Setting Up Internal HTTP(S) Load Balancing for Compute Engine VMs

This document provides instructions for configuring Internal HTTP(S) Load Balancing for your services running on Compute Engine VMs.

Before you begin

Before following the instructions in this guide, review the following documents:

Configuring Internal HTTP(S) Load Balancing with a VM-based service

This section shows the configuration required for services that run on Compute Engine VMs. Client VMs connect to the IP address and port that you configure in the forwarding rule. When your client applications send traffic to this IP address and port, their requests are forwarded to your backend virtual machines (VMs) according to your internal HTTP(S) load balancer's URL map.

The example on this page explicitly sets a reserved internal IP address for the internal HTTP(S) load balancer's forwarding rule, rather than allowing an ephemeral internal IP address to be allocated. As a best practice, we recommend reserving IP addresses for forwarding rules.

Creating a managed instance group

This section shows how to create a template and a managed instance group. The managed instance group provides VM instances running the backend servers of an example internal HTTP(S) load balancer. Traffic from clients is load balanced to these backend servers. For demonstration purposes, backends serve their own hostnames.

Console

  1. Go to the Instance groups page in the Cloud Console.

    Go to the Instance Groups page

  2. Click Create an instance group.
  3. Choose New managed instance group on the left.
  4. For the Name, enter l7-ilb-backend-example.
  5. Under Location, select Single zone.
  6. For the Region, select us-west1.
  7. For the Zone, select us-west1-a.
  8. Under Instance template, select Create another instance template.
  9. For the Name, enter l7-ilb-backend-template.
  10. Ensure that the Boot disk is set to a Debian image, such as Debian GNU/Linux 9 (stretch). These instructions use commands that are only available on Debian, such as apt-get.
  11. Under Management, security, disks, networking, sole tenancy, on the Management tab, insert the following script into the Startup script field.

    #! /bin/bash
    apt-get update
    apt-get install apache2 -y
    a2ensite default-ssl
    a2enmod ssl
    vm_hostname="$(curl -H "Metadata-Flavor:Google" \
    http://169.254.169.254/computeMetadata/v1/instance/name)"
    echo "Page served from: $vm_hostname" | \
    tee /var/www/html/index.html
    systemctl restart apache2'
    
  12. Under Management, security, disks, networking, sole tenancy, click the Networking tab.

  13. For the Network, select lb-network, and for the Subnet, select backend-subnet.

  14. Add the following network tags: allow-ssh and load-balanced-backend.

  15. Click Save and continue.

  16. Specify the number of instances that you want to create in the group. Optionally, in the Autoscaling section of the UI, you can configure the instance group to automatically add or remove instances based on instance CPU usage.

  17. Click Create to create the new instance group.

gcloud

  1. Create a VM instance template with HTTP server with the gcloud compute instance-templates create command.

    gcloud compute instance-templates create l7-ilb-backend-template \
    --region=us-west1 \
    --network=lb-network \
    --subnet=backend-subnet \
    --tags=allow-ssh,load-balanced-backend \
    --image-family=debian-9 \
    --image-project=debian-cloud \
    --metadata=startup-script='#! /bin/bash
    apt-get update
    apt-get install apache2 -y
    a2ensite default-ssl
    a2enmod ssl
    vm_hostname="$(curl -H "Metadata-Flavor:Google" \
    http://169.254.169.254/computeMetadata/v1/instance/name)"
    echo "Page served from: $vm_hostname" | \
    tee /var/www/html/index.html
    systemctl restart apache2'
    
  2. Create a managed instance group in the zone with the gcloud compute instance-groups managed create command.

    gcloud compute instance-groups managed create l7-ilb-backend-example \
        --zone=us-west1-a \
        --size=2 \
        --template=l7-ilb-backend-template
    

api

Create the instance template with the instanceTemplates.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/v1/projects/[project-id]/global/instanceTemplates
{
  "name":"l7-ilb-backend-template",
  "properties":{
     "machineType":"n1-standard-1",
     "tags":{
        "items":[
           "allow-ssh",
           "load-balanced-backend"
        ]
     },
     "metadata":{
        "kind":"compute#metadata",
        "items":[
          {
              "key":"startup-script",
              "value":"#! /bin/bash\napt-get update\napt-get install apache2 -y\na2ensite default-ssl\na2enmod ssl\nvm_hostname=\"$(curl -H \"Metadata-Flavor:Google\" \\\nhttp://169.254.169.254/computeMetadata/v1/instance/name)\"\necho \"Page served from: $vm_hostname\" | \\\ntee /var/www/html/index.html\nsystemctl restart apache2"
          }
        ]
     },
     "networkInterfaces":[
       {
           "kind":"compute#networkInterface",
           "network":"projects/[project-id]/global/networks/lb-network",
           "subnetwork":"regions/us-west1/subnetworks/backend-subnet",
           "accessConfigs":[
             {
                 "kind":"compute#accessConfig",
                 "type":"ONE_TO_ONE_NAT"
             }
           ]
       }
     ],
     "disks":[
       {
           "kind":"compute#attachedDisk",
           "index":0,
           "boot":true,
           "initializeParams":{
              "sourceImage":"projects/debian-cloud/global/images/family/debian-9"
           },
           "autoDelete":true
       }
     ]
  }
}

