Prerequisites: You should have write access permissions to an IONOS S3 Object Storage bucket. You have an IONOS S3 Object Storage instance with a bucket that exists for your flow logs. To create an IONOS S3 Object Storage bucket, see the IONOS S3 Object Storage page.
1. In the Inspector pane, open the Settings tab.
2. To activate flow logs, open the Flowlog drop-down and fill in the following fields:
Name: Enter a name for the flow log rule. The name will also be the first part of the objects' name prefix.
Direction: Choose Ingress to create flow logs for incoming traffic, Egress for outgoing traffic, or Bidirectional to create flow logs for all traffic.
Action: Choose Rejected to capture only traffic blocked by the firewall, Accepted to capture only traffic allowed by the firewall, or Any for all traffic.
Target S3 bucket: Enter a valid existing IONOS S3 Object Storage bucket name and an optional object name prefix where flow log records should be written.
Add flow log: To complete the configuration of the flow log. It becomes applied once you provision your changes.
As a result, an activated flow log rule is indicated by a green light in the properties of the NIC. A green light indicates that the configuration has been validated and is valid for provisioning.
3. Select PROVISION CHANGES. After provisioning is complete, the network interface flow logs are activated.
In the Inspector pane, open the Settings tab.
Open the Flowlog drop-down.
Select the trash bin icon to delete the flow log.
In the confirmation message, select OK.
Select PROVISION CHANGES. After provisioning is complete, the network interface's flow logs are deleted and no longer captured.
Note: Deleting a flow log does not delete the existing log streams from your bucket. Existing flow log data must be deleted using the respective service's console. In addition, deleting the flow log that is published to IONOS S3 Object Storage does not remove the bucket policies and log file access control lists (ACLs).
Before setting up an Application Load Balancer (ALB), predefine a target group to distribute the incoming traffic to the correct target. An IP address and a port are used to register a target.
A target group is a set of one or more registered targets and you can predefine targets in the Target Groups. You can create multiple target groups and reuse them to set up different ALB forwarding rules.
A target group is a set of registered targets to which ALB distributes traffic. For each new group, set Connection details and add Targets. You may also configure Health Checks for the group.
Go to Management > Target Groups under Load Balancing.
Click + Create to create a new target group.
To create a target group, fill in the following fields:
Name: Enter a name for the target group.
Algorithm: Select an algorithm to determine how network traffic is distributed among targets.
Protocol: The default value is HTTP.
4. In the Connection tab, fill in the following fields for the connection settings:
Check Timeout: Enter the maximum wait time in milliseconds (ms) for a target in the group to respond to a check.
Check Interval: Enter the time in milliseconds (ms) between the end of the previous connection attempt and the start of the next.
Retries: Enter the maximum number of attempts to reconnect to a target after a connection failure.
Note: This step is optional. For more information, see Health Checks.
5. In the Connections tab, click Add Health Check to define the settings for a target group:
Path: Enter the destination URL for the HTTP health check request. The default value is set to /.
Method: Choose a method from the list of available health checks.
Match Type: Choose Status Code to indicate if the request was successful or not, or choose Response Body if you need to evaluate the content of the response body. You can further select the following checkboxes:
Regular Expression: To provide flexibility in matching the expected response from a healthy server.
Negation: To negate an individual entry.
You must register targets with the group so the ALB can forward traffic to the targets.
6. In the Targets tab, click + Add to add a new target to the group and fill in the following fields:
IP: Enter the target IP directly, or choose one from the drop-down list.
Port: Enter the target port directly, or choose one from the drop-down list.
Weight: Assign a target weight from 0 to 256. A target with a higher weight gets a larger share of traffic. The default weight value is set to 1.
For changing the target-specific health check configuration, use the following checkboxes:
Health Check Enabled: On selecting, the target becomes available only for TCP or HTTP connection attempts.
Maintenance Enabled: On selecting, the target does not receive balanced traffic and affects the health of the target.
7. Click Create to add the target.
8. Click Create to save all the configurations and to create the target group.
Result Your target group is added to the Target Groups list.
