {
      subnet_id = "<subnet_ID>"
      ip_version = "<IP_address_version>"
    }
  attached_target_group {
    target_group_id = "<target_group_ID>"
    healthcheck {
      name = "<health_check_name>"
        http_options {
          port = <port_number>
          path = "<URL>"
        }
    }
  }
}

    Where:

    • name: Name of the network load balancer.
    • type: Type of the network load balancer. Use internal to create an internal balancer.
    • deletion_protection: Deletion protection for the internal network load balancer. You cannot delete a load balancer with this option enabled. If load balancer deletion protection is enabled, you can still delete its listeners and target groups. The default value is false.
    • listener: Listener properties:
      • name: Listener name.
      • port: Port number (ranging from 1 to 32767) on which the network load balancer will receive incoming traffic.
      • internal_address_spec: Specification of the listener for the external load balancer:
        • subnet_id: Subnet ID.
        • ip_version: External IP address specification. Specify the IP address version, ipv4 or ipv6. The default value is ipv4.
    • attached_target_group: Description of the network load balancer's target group parameters:

      • target_group_id: Target group ID.

        To find out the ID, get a list of target groups in the folder.

      • healthcheck: Health check parameters. Enter a name, a port number ranging from 1 to 32767, and a path for health checks.

    For more information about the resources you can create with Terraform, see the provider documentation.

  2. Create a network load balancer:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console.

To create an internal network load balancer, use the create REST API method for the NetworkLoadBalancer resource or the NetworkLoadBalancerService/Create gRPC API call.

Examples

Creating an internal load balancer without a listener

Create an internal network load balancer named internal-lb-test-1 without a listener and target group.

To create an internal load balancer without a listener, run the command:

yc load-balancer network-load-balancer create internal-lb-test-1 \
   --type=internal

  1. In the configuration file, describe the resource parameters without the listener and attached_target_group sections:

    resource "yandex_lb_network_load_balancer" "foo" {
  name = "internal-lb-test-1"
  type = "internal"
  deletion_protection = "true"

    For more information about the resources you can create with Terraform, see the provider documentation.

  2. Make sure the settings are correct.

    1. Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.

    2. Run the command:

      terraform validate

      If there are errors in the configuration files, Terraform will point to them.

  3. Create a network load balancer.

    1. Run the command to view planned changes:

      terraform plan

      If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.

    2. If you are happy with the planned changes, apply them:

      1. Run the command:

        terraform apply

      2. Confirm the update of resources.

      3. Wait for the operation to complete.

Use the create API method and include the following information in the request body:

{
  "folderId": "<folder_ID>",
  "name": "internal-lb-test-1",
  "type": "INTERNAL"
}

Creating an internal load balancer with a listener and attached target group

Create an internal network load balancer with a listener and attached target group with the following test specifications:

  • Name: internal-lb-test-2.
  • Listener parameters:
    • Name: test-listener.
    • Port: 80.
    • Target port: 81.
    • Protocol: TCP.
    • Subnet ID: b0cp4drld130********.
    • IP address version: ipv4.
  • Target group ID: enpu2l7q9kth********.
  • Target group health check parameters:
    • Name: http.
    • Health check interval: 2 seconds.
    • Response timeout: 1 second.
    • Unhealthy threshold: 2.
    • Healthy threshold: 2.
    • Port for HTTP health checks: 80.
    • URL for health checks: /.

Run the following command:

yc load-balancer network-load-balancer create internal-lb-test-2 \
   --type=internal \
   --listener name=test-listener,`
             `port=80,`
             `target-port=81,`
             `protocol=tcp,`
             `internal-subnet-id=b0cp4drld130********,`
             `internal-ip-version=ipv4 \
   --target-group target-group-id=enpu2l7q9kth********,`
                 `healthcheck-name=http,`
                 `healthcheck-interval=2s,`
                 `healthcheck-timeout=1s,`
                 `healthcheck-unhealthythreshold=2,`
                 `healthcheck-healthythreshold=2,`
                 `healthcheck-http-port=80,`
                 `healthcheck-http-path=/

  1. In the configuration file, describe the resource parameters with the listener and attached_target_group sections:

    resource "yandex_lb_network_load_balancer" "internal-lb-test" {
  name = "internal-lb-test-2"
  type = "internal"
  deletion_protection = "true"
  listener {
    name        = "test-listener"
    port        = 80
    target_port = 81
    protocol    = "tcp"
    internal_address_spec {
      subnet_id  = "b0cp4drld130********"
      ip_version = "ipv4"
    }
  }
  attached_target_group {
    target_group_id = "enpu2l7q9kth********"
    healthcheck {
      name                = "http"
      interval            = 2
      timeout             = 1
      unhealthy_threshold = 2
      healthy_threshold   = 2
      http_options {
        port = 80
        path = "/"
      }
    }
  }
}

    For more information about the resources you can create with Terraform, see the provider documentation.

  2. Make sure the settings are correct.

    1. Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.

    2. Run the command:

      terraform validate

      If there are errors in the configuration files, Terraform will point to them.

  3. Create a network load balancer.

    1. Run the command to view planned changes:

      terraform plan

      If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.

    2. If you are happy with the planned changes, apply them:

      1. Run the command:

        terraform apply

      2. Confirm the update of resources.

      3. Wait for the operation to complete.

Use the create API method and include the following information in the request body:

{
  "folderId": "<folder_ID>",
  "name": "internal-lb-test-2",
  "type": "INTERNAL",
  "listenerSpecs": [
    {
      "name": "test-listener",
      "port": "80",
      "protocol": "TCP",
      "targetPort": "81",
      "internalAddressSpec": {
        "subnetId": "b0cp4drld130********",
        "ipVersion": "IPV4"
      }
    }
  ],
  "attachedTargetGroups": [
    {
      "targetGroupId": "enpu2l7q9kth********",
      "healthChecks": [
        {
          "name": "http",
          "interval": "2s",
          "timeout": "1s",
          "unhealthyThreshold": "2",
          "healthyThreshold": "2",
          "httpOptions": {
            "port": "80",
            "path": "/"
          }
        }
      ]
    }
  ]
}
Previous
Creating a load balancer
Next
Stopping and starting a load balancer