Load Balancers
Load balancers distribute incoming traffic across multiple backend instances, improving application availability, scalability, and fault tolerance. This guide covers DanubeData managed load balancers.
Overview
DanubeData load balancers provide:
- High Availability: Automatic failover to healthy instances
- Scalability: Distribute load across multiple backends
- SSL/TLS Termination: Handle encryption at load balancer
- Health Checking: Automatic detection of unhealthy instances
- Session Persistence: Sticky sessions support
- WebSocket Support: Full WebSocket protocol support
Load Balancer Types
HTTP/HTTPS Load Balancer
Layer 7 (Application layer) load balancing:
- Protocol: HTTP, HTTPS, HTTP/2
- Features:
- Path-based routing
- Host-based routing
- SSL termination
- HTTP header manipulation
- WebSocket support
- Use Cases: Web applications, APIs, microservices
TCP Load Balancer
Layer 4 (Transport layer) load balancing:
- Protocol: TCP, any TCP-based protocol
- Features:
- Protocol-agnostic
- Lower latency
- Connection-based
- Port forwarding
- Use Cases: Databases, custom protocols, non-HTTP services
Creating a Load Balancer
Via Dashboard
- Navigate to Networking > Load Balancers
- Click Create Load Balancer
- Configure:
- Name: Descriptive name
- Type: HTTP/HTTPS or TCP
- Region: Datacenter location
- Click Create
Load balancer will be provisioned within 2-3 minutes.
Configuration
Adding Backend Instances
- Go to load balancer details
- Click Backend Pool
- Click Add Instance
- Select:
- Instance: VPS or container to add
- Port: Backend port (e.g., 80, 8080)
- Weight: Traffic distribution weight (1-100)
- Click Add
Health Checks
Configure health checks to detect unhealthy instances:
HTTP Health Check:
- Path:
/healthor/ - Interval: 10 seconds
- Timeout: 5 seconds
- Threshold: 2 failures mark unhealthy
TCP Health Check:
- Port: Backend port
- Interval: 10 seconds
- Timeout: 5 seconds
- Threshold: 2 failures mark unhealthy
Load Balancing Algorithms
Choose distribution algorithm:
Round Robin (Default):
- Distribute requests evenly
- Simple and effective
- Good for homogeneous backends
Least Connections:
- Route to instance with fewest active connections
- Better for long-lived connections
- Good for varying request durations
IP Hash:
- Hash source IP to determine backend
- Consistent routing for same client
- Session persistence without cookies
Weighted Round Robin:
- Distribute based on instance weight
- Route more traffic to powerful instances
- Good for heterogeneous backends
SSL/TLS Configuration
Adding SSL Certificate
- Go to load balancer
- Click SSL/TLS tab
- Click Add Certificate
- Choose method:
- Upload Certificate: Provide cert, key, and chain
- Let's Encrypt: Automatic free certificate
- Click Save
Let's Encrypt Integration
Automatic SSL with Let's Encrypt:
- Click Add Certificate
- Select Let's Encrypt
- Enter domain name
- Verify domain ownership (DNS or HTTP)
- Certificate automatically issued and renewed
Certificates automatically renew before expiration.
SSL Policies
Configure SSL/TLS settings:
Modern (Recommended for new applications):
- TLS 1.2 and 1.3 only
- Strong cipher suites
- Forward secrecy
- Best security
Intermediate (Default):
- TLS 1.0+ (compatibility)
- Balanced security and compatibility
- Supports most clients
Custom:
- Define specific ciphers
- Control TLS versions
- Advanced users only
Advanced Features
Session Persistence (Sticky Sessions)
Maintain session affinity:
Cookie-Based:
Method: Cookie
Name: SERVERID
Duration: 3600 seconds
Client gets cookie pointing to specific backend instance.
IP-Based:
Method: Source IP
Duration: 3600 seconds
Same source IP always routed to same backend.
