Connect the balancer
-
Connect networks and subnets to the global router to each VLAN and cloud platform project where the servers for balancing reside.
For VMware-based cloud you can add networks and subnets only through technical support.
1. Create a global router
- In the Control Panel, on the top menu, click Products and select Global Router.
- Click Create router. Each account has a limit of five global routers.
- Enter the name of the router.
- Click Create.
- If the router is created with ERROR status or hangs in one of the statuses, create a ticket.
2. Connect networks and subnets to the global router
When creating a network, do not use addresses from the 10.128.0.0/16
subnet on servers. This subnet hosts load balancers, and its use can cause load balancers to malfunction.
Dedicated server
Cloud platform
Use for a dedicated or hosted server.
You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.
-
In the Control Panel, on the top menu, click Products and select Global Router.
-
Open the router page → Networks tab.
-
Click Create Network.
-
Enter a network name, this will only be used in the control panel.
-
Select a Servers and Hardware service.
-
Select a pool.
-
Select VLAN. If you want to create a network up to the internal segment (Q-in-Q), specify its tag, a number from 2 to 4094. If there is already a network up to the VLAN, be sure to specify the Q-in-Q segment of this VLAN.
-
Enter the subnet name — this will only be used in the control panel.
-
Enter the CIDR — IP address and private subnet mask. You can enter a new subnet or an existing private subnet of the server if it is not already added to any of the global routers in the account. The subnet must meet the conditions:
- belong to the RFC 1918 private address range:
10.0.0.0/8
,172.16.0.0/12
, or192.168.0.0/16;
; - have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
- Do not overlap with other subnets added to this router: The IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
- If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges
10.250.0.0/16
,10.10.0.0/16
and10.96.0.0/12
. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.
- belong to the RFC 1918 private address range:
-
If you specified the Q-in-Q tag, make sure to configure Q-in-Q. When configuring, use the subnet you specified in step 9.
-
Enter the gateway IP or leave the first address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network.
-
Enter service IPs or leave the last addresses from the subnet assigned by default. Do not assign these addresses to your devices to avoid disrupting the network.
-
Click Create Network.
-
Optional: Check the network topology on the global router. In the control panel, from the top menu, click Products → Global Router → Router Page → Network Map.
If the cloud platform network is connected to a global router, you can only manage it on the global router page.
Use for a cloud server, Managed Kubernetes cluster node, or cloud database cluster.
You can connect a new network to the router or an existing network if it is not already connected to any of the account's global routers.
Connect a new network
Connect existing network
-
In the Control Panel, on the top menu, click Products and select Global Router.
-
Open the router page → Networks tab.
-
Click Create Network.
-
Enter a network name, this will only be used in the control panel.
-
Select a Cloud Platform service.
-
Select a pool.
-
Select a project.
-
Enter the subnet name — this will only be used in the control panel.
-
Enter the CIDR — IP address and subnet mask. The subnet must meet the conditions:
- belong to the RFC 1918 private address range:
10.0.0.0/8
,172.16.0.0/12
, or192.168.0.0/16;
; - have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
- Do not overlap with other subnets added to this router: The IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
- If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges
10.250.0.0/16
,10.10.0.0/16
and10.96.0.0/12
. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.
- belong to the RFC 1918 private address range:
-
Enter the gateway IP or leave the first address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network.
-
Enter service IPs or leave the last addresses from the subnet assigned by default. Do not assign these addresses to your devices to avoid disrupting the network.
-
Click Create Network.
-
Optional: Check the network topology on the global router. In the control panel, from the top menu, click Products → Global Router → Router Page → Network Map.
-
Verify that the network has not yet been added to any of the account's global routers. In the Control Panel, in the top menu, click Products → Cloud Servers → Network → Private Networks tab → check that there is no Global Router tag in the network card.
-
Verify that the subnet meets the conditions:
- belongs to the RFC 1918 private address range:
10.0.0.0/8
,172.16.0.0/12
, or192.168.0.0/16;
; - is at least /29, as three addresses will be occupied by Selectel network equipment;
- does not overlap with other subnets added to this router: the IP addresses of each subnet on the router must not overlap with the IP addresses of other subnets on the router;
- If Managed Kubernetes nodes are included in the global router network, the subnet must not overlap with the ranges
10.250.0.0/16
,10.10.0.0/16
and10.96.0.0/12
. These subnets participate in the internal addressing of Managed Kubernetes and their use can cause conflicts in the global router network.
- belongs to the RFC 1918 private address range:
-
In the Control panel, on the top menu, click Products and select Cloud Servers.
-
Go to Network → Private Networks tab.