Prerequisites: A public load balancer can be created by providing at least one listener IP address. Please make sure you have previously reserved public IP addresses via the IP Manager. You may always create a private load balancer without specifying any IP addresses.
Additionally, you will need at least one Target Group to which ALB will forward traffic. You can create one in the Target Group Manager.
Add an ALB element by dragging it to the workspace.
Connect the northern interface to Internet Access and the southern interface to a target Server.
To Configure ALB Settings, open the Settings tab from the right Inspector pane and fill in the following fields:
Name: Enter a name for the Application Load Balancer.
Primary IPv4: Use a public IP you have previously reserved for public load balancing. For private load balancing, a private IP address will be assigned automatically upon provisioning. Otherwise, you may always enter a separate private IP.
Add IP: Add additional public or private IP addresses. It is an optional field.
Forwarding rules define how client traffic is distributed to the targets. More than one rule can be created for the same load balancer. In the Inspector pane, open the Forwarding Rules tab. To add forwarding rules, select +Add Forwarding Rule and fill in the following fields:
Name: Enter a unique name for the forwarding rule.
Protocol: The default value is set to HTTP.
Listener IP: Assign an IP address to the listener interface.
Listener port: Select the HTTP port on which the listener will accept client requests.
Client timeout: The default value is set to 50000 milliseconds(ms). This idle timeout is applied when the client is expected to acknowledge or send data. Client time is the duration in which the ALB will not break the TCP connection established with the client, after which the connection is terminated, provided that the client does not send any subsequent requests during this interval.
Setting up HTTP rules in ALB configuration is essential for properly routing incoming traffic to the appropriate targets, load balancing between multiple targets, and improving security by filtering out unwanted traffic.
HTTP rules include Forward, Redirect, and Static rules. To create an HTTP rule, select + Add HTTP Rule in the Inspector pane.
Select the appropriate option for the incoming traffic to activate HTTP Rules in the workspace.
To forward a request to a pre-made Target Group, select the Forward option from the drop-down menu and fill in the following fields:
Name: Enter a unique name for the HTTP rule.
Target Group: Select a target group for forwarding traffic based on the protocol and port specified in the listener configuration.
Targets: The value is automatically populated based on the target group selection.
To request redirection at the HTTP level, select the Redirect option from the drop-down menu and fill in the following fields:
Name: Enter a unique name for the HTTP rule.
Redirect URL: Select a target URL for the redirect.
Status Code: Select a status response code from the list.
Query string: Specify whether you want to keep or drop the query string.
To return a static response message, select the Static option from the drop-down menu and fill in the following fields:
Name: Enter a unique name for the HTTP rule.
Status Code: Select a status response code from the list.
Response Message: Select an appropriate content type from the list.
Response Content type: Enter the content to be displayed in the browser upon the rule trigger.
In addition, you can set Conditions for the rule. Select the Type of the condition in New Condition section and define the rules to determine how incoming traffic is routed and handled by the load balancer. The action is performed only when all conditions are met. If no conditions are specified, the rule will always be performed.
If you make a mistake, you can always delete a rule by selecting the Remove icon on the right.
Note: This step is optional. A private IP will be assigned automatically during provisioning. You may also add a private IP manually if you select + Add IP.
The backend of the ALB exposes the private IP addresses of the target as the source of client traffic. A backend IP address is configurable and defaults to x.x.x.225. Backend IPs are listed in the ALB Inspector under the Private IPs tab.
Once you have entered the mandatory Settings and Forwarding Rules, you may provision the ALB by clicking PROVISION CHANGES. A Provision Data Center window will appear. Select the Provision Now option.
Note: The provisioning process cannot be canceled. However, an existing ALB can be modified at any time. Your password may be required to edit some elements as an additional security measure.
Anytime you need to delete the ALB, right-click the element and choose Delete. You can always use the Backspace/Delete button on your keyboard.
Info: From the Targets list, click to edit an existing target or click to delete a target.
Learn how to create target groups before setting up an ALB
Learn how to configure initial ALB settings
Learn how to create and configure flow logs
