Select the NLB element to open its properties in the Inspector pane on the right. The name of the NLB and the number of balanced NICs are displayed at the top of the pane.
Configuration options are grouped under three tabs: Settings, Forwarding rules, and Private IPs.
NLB Listener accepts connections from clients through an exposed IP address (Primary IPv4) and configured listener port. The Listener interface can also monitor additional IPs (Add IP). Listener IPs can be private (for local networks) or public (exposed to the Internet). Public IPs must be reserved before they can be used. For more information, see Listener.
You can fill in the following details in Settings:
Name: You can use the default or enter a new name for the NLB.
By clicking on Load Balancer you can show or hide the Primary IPv4 and Add IP settings.
Primary IPv4: Assign the first (primary) Listener IP address. For Automatic, no entry is required; a private primary Listener IP address will be assigned automatically on provisioning.
For private IP, enter a private IP address directly. For public IP, Public IP is required for an NLB that is connected to the Internet.
Public IPs must first be reserved. Reserve public IPs using the IP Manager in the main menu.
Add IP: Assign one or more additional Listener IPs; additional IPs are optional. For private IP, choose Add private IP and enter the address directly.
Reserve public IP: Available only when no reserved public IPs exist. Click Add IP > Reserve public IP, enter a name for the IP block, the number of IPs to be reserved, and click Reserve IPs.
Public IP: Public IPs must already have been reserved. Click Add IP and choose a reserved IP block name from the drop-down list, then select a reserved IP address.
Multiple IPs: Use Add IP again to add as many IPs as needed. All added private and public IPs are listed below the IP settings.
Configuration changes are saved only once the VDC is provisioned.
Forwarding rules define how client traffic is distributed to the targets. More than one forwarding rule can be created for the same load balancer.
In Forwarding rules, you can enter a name for this forwarding rule, choose a load balancing algorithm from the drop-down list, set the protocol to TCP (it cannot be changed), select an IP address for Listener IP, enter the Listener port directly, or select one from the list.
Click Create to create the rule.
Click the name of the rule to expand or collapse its settings.
Click Add target to add targets.
Choose Health check to configure Health check connection settings for this forwarding rule.
Use Add forwarding rule again to add as many rules as needed. All added rules are listed in Inspector under the Forwarding rules tab.
NLB backend exposes a private IP to targets as the source of client traffic. The backend IP address is configurable and defaults to x.x.x.225. Backend IPs are listed in the NLB Inspector under the Private IPs tab.
It is best to use the default IP address in most cases. To change an already-provisioned IP, delete the existing IP address first and then add a new one.
Click the down arrow and select Remove IP to delete the IP address.
Enter an IP address in CIDR notation (e.g. 10.10.10.225/24), and click Add IP. The new IP must be private and match the subnet mask of the Target network.
Use Add IP again to add as many private IPs as needed. All added IPs are listed under the Private IPs.
Learn how to configure a Network Load Balancer inside of the DCD.
Configure Settings, Private IP's and Forwarding Rules.
Network Load Balancer (NLB) is a pre-configured VDC element that provides connection-based layer 4 load balancing features and functionality. It is fully managed by IONOS, deeply integrated into our Software-Defined Networking (SDN) stack, deployed in a highly available setup, and offers robust security features required for fault-tolerant applications.
NLB serves as a single entry and exit point for all client traffic. Connection requests are accepted by the listener, and according to the defined forwarding rules, the sessions are distributed for parallel processing across multiple compute resources (targets). NLB keeps active sessions mapped to the same targets (sticky sessions), performs health checks, and routes traffic only to healthy targets.
NLB is a proxy load balancer, client connections are terminated at the balancer and mapped 1:1 to connections that the balancer initiates to targets. This is called two-arm load balancing because the load balancer has two arms (interfaces) - one facing clients and the other facing targets.
NLB provides the following features:
Performance
Scalability
Redundancy and fault tolerance
Deployment flexibility
Reduced or zero downtime
Fully-managed service
High throughput — low latency
Health monitoring
Sticky sessions
High Availability
Network Address Translation modifies IP header network address information to direct traffic as it moves from public to private address space. In the context of the Managed Network Load Balancer, this means that client connections are terminated on the load balancer, and the load balancer initiates a dedicated connection with the backend target servers.
NLB performs destination NAT (DNAT) to map (connect) the clients to the targets. Source NAT (SNAT) is not supported; targets cannot initiate network connections through the load balancer.
Forwarding rules are configuration settings that dictate how network traffic is forwarded from a source to a destination in the context of network devices, such as routers or switches. These rules determine the routing path and actions taken on incoming packets.
Sticky sessions (source IP affinity) maintain client sessions mapped to the same targets for as long as the TCP sessions stay active.
The client-facing arm of the load balancer, the listener accepts the connections from clients through an exposed IP address and configured listener port. NLB has a single listener interface that can support multiple IPs with different forwarding rules.