Connection Limits
Control connections per backend:
Max Connections: 1000
Connection Timeout: 60 seconds
Keep-Alive Timeout: 45 seconds
Rate Limiting
Limit requests per client:
Rate Limit: 100 requests/minute per IP
Burst: 200 requests
Action: Return 429 Too Many Requests
Custom Headers
Add or modify HTTP headers:
Add Headers:
X-Forwarded-For: Client IP
X-Forwarded-Proto: https
X-Real-IP: Client IP
Remove Headers:
Server: (removed)
X-Powered-By: (removed)
Monitoring
Key Metrics
Monitor load balancer performance:
- Requests per Second: Incoming request rate
- Response Time: Average backend response time
- Active Connections: Current connections
- Backend Health: Healthy vs unhealthy instances
- SSL Connections: HTTPS connections
- Bandwidth: Data transferred
Access Logs
View request logs:
2024-10-12 10:15:23 192.168.1.100 GET /api/users 200 0.045s
2024-10-12 10:15:24 192.168.1.101 POST /api/orders 201 0.123s
2024-10-12 10:15:25 192.168.1.102 GET / 200 0.012s
Access logs available in dashboard or via API.
Use Cases
High Availability Web Application
Load Balancer
/ | \
/ | \
Web-1 Web-2 Web-3
\ | /
\ | /
Database
- Distribute traffic across 3 web servers
- Automatic failover if server fails
- Zero downtime deployments
Blue-Green Deployment
Load Balancer (Weight-based)
/ \
Blue (Weight: 100) Green (Weight: 0)
Gradually shift traffic:
- Deploy to Green
- Test Green (no production traffic)
- Shift weight: Blue 50, Green 50
- Monitor for issues
- Full cutover: Blue 0, Green 100
- Remove Blue after validation
Microservices API Gateway
Load Balancer
/ | \
Users-API Orders-API Products-API
Path-based routing:
/api/users/*→ Users-API instances/api/orders/*→ Orders-API instances/api/products/*→ Products-API instances
Best Practices
Backend Configuration
- Multiple Backends: At least 2 for high availability
- Different AZs: Spread across availability zones
- Health Checks: Aggressive checks for quick failover
- Gradual Rollout: Use weights for safe deployments
SSL/TLS
- Use Let's Encrypt: Free, automatic renewal
- Modern Policy: TLS 1.2+ only for new apps
- HTTP Redirect: Redirect HTTP to HTTPS
- HSTS: Enable HTTP Strict Transport Security
Performance
- Connection Pooling: Enable keep-alive
- Compression: Enable gzip compression
- Caching: Cache static content at load balancer
- Right-Size: Choose appropriate load balancer size
Security
- Rate Limiting: Protect against abuse
- IP Allowlist: Restrict access if needed
- DDoS Protection: Enabled by default
- Security Headers: Add security-related headers
Troubleshooting
502 Bad Gateway
Causes:
- All backends unhealthy
- Backend not listening on port
- Firewall blocking load balancer
- Backend overloaded or crashed
Solutions:
# Check backend health
systemctl status nginx # or your service
# Verify backend listening
netstat -tlnp | grep 8080
# Check firewall
ufw status
# Allow load balancer IP if blocked
# Check logs
tail -f /var/log/nginx/error.log
504 Gateway Timeout
Causes:
- Backend response too slow
- Backend timeout
- Long-running requests
Solutions:
- Increase timeout in load balancer settings
- Optimize backend performance
- Use async processing for long tasks
- Check backend logs for slow queries
Uneven Distribution
Symptoms: One backend getting more traffic
Solutions:
- Check backend weights (should be equal)
- Verify health checks passing on all backends
- Review load balancing algorithm
- Monitor backend performance metrics
SSL Certificate Issues
Symptoms: SSL warnings or errors
Solutions:
# Test SSL configuration
openssl s_client -connect yourdomain.com:443
# Check certificate expiration
echo | openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -dates
# Verify chain
echo | openssl s_client -showcerts -connect yourdomain.com:443
Pricing
Load balancers are billed hourly:
| Size | Max Connections | Price/Hour | Price/Month |
|---|---|---|---|
| Small | 10,000 | $0.025 | $18 |
| Medium | 50,000 | $0.050 | $36 |
| Large | 100,000 | $0.100 | $72 |
Bandwidth charged at standard rates.