-
From the menu of the network, select Connect to Global Router.
-
Select the global router.
-
For each of the network subnets, enter the IP address that will be assigned to the router, or leave the first available address from the subnet assigned by default. Do not assign this address to your devices to avoid disrupting the network. The last two free subnet addresses will be reserved as service addresses.
-
Click Connect. Do not close the window until you see a message that the network is connected. After that, in the Control Panel:
3. Assign IP addresses to the servers
On each server that joins the global router network, configure a local port to work with the subnet created on the router. On the port, assign an IP address from the private subnet that you connected to the global router for the corresponding VLAN or project.
Dedicated server
Cloud platform
VMware-based cloud
Ubuntu
Debian
CentOS
Windows
-
Open the
netplan
utility configuration file with the vi text editor:vi /etc/netplan/01-netcfg.yaml
-
Add or change values for the network interface settings of the private network:
<eth_name>:
addresses: [<ip_address>/<mask>]Specify:
<eth_name>
— the name of the network interface of the private network;<ip_address>/<mask>
— private IP address of the server with a subnet mask, e.g.,192.168.0.2/28
.
-
Press the
ESC
key. -
Exit the
vi
text editor with your changes saved::wq
-
Apply the configuration:
netplan apply
-
Optional: reboot the server.
-
Open the network interfaces configuration file with the vi text editor:
vi /etc/network/interfaces
-
Add or change values for the network interface settings of the private network:
auto <eth_name>
iface <eth_name> inet static
address <ip_address>/<mask>Specify:
<eth_name>
-name of the network interface of the private network;<ip_address>/<mask>
— private IP address of the server with a subnet mask, e.g.,192.168.0.2/28
.
-
Press the
ESC
key. -
Exit the vi text editor with your changes saved:
:wq
-
Restart the network:
service networking restart
-
Optional: reboot the server.
-
Output information about the network interfaces:
ip address
-
Create or open the private network interface configuration file with the vi text editor:
vi /etc/sysconfig/network-scripts/ifcfg-<eth_name>
Specify
<eth_name>
is the name of the network interface of the private network. -
Add or change the values of the network interface settings:
NAME="<eth_name>"
ONBOOT=yes
BOOTPROTO=none
IPADDR="<ip_address>/<mask>"Specify:
<eth_name>
-name of the network interface of the private network;<ip_address>/<mask>
— private IP address of the server with a subnet mask, e.g.,192.168.0.2/28
.
-
Press the
ESC
key. -
Exit the vi text editor with your changes saved:
:wq
-
Restart the network:
systemctl restart network
-
Optional: reboot the server.
An example of changing network settings in CentOS in the blog article Configuring Networking in CentOS 7.
-
Open the Network and Sharing Center.
-
Open the network interface of the private network.
-
Click Properties.
-
From the list, select IPv4.
-
Click Properties.
-
Specify the network interface parameters:
- IP-address — The private IP address of the server, e.g,
192.168.0.2
; - Subnet mask — subnet mask.
- IP-address — The private IP address of the server, e.g,
-
Press OK.
-
Add a cloud server or Managed Kubernetes cluster node to the created subnet on the global router. If you do not already have a server or node, create one. When creating, select the global router subnet as the subnet.
-
Apply changes depending on the port parameter Apply changes. You can view the value of the parameter in the control panel: from the top menu, click Products → Cloud Servers → Server page → Ports tab → Ports Configuration block:
- When the server reboots. — programmatically reboot the cloud server or manually make changes to the network configuration file on the server;
- Manually in the network configuration file on the server — Manually make changes to the network configuration file on the server.
- Open the Cloud Director panel.
- Click the Virtual Machines tab.
- In the block of the desired virtual machine, click the Details button.
- In the Hardware block, select the NICs block and click Edit — New.
- Select the global router network.
- Click the Save button.
4. Configure routing to the balancer subnet
On each of the servers, we need to pre-configure routing to the subnet where we will place the balancer when the service is connected. By default we place the balancers in the subnet 10.128.0.0/16
, but you can choose any suitable subnet of dimension /16
.
Dedicated server, cloud based on VMware
Cloud platform
Ubuntu
Debian
CentOS
Windows
-
Open the network configuration file:
vi /etc/netplan/01-netcfg.yaml
-
At the end of the data block of the desired network interface, add a route:
routes:
- to: <ip_address>/<mask>
via: <gateway>Specify:
<ip_address>/<mask>
— balancer subnet. You can specify the subnet10.128.0.0/16
where we place the balancers by default, or any suitable subnet of dimensionality/16
;<gateway>
— The IP address from the server subnet that you assign as the gateway to the global router when you connect networks and subnets. connecting networks and subnets.
