Create an internal network load balancer
Note
To create an internal network load balancer, you need the load-balancer.privateAdmin
role.
You can only set the load balancer type (internal or external) when creating it. You cannot update its type afterwards.
Note
The internal load balancer's listener is assigned a random IP address from the range belonging to the selected subnet.
To create an internal network load balancer:
-
In the management console
, select the folder to create a load balancer in. -
In the list of services, select Network Load Balancer.
-
Click Create a network load balancer.
-
Enter a name. The naming requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Select
Internal
as your load balancer type. -
Under Listeners, add a listener:
- Click Add listener.
- In the window that opens, set the listener parameters:
-
Name.
-
Subnet the load balancer will redirect traffic in.
-
Protocol:
TCP
orUDP
.Note
By default, the listener uses TCP. To use UDP, submit a request to technical support
. -
Port where the listener will listen for incoming traffic. The values range from
1
to32767
. -
Target port the load balancer will redirect traffic to. The values range from
1
to32767
.
-
- Click Add.
-
Under Target groups add a target group:
- Click Add target group.
- Select a target group or create a new one:
- In the Target group field, select
Create target group. - In the window that opens, enter a target group name.
- Add VMs to the target group.
- Click Create.
- In the Target group field, select
- Optionally, under Health check, click Configure. In the window that opens, specify the resource health check settings:
- Name.
- Type:
HTTP
orTCP
. For health checks to use HTTP, specify the URL to check in the Path field. - Port for health checks. The values range from
1
to32767
. - Timeout in sec: Response timeout in seconds.
- Interval in sec: Health check interval in seconds.
- Healthy threshold: Number of successful checks required to consider a VM ready to receive traffic.
- Unhealthy threshold: Number of failed checks to stop routing traffic to a VM.
- Click Apply.
-
Click Create.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Before creating a load balancer, create a target group to attach to it.
-
See the description of the CLI command to create a network load balancer:
yc load-balancer network-load-balancer create --help
-
To create an internal load balancer with a listener and a target group, run this command:
yc load-balancer network-load-balancer create <load_balancer_name> \ --type=internal \ --listener name=<listener_name>,` `port=<port>,` `target-port=<target_port>,` `protocol=<protocol>,` `internal-subnet-id=<subnet_ID>,` `internal-ip-version=<IP_address_version> \ --target-group target-group-id=<target_group_ID>,` `healthcheck-name=<health_check_name>,` `healthcheck-interval=<interval_between_checks>s,` `healthcheck-timeout=<health_check_timeout>s,` `healthcheck-unhealthythreshold=<number_of_failed_checks_to_get_Unhealthy_status>,` `healthcheck-healthythreshold=<number_of_successful_checks_to_get_Healthy_status>,` `healthcheck-tcp-port=<TCP_port>,` `healthcheck-http-port=<HTTP_port>,` `healthcheck-http-path=<URL>
Where:
--type
: Load balancer type.--listener
: Listener properties:name
: Listener name.port
: Port where the load balancer will accept incoming traffic. The values range from1
to32767
.target-port
: Port to which the load balancer will redirect traffic. The values range from1
to32767
.protocol
: Protocol the listener will use,tcp
orudp
.internal-subnet-id
: Subnet ID.internal-ip-version
: Internal IP address version,ipv4
oripv6
.
-
--target-group
: Target group parameters and settings of its resource health checks:-
target-group-id
: Target group ID.To find out the ID, get a list of target groups in the folder.
-
healthcheck-name
: Resource health check name. -
healthcheck-interval
: Health check interval in seconds. The possible values are from1s
to60s
. The interval must be at least 1 second longer than the waiting time. -
healthcheck-timeout
: Response timeout in seconds. The possible values are from1s
to60s
. -
healthcheck-unhealthythreshold
: Number of failed checks after which no traffic will be routed to a virtual machine. The possible values are from2
to10
. -
healthcheck-healthythreshold
: Number of successful checks required to consider a virtual machine ready to receive traffic. The possible values are from2
to10
. -
healthcheck-tcp-port
: Port for health checks via TCP. The possible values are from1
to32,767
. -
healthcheck-http-port
: Port for health checks via HTTP. The possible values are from1
to32,767
. -
healthcheck-http-path
: URL to perform health checks via HTTP.
