Connect a load balancer

Last update: June 04 2026

1. Create a global router.

2. Connect networks and subnets to the global router for each VLAN and Cloud platform project where the servers for balancing are located.

   For Cloud powered by VMware, networks and subnets can only be added through technical support.

3. Assign IP addresses from the subnets to the servers.

4. Configure routing to the load balancer subnet.

5. Order a load balancer.

6. Verify load balancer operation.

1. Create a global router

1. In the Control panel, in the top menu, click Products and select Global Router.
2. Click Create router. A limit of five global routers is set for each account.
3. Enter the router name.
4. Click Create.
5. If the router was created with the status ERROR or is stuck in one of the statuses, create a ticket.

2. Connect networks and subnets to the global router⁠

carefully

When creating a network, do not use addresses from the 10.128.0.0/16 subnet on your servers. This subnet hosts load balancers, and using it may cause load balancer malfunctions.

Dedicated server

Use for a dedicated or hosted server.

You can connect a new or existing network to the router if it is not already connected to any of the account's global routers.

1. In the control panel, on the top menu, click Products and select Global Router.

2. Go to the router page → Networks tab.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Servers and Equipment service.

6. Select a location for the network.

7. Select or enter a VLAN.

8. If you want to create a network up to an internal segment (Q-in-Q), specify its tag—a number from 2 to 4094. If a network already exists for the VLAN, you must specify the Q-in-Q segment of this VLAN.

9. Enter a subnet name. It will only be used in the control panel.

10. Enter the CIDR—the IP address and mask of the private subnet. You can enter a new subnet or an existing private server subnet if it has not yet been added to any of the global routers in the account. The subnet must meet the following conditions:

    • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
    • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
    • do not overlap with other subnets added to this router—IP addresses must not repeat across subnets on the same router;
    • if a Managed Kubernetes cluster on cloud servers is included in the global router network, the subnet must not overlap with the ranges 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is included in the network — with ranges 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used for Managed Kubernetes internal addressing, and their use may lead to conflicts in the global router network.

11. Enter the gateway IP or leave the first address from the subnet that is assigned by default. Do not assign this address to your devices to avoid network disruption.

12. Enter the service IPs or leave the last addresses from the subnet that are assigned by default. Do not assign these addresses to your devices to avoid network disruption.

13. Click Create network.

14. Optional: check the network topology on the global router. In the Control panel, in the top menu, click Products → Global Router → router page → Network map.

15. If you specified a Q-in-Q tag in step 8, you need to enable Q-in-Q technology on the switch port and configure the private network interface that you specified in step 10. Learn more in the Configure Q-in-Q section of the Q-in-Q guide.

Cloud platform

Use for a cloud server, Managed Kubernetes cluster nodes, or a Managed Database cluster.

You can connect a new or existing network to the router if it is not already connected to any of the account's global routers.

Connect a new network

1. In the Control panel, on the top menu, click Products and select Global Router.

2. Open the router page → Networks tab.

3. Click Create network.

4. Enter a network name. It will only be used in the control panel.

5. Select the Cloud Platform service.

6. Select a location for the network.

7. Select a project.

8. Enter a subnet name. It will only be used in the control panel.

9. Enter the CIDR — IP address and subnet mask. The subnet must meet the following conditions:

   • belong to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • have a size of at least /29, as three addresses will be occupied by Selectel network equipment;
   • it does not overlap with other subnets added to this router — there must be no identical IP addresses within the subnets of one router;
   • if a Managed Kubernetes cluster on cloud servers is to be connected to the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is connected to the network, it must not overlap with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used for Managed Kubernetes internal addressing, and their use may cause conflicts in the global router network.

10. Enter the gateway IP or leave the first address from the subnet, which is assigned by default. Do not assign this address to your devices to avoid disrupting network operation.

11. Enter the service IPs or leave the last addresses from the subnet, which are assigned by default. Do not assign these addresses to your devices to avoid disrupting network operation.

12. Click Create network.

13. Optional: check the network topology on the global router. In the Control panel, on the top menu, click Products → Global Router → router page → Network Map.

Connect an existing network

1. Ensure the network is not already added to any global router in your account. In the Control panel, on the top menu, click Products → Cloud Servers → Network → tab Private networks → check that the network card does not have the tag Global Router.