-
Save the file.
-
Check the settings:
sudo netplan try
-
Apply the changes:
netplan apply
-
Open the network configuration file:
vi /etc/network/interfaces
-
At the end of the data block of the corresponding network interface, add the desired route:
up route add -net <ip_address> netmask <mask> gw <gateway>
down route del -net <ip_address> netmask <mask> gw <gateway>Specify:
<ip_address>
— balancer subnet. You can specify the subnet10.128.0.0/16
where we place the balancers by default, or any suitable subnet of dimensionality/16
;<mask>
—255.255.0.0
;<gateway>
— The IP address from the server subnet that you assign as the gateway to the global router when you connect networks and subnets. connecting networks and subnets.
-
Save the file.
-
Restart the network:
sudo /etc/init.d/networking restart
-
Create and complete a file to configure static routes:
echo "<ip_address>/<mask> via <gateway>" >> /etc/sysconfig/network-scripts/route-<eth_name>
Specify:
<ip_address>/<mask>
— balancer subnet. You can specify the subnet10.128.0.0/16
where we place the balancers by default, or any suitable subnet of dimensionality/16
;<gateway>
— The IP address from the server subnet that you assign as the gateway to the global router when you connecting networks and subnets;<eth_name>
— the name of the corresponding LAN interface.
-
Restart the network:
systemctl restart network
-
Add the required routes one at a time:
route -p ADD <ip_address> MASK <mask> <gateway> METRIC <x>
Specify:
<ip_address>
— balancer subnet. You can specify the subnet10.128.0.0/16
where we place the balancers by default, or any suitable subnet of dimensionality/16
;<mask>
—255.255.0.0
;<gateway>
— The IP address from the server subnet that you assign as the gateway to the global router when you connecting networks and subnets;<x>
— parameter that defines the priority of the specified gateway, 1 being the highest priority.
For a cloud server, cloud database cluster, or Managed Kubernetes cluster, use the Static Routes instruction.
5. Order a balancer
-
If your servers use HTTPS, add your TLS(SSL)-certificate to the Secret Manager. You can also issue a Let's Encrypt® certificate.
-
In the Control Panel, in the top menu, click Products and select Load Balancer.
-
Click Connect Balancer.
-
Select the tariff according to the desired channel width — 20, 50, 100 or 1,000 Mbps. If you need a different channel width, select Other and specify the required value in Mbps.
-
Specify the global router to which you have connected networks and subnets — its name, ID or a list of subnets added to the router. You can view the router data in the control panel: from the top menu, click Products → Global Router → Router page.
-
Specify the balancer subnet that you specified when configuring routing on the servers.
-
Select a balancing algorithm:
- Round Robin is a round robin algorithm in which requests are passed to each server in turn;
- Weighted Round Robin is a weighted round robin algorithm in which each server is assigned a weighting factor corresponding to its performance and capacity. Servers with a higher weighting factor receive more requests;
- Source IP hash is an algorithm that, depending on the HTTP header or IP address, selects a preferred server to receive the request;
- Least Connections — an algorithm that sends the request to the least loaded server.
-
If you want to use Sticky Sessions, check the Sticky Sessions checkbox.
-
Select the protocol of the target servers: TCP, HTTP, HTTPS.
-
If you selected the TCP protocol, specify the parameters for using the protocol — all private IP addresses assigned within the global router's networks, with the ports specified.
-
If you selected the HTTP protocol, specify all combinations of URLs received from the Internet and the IP addresses to which they should be redirected, including the port. For example,
http://domain.com/page to http://X.X.X.X:X
. -
If you selected the HTTPS protocol, specify:
- all combinations of URLs received from the Internet and the IP addresses to which they should be redirected, with the port. For example,
https://domain.com/page to http://X
.X.X.X:X; - ID of the certificate you added in step 1. The ID can be viewed in the control panel: in the top menu, click Products → Secrets Manager → Certificates tab → in the menu of the certificate, select Copy UUID;
- The ID of the project where the certificate resides.
- all combinations of URLs received from the Internet and the IP addresses to which they should be redirected, with the port. For example,
-
Optional: if you need to specify any additional data, enter it in the Additional comment field. For example, describe the usage scenario in more detail, specify in which pools the infrastructure is hosted, leave the administrator's contact for communication and clarification of details.
-
Click Connect Balancer.
-
We will create and send a ticket to activate the service. Connection takes up to seven working days. When the balancer is ready, we will send you a secure public IP address in the ticket to which you should direct incoming traffic for balancing.
6. Check the operation of the balancer
To test the balancer, send test requests to the IP address you received when you ordered the balancer.