You cannot specify
healthcheck-tcp-port
andhealthcheck-http-port
at the same time.Warning
The
healthcheck-interval
andhealthcheck-timeout
parameter values must be in<time_in_seconds>s
format, e.g.,20s
. -
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To create an internal load balancer with a listener and a target group:
-
Describe the parameters of the network load balancer resource in a configuration file:
Here is an example of the configuration file structure:
resource "yandex_lb_network_load_balancer" "foo" { name = "<load_balancer_name>" type = "internal" deletion_protection = "<deletion_protection>" listener { name = "<listener_name>" port = <port_number> internal_address_spec { subnet_id = "<subnet_ID>" ip_version = "<IP_address_version>" } attached_target_group { target_group_id = "<target_group_ID>" healthcheck { name = "<health_check_name>" http_options { port = <port_number> path = "<URL>" } } } }
Where:
name
: Name of the network load balancer.type
: Type of the network load balancer. Useinternal
to create an internal balancer.deletion_protection
: Deletion protection for the internal network load balancer. You cannot delete a load balancer with this option enabled. If load balancer deletion protection is enabled, you can still delete its listeners and target groups. The default value isfalse
.listener
: Listener properties:name
: Listener name.port
: Port number (ranging from1
to32767
) on which the network load balancer will receive incoming traffic.internal_address_spec
: Specification of the listener for the external load balancer:subnet_id
: Subnet ID.ip_version
: External IP address specification. Specify the IP address version,ipv4
oripv6
. The default value isipv4
.
attached_target_group
: Description of the network load balancer's target group parameters:-
target_group_id
: Target group ID.To find out the ID, get a list of target groups in the folder.
-
healthcheck
: Health check parameters. Enter a name, a port number ranging from1
to32767
, and a path for health checks.
-
For more information about the resources you can create with Terraform, see the provider documentation
. -
Create a network load balancer:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console
. -
To create an internal network load balancer, use the create REST API method for the NetworkLoadBalancer resource or the NetworkLoadBalancerService/Create gRPC API call.
Examples
Creating an internal load balancer without a listener
Create an internal network load balancer named internal-lb-test-1
without a listener and target group.
To create an internal load balancer without a listener, run the command:
yc load-balancer network-load-balancer create internal-lb-test-1 \
--type=internal
-
In the configuration file, describe the resource parameters without the
listener
andattached_target_group
sections:resource "yandex_lb_network_load_balancer" "foo" { name = "internal-lb-test-1" type = "internal" deletion_protection = "true"
For more information about the resources you can create with Terraform, see the provider documentation
. -
Make sure the settings are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Create a network load balancer.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
Use the create API method and include the following information in the request body:
{
"folderId": "<folder_ID>",
"name": "internal-lb-test-1",
"type": "INTERNAL"
}
Creating an internal load balancer with a listener and attached target group
Create an internal network load balancer with a listener and attached target group with the following test specifications:
- Name:
internal-lb-test-2
. - Listener parameters:
- Name:
test-listener
. - Port:
80
. - Target port:
81
. - Protocol:
TCP
. - Subnet ID:
b0cp4drld130********
. - IP address version:
ipv4
.
- Name:
- Target group ID:
enpu2l7q9kth********
. - Target group health check parameters:
- Name:
http
. - Health check interval:
2
seconds. - Response timeout:
1
second. - Unhealthy threshold:
2
. - Healthy threshold:
2
. - Port for HTTP health checks:
80
. - URL for health checks:
/
.
- Name:
Run the following command:
yc load-balancer network-load-balancer create internal-lb-test-2 \
--type=internal \
--listener name=test-listener,`
`port=80,`
`target-port=81,`
`protocol=tcp,`
`internal-subnet-id=b0cp4drld130********,`
`internal-ip-version=ipv4 \
--target-group target-group-id=enpu2l7q9kth********,`
`healthcheck-name=http,`
`healthcheck-interval=2s,`
`healthcheck-timeout=1s,`
`healthcheck-unhealthythreshold=2,`
`healthcheck-healthythreshold=2,`
`healthcheck-http-port=80,`
`healthcheck-http-path=/
-
In the configuration file, describe the resource parameters with the
listener
andattached_target_group
sections:resource "yandex_lb_network_load_balancer" "internal-lb-test" { name = "internal-lb-test-2" type = "internal" deletion_protection = "true" listener { name = "test-listener" port = 80 target_port = 81 protocol = "tcp" internal_address_spec { subnet_id = "b0cp4drld130********" ip_version = "ipv4" } } attached_target_group { target_group_id = "enpu2l7q9kth********" healthcheck { name = "http" interval = 2 timeout = 1 unhealthy_threshold = 2 healthy_threshold = 2 http_options { port = 80 path = "/" } } } }
For more information about the resources you can create with Terraform, see the provider documentation
. -
Make sure the settings are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Create a network load balancer.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
Use the create API method and include the following information in the request body:
{
"folderId": "<folder_ID>",
"name": "internal-lb-test-2",
"type": "INTERNAL",
"listenerSpecs": [
{
"name": "test-listener",
"port": "80",
"protocol": "TCP",
"targetPort": "81",
"internalAddressSpec": {
"subnetId": "b0cp4drld130********",
"ipVersion": "IPV4"
}
}
],
"attachedTargetGroups": [
{
"targetGroupId": "enpu2l7q9kth********",
"healthChecks": [
{
"name": "http",
"interval": "2s",
"timeout": "1s",
"unhealthyThreshold": "2",
"healthyThreshold": "2",
"httpOptions": {
"port": "80",
"path": "/"
}
}
]
}
]
}