2. Verify that the subnet meets the following conditions:

   • belongs to the RFC 1918 private address range: 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16;
   • is at least /29, as three addresses will be occupied by Selectel network equipment;
   • it does not overlap with other subnets added to this router: the IP addresses of each subnet on the router must not match the IP addresses of other subnets on it;
   • if a Managed Kubernetes cluster on cloud servers is to be connected to the global router network, the subnet must not overlap with the 10.10.0.0/16, 10.96.0.0/12, 10.250.0.0/16 and 10.251.0.0/24. If a cluster on dedicated servers is connected to the network, it must not overlap with the 10.10.0.0/16, 10.222.0.0/16, 10.250.0.0/16, 10.251.0.0/24 and 172.250.0.0/14. These subnets are used for Managed Kubernetes internal addressing, and their use may cause conflicts in the global router network.

3. In the Control panel, on the top menu, click Products and select Cloud Servers.

4. Go to Network → tab Private networks.

5. From the network menu, select Connect to Global Router.

6. Select a global router.

7. For each subnet in the network, enter the IP address to be assigned to the router or leave the first available address from the subnet, which is assigned by default. Do not assign this address to your devices to avoid disrupting network operation. The last two available subnet addresses will be reserved as service addresses.

8. Click Connect. Do not close the window until a message appears confirming the network has been connected. After that, in the control panel:

   • the network will appear in the section Selectel Global Router on the router page to which you connected it;
   • in the section Cloud Servers → Network → on the tab Private networks, the network will have the tag Global Router.

3. Assign IP addresses to servers

Dedicated server

Ubuntu

1. Connect to the server via SSH or via KVM console.

2. Open the netplan utility configuration file with the vi:

   vi /etc/netplan/01-netcfg.yaml

3. Add or change the values of the private network interface settings:

       <eth_name>:
               addresses: [<ip_address>]

   Specify:

   • <eth_name> — the name of the private network interface;
   • <ip_address> — the private IP address of the server with a subnet mask, for example 192.168.0.2/24.

4. Press ESC.

5. Exit the vi text editor with your changes saved:

   :wq

6. Apply the configuration:

   netplan apply

7. Optional: reboot the server.

8. Optional: assign a private IP address to the server in the control panel.

Debian

1. Connect to the server via SSH or via KVM console.

2. Open the network interfaces configuration file with the vi:

   vi /etc/network/interfaces.d/50-cloud-init

3. Add or change the values of the private network interface settings:

   auto <eth_name>
   iface <eth_name> inet static
       address <ip_address>/<mask>

   Specify:

   • <eth_name> — the name of the private network interface;
   • <ip_address> — the private IP address of the server, for example 192.168.0.2;
   • <mask> — the subnet mask, for example /24.

4. Press ESC.

5. Exit the vi text editor with your changes saved:

   :wq

6. Restart the network:

   service networking restart

7. Optional: reboot the server.

8. Optional: assign a private IP address to the server in the control panel.

CentOS

1. Connect to the server via SSH or via KVM console.

2. Output information about the network interfaces:

   ip address

3. Create or open the private network interface configuration file with the vi:

   vi /etc/sysconfig/network-scripts/ifcfg-<eth_name>

   Specify <eth_name> — the name of the private network interface.

4. Add or change the values of the network interface settings:

   NAME="<eth_name>"
   ONBOOT=yes
   BOOTPROTO=none
   IPADDR="<ip_address>"

   Specify:

   • <eth_name> — the name of the private network interface;
   • <ip_address> — the private IP address of the server with a subnet mask, for example 192.168.0.2/24;

5. Press ESC.

6. Exit the vi text editor with your changes saved:

   :wq

7. Restart the network:

   systemctl restart network

8. Optional: reboot the server.

9. Optional: assign a private IP address to the server in the control panel.

An example of changing network settings in CentOS is in the blog article Configuring Networking in CentOS 7.

Windows

1. Connect to the server via RDP or via KVM console.

2. Open the Network and Sharing Center.

3. Open the private network interface.

4. Click Properties.

5. From the list, select IPv4.

6. Click Properties.

7. Specify the network interface parameters:

   • IP-address — the private IP address of the server with a subnet mask, for example 192.168.0.2;
   • Subnet mask — the subnet mask.