The listener of a public load balancer is exposed to and accepts client connections directly from the Internet. Public load balancers serve as edge devices that handle "north-south" traffic flowing in and out of the data center.
The listener of a private load balancer is exposed to a private network. Private load balancers handle "east-west" traffic flowing internally within the data center.
Listener IPs are configured in the Settings tab of the Inspector.
NLB comes with basic firewall rules that are applied automatically based on the forwarding rules and cannot be changed. However, additional firewall rules can be configured for the NICs of the targets.
NLB backend exposes a private IP to targets as the source of client traffic.
Backend private IP is derived from the network mask of the target network connected; if no LAN is connected to the Southern interface, no default IP can be set.
Once a target network is connected and the changes are provisioned, the backend identifies the network mask and reserves recommended IP x.x.x.225 automatically.
Target network can be configured manually; any potential IP conflicts will have to be resolved at the provisioning stage.
Multiple backend private IPs can be configured with different rules on the same NLB.
Backend IPs are configured in the Private IP tab of the Inspector.
Targets are the compute resources, such as VM instances, containers, microservices, or appliances, to which the traffic is distributed for processing. NLB backend serves registered targets using an IP address and a TCP port.
Targets can be added or removed and capacities scaled without disrupting the overall flow of connection requests. Targets are configured per Forwarding rule.
The traffic is distributed in proportion to the target "weight" relative to the combined weight of all targets. A target with a higher weight receives a greater share of traffic. The default target weight is 1, and the maximum is 256. Target weight is configured for each target.
NLB performs Health checks to ensure that traffic is forwarded only to active targets. All health check-related metrics can be customized. Learn more about Health checks.
The Managed Network Load Balancer will be regularly maintained by IONOS and updated with the latest software versions and new features. IONOS reserves a weekly maintenance window which it can use for regular updates. It is scheduled every Monday between 02:00 - 04:00 am local time of the data center in which the Managed Network Load Balancer service is deployed. During maintenance, a service interruption of up to 5 seconds may occur. Aside from that service interruption, no further service impact is anticipated, and the Managed Network Load Balancer will continue to operate within its service description and configuration.
Additional update deployments may be carried out outside the maintenance window, for example, in the case of urgent security patches.
NLB operates at TCP/IP layer 4 of the Open Systems Interconnection (OSI) model. NLB will distribute any TCP-based network traffic, including upper application layer protocols, such as HTTP and HTTPS. However, rules and health checks are strictly TCP-based, which means that HTTP rules (e.g., routing decisions based on the URL) are not supported.
SNAT Support: Managed NLB is not configured to support Source NAT (SNAT); targets cannot initiate network connections through the load balancer.
Prerequisites: The Network Load Balancer (NLB) needs a private network with targets (such as VM instances), to distribute the client sessions. The targets must be provisioned already, and the connection requests can come through the internet access element or a separate private network.
1. Add the NLB element by dragging it into the Workspace.
2. Connect NLB. NLB element has two interfaces, "Northern" at the top and "Southern" at the bottom. The northern interface is the Listener that connects to the clients, and the southern interface is the Backend that connects to the targets. Connect the northern interface (Listener) to the internet access element or a private network.
3. Connect the southern interface (Backend) to the private network containing the targets.
An existing NLB can be modified at any time. Please note that the provisioning process cannot be undone. Your password may be required for editing some of the elements as an additional security measure.
If you need to delete the NLB, right-click the element and choose Delete.
The load balancers created in the DCD enable load balancing on several servers in the network using the round-robin method.
The load balancer receives an IP address from the DHCP. Alternatively, you can assign a reserved IP address to it via its NIC. All servers connected to the load balancer receive this IP address. Direct communication between the servers (via the load balancer network) is, therefore, not possible.
An additional management network is thus recommended for configuring servers with a load balancer. Configuration via the load balancer is hardly possible since the round-robin procedure prevents a targeted connection with certain servers.
Drag the load balancer element from the Palette into the Workspace.
Connect the load balancer to the required servers.
Connect the load balancer to internet access.
Set the properties of the load balancer by selecting the element in the Workspace and opening its properties in the Inspector > Settings:
Name: Enter a name.
Name (NIC): Enter a name for the NIC of the load balancer.
The MAC address will be assigned automatically upon provisioning and cannot be changed.
Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IP addresses from the drop-down menu. Private IP addresses (according to RFC 1918) must be entered manually.
DHCP: It is often necessary to run a DHCP server in your virtual data center (e.g., PXE boot for fast rollout of VMs). If you use your own DHCP server, clear this check box so that the IONOS DHCP server does not reassign your IPs.
In the Balanced NICs tab, you can check which servers are connected to the load balancer through which NIC.
(Optional) Make further changes to your data center.
5. Provision your changes.
The load balancer is now active according to your settings.