Create a managed instance group in each zone with the instanceGroupManagers.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/v1/projects/[project-id]/zones/{zone}/instanceGroupManagers
{
  "name": "l7-ilb-backend-example",
  "zone": "projects/[project-id]/zones/us-west1-a",
  "instanceTemplate": "projects/[project-id]/global/instanceTemplates/l7-ilb-backend-template",
  "baseInstanceName": "l7-ilb-vm",
  "targetSize": 2
}

Configuring the load balancer

The example demonstrates the following internal HTTP load balancer configuration tasks:

  • Define the HTTP health check
  • Define the backend service
  • Add a managed instance group to the backend service
  • Create a URL map
    • Make sure to refer to a regional URL map if a region is defined for the target HTTP(S) proxy. A regional URL map routes requests to a regional backend service based on rules that you define for the host and path of an incoming URL. A regional URL map can be referenced by a regional target proxy rule in the same region only.
  • Create a target proxy
  • Create a forwarding rule

Console

Select a load balancer type

  1. Go to the Load balancing page in the Google Cloud Console.
    Go to the Load balancing page
  2. Click Create load balancer.
  3. Under HTTP(S) Load Balancing, click Start configuration.
  4. Select Only between my VMs. This setting means that the load balancer is internal.
  5. Click Continue.

Prepare the load balancer

  1. For the Name of the load balancer, enter l7-ilb-map.
  2. Ensure the Protocol is HTTP.
  3. For the Region, select us-west1.
  4. For the VPC network, select lb-network.
  5. Keep the window open to continue.

Reserve a proxy-only subnet

For Internal HTTP(S) Load Balancing, reserve a proxy subnet:

  1. Click Reserve a Subnet.
  2. For the Name, enter proxy-subnet.
  3. For the Network, select lb-network.
  4. For the Region, select us-west1.
  5. For the IP address range, enter 10.129.0.0/26.
  6. Click Add.

Configure the backend service

  1. Click Backend configuration.
  2. From the Create or select backend services menu, select Create a backend service.
  3. Set the Name of the backend service to l7-ilb-backend-service.
  4. Set the Backend type to instance groups.
  5. In the New backend card of the Backends section:
    1. Set the Instance group to l7-ilb-backend-example.
    2. Set the Port numbers to 80.
    3. Set the Balancing mode to UTILIZATION.
    4. Click Done.
  6. In the Health check section, choose Create a health check with the following parameters:
    1. Name: l7-ilb-basic-check
    2. Protocol: HTTP
    3. Port: 80
    4. Click Save and Continue.
  7. Click Create.

Configure the URL map

  1. Click Host and path rules. Ensure that the l7-ilb-backend-service is the only backend service for any unmatched host and any unmatched path.

Configure the frontend components

  1. Click Frontend configuration and edit the New frontend IP and port section.
  2. Set the Name to l7-ilb-forwarding-rule.
  3. Set the Protocol to HTTP.
  4. Set the Subnet to backend-subnet.
  5. Choose Reserve a static internal IP address from the Internal IP pop-up button.
  6. In the panel that appears provide the following details:
    1. Name: l7-ilb-ip
    2. In the Static IP address section, select Let me choose.
    3. In the Custom IP address section, enter 10.1.2.99.
    4. Click Reserve.
  7. Set the Port to 80.
  8. Click Done.

Complete the configuration

  1. Click Create.

gcloud

  1. Define the HTTP health check with the gcloud compute health-checks create http command.

    gcloud beta compute health-checks create http l7-ilb-basic-check \
    --region=us-west1 \
    --use-serving-port
    
  2. Define the backend service with the gcloud compute backend-services create command.

    gcloud beta compute backend-services create l7-ilb-backend-service \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --protocol=HTTP \
    --health-checks=l7-ilb-basic-check \
    --health-checks-region=us-west1 \
    --region=us-west1
    
  3. Add backends to the backend service with the gcloud compute backend-services add-backend command.

    gcloud beta compute backend-services add-backend l7-ilb-backend-service \
    --balancing-mode=UTILIZATION \
    --instance-group=l7-ilb-backend-example \
    --instance-group-zone=us-west1-a \
    --region=us-west1
    
  4. Create the URL map with the gcloud compute url-maps create command.

    gcloud beta compute url-maps create l7-ilb-map \
    --default-service=l7-ilb-backend-service \
    --region=us-west1
    
  5. Create the target proxy with the gcloud compute target-http-proxies create command.

    gcloud beta compute target-http-proxies create l7-ilb-proxy \
    --url-map=l7-ilb-map \
    --url-map-region=us-west1 \
    --region=us-west1
    
  6. Create the forwarding rule with the gcloud compute forwarding-rules create command.

    For custom networks, you must reference the subnet in the forwarding rule. Note that this is the VM subnet, not the proxy subnet.

    gcloud beta compute forwarding-rules create l7-ilb-forwarding-rule \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --network=lb-network \
    --subnet=backend-subnet \
    --address=10.1.2.99 \
    --ports=80 \
    --region=us-west1 \
    --target-http-proxy=l7-ilb-proxy \
    --target-http-proxy-region=us-west1
    

api

Create the health check by making a POST request to the healthChecks.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/beta/projects/[project-id]/global/healthChecks
{
  "name": "l7-ilb-basic-check",
  "type": "HTTP",
  "httpHealthCheck": {
    "portSpecification": "USE_SERVING_PORT"
  }
}

Create the regional backend service by making a POST request to the regionBackendServices.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/beta/projects/[project-id]/regions/us-west1/backendServices
{
  "name": "l7-ilb-backend-service",
  "backends": [
    {
      "group": "projects/[project-id]/zones/us-west1-a/instanceGroups/ig-a",
      "balancingMode": "UTILIZATION"
    }
  ],
  "healthChecks": [
    "projects/[project-id]/global/healthChecks/l7-ilb-basic-check"
  ],
  "loadBalancingScheme": "INTERNAL_MANAGED"
}

Create the URL map by making a POST request to the urlMap.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/beta/projects/[project-id]/global/urlMaps
{
  "name": "l7-ilb-map",
  "defaultService": "projects/[project-id]/regions/us-west1/backendServices/l7-ilb-backend-service"
}

Create the target HTTP proxy by making a POST request to the targetHttpProxies.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/beta/projects/[project-id]/regions/us-west1/targetHttpProxy
{
  "name": "l7-ilb-proxy",
  "urlMap": "projects/[project-id]/global/urlMaps/l7-ilb-map",
  "region": "us-west1"
}

Create the forwarding rule by making a POST request to the forwardingRules.insert method, replacing [project-id] with your project ID.

POST https://www.googleapis.com/compute/beta/projects/[project-id]/regions/us-west1/forwardingRules
{
  "name": "l7-ilb-forwarding-rule",
  "IPAddress": "10.1.2.99",
  "IPProtocol": "TCP",
  "portRange": "80-80",
  "target": "projects/[project-id]/regions/us-west1/targetHttpProxies/l7-ilb-proxy",
  "loadBalancingScheme": "INTERNAL_MANAGED",
  "subnetwork": "projects/[project-id]/regions/us-west1/subnetworks/backend-subnet",
  "network": "projects/[project-id]/global/networks/lb-network",
  "networkTier": "PREMIUM",
}

Testing

Creating a VM instance to test connectivity

gcloud compute instances create l7-ilb-client-us-west1-a \
    --image-family=debian-9 \
    --image-project=debian-cloud \
    --network=lb-network \
    --subnet=backend-subnet \
    --zone=us-west1-a \
    --tags=allow-ssh

Testing the load balancer

Log in to the instance that you just created and test that HTTP(S) services on the backends are reachable via the internal HTTP(S) load balancer's forwarding rule IP address, and traffic is being load balanced across the backend instances.

Connecting via SSH to each client instance

gcloud compute ssh l7-ilb-client-us-west1-a \
    --zone=us-west1-a

Verifying that the IP is serving its hostname

curl 10.1.2.99

Running 100 requests and confirm that they are load balanced

for LB_IP in 10.1.2.99; do
    RESULTS=
    for i in {1..100}; do RESULTS="$RESULTS:`curl 10.1.2.99`"; done >/dev/null 2>&1
    IFS=':'
    echo "***"
    echo "*** Results of load-balancing to 10.1.2.99: "
    echo "***"
    echo "$RESULTS" | tr ':' '\n' | grep -Ev "^$" | sort | uniq -c
    echo
done

What's next

หน้านี้มีประโยชน์ไหม โปรดแสดงความคิดเห็น