8. Click OK.

9. Optional: assign a private IP address to the server in the control panel.

Cloud platform

1. Add a cloud server or a Managed Kubernetes cluster node to the created global router subnet. If you do not yet have a server or node, create them. When creating, select the global router subnet as the subnet.

2. Apply the changes depending on the Apply changes port parameter. You can view the parameter value in the control panel: in the top menu, click Products → Cloud Servers → server page → Ports tab → Port configuration block:

   • When rebooting the server — programmatically reboot the cloud server or manually make changes to the network configuration file on the server;
   • Manually in the network configuration file on the server — manually make changes to the network configuration file on the server.

Cloud powered by VMware

1. Open the Cloud Director panel.
2. Go to the Virtual Machines tab.
3. In the block for the required virtual machine, click the Details button.
4. In the Hardware block, select the NICs block and click the Edit - New button.
5. Select the global router network.
6. Click the Save button.

4. Configure routing to the load balancer subnet

On each server, you must pre-configure routing to the subnet where we will host the load balancer when the service is connected. By default, we host load balancers in the 10.128.0.0/16 subnet, but you can choose any suitable /16 subnet.

Dedicated server, cloud powered by VMware

Ubuntu

1. Connect to the server.

2. Open the network configuration file:

   vi /etc/netplan/01-netcfg.yaml

3. At the end of the block containing the data for the required network interface, add the route:

   routes:
     - to: <ip_address>/<mask>
       via: <gateway>

   Specify:

   • <ip_address>/<mask> — the load balancer subnet. You can specify the 10.128.0.0/16 subnet, where we host load balancers by default, or any suitable /16;
   • <gateway> — the IP address from the server subnet that you designated as the gateway to the global router when connecting networks and subnets.

4. Save the file.

5. Check the settings:

   sudo netplan try

6. Apply the changes:

   netplan apply

Debian

1. Connect to the server.

2. Open the network configuration file:

   vi  /etc/network/interfaces

3. At the end of the block with the data of the corresponding network interface, add the required route:

   up route add -net <ip_address> netmask <mask> gw <gateway>
   down route del -net <ip_address> netmask <mask> gw <gateway>

   Specify:

   • <ip_address> — the load balancer subnet. You can specify the 10.128.0.0/16 subnet, where we host load balancers by default, or any suitable /16;
   • <mask> — 255.255.0.0;
   • <gateway> — the IP address from the server subnet that you designated as the gateway to the global router when connecting networks and subnets.

4. Save the file.

5. Restart the network:

   sudo /etc/init.d/networking restart

CentOS

1. Connect to the server.

2. Create and fill in a file for configuring static routes:

   echo "<ip_address>/<mask> via <gateway>" >> /etc/sysconfig/network-scripts/route-<eth_name>

   Specify:

   • <ip_address>/<mask> — the load balancer subnet. You can specify the 10.128.0.0/16 subnet, where we host load balancers by default, or any suitable /16;
   • <gateway> — the IP address from the server subnet that you designated as the gateway to the global router when connecting networks and subnets;
   • <eth_name> — the name of the corresponding local network interface.

3. Restart the network:

   systemctl restart network

Windows

1. Connect to the server via RDP or via the KVM console.

2. Add the required routes one by one:

   route -p ADD <ip_address> MASK <mask> <gateway> METRIC <x>

   Specify:

   • <ip_address> — the load balancer subnet. You can specify the 10.128.0.0/16 subnet, where we host load balancers by default, or any suitable /16;
   • <mask> — 255.255.0.0;
   • <gateway> — the IP address from the server subnet that you designated as the gateway to the global router when connecting networks and subnets;
   • <x> — a parameter that specifies the priority of the given gateway, 1 being the highest priority.

Cloud platform

To specify static routes for a cloud server, Managed Database cluster, or Managed Kubernetes cluster, you must configure a static route on the private subnet where the server or cluster resides.

When configuring the route, specify the destination subnet — the load balancer subnet.

5. Order a load balancer

1. If your servers use the HTTPS protocol, add your TLS(SSL) certificate to the Certificate Manager. You can also issue a Let's Encrypt® certificate.

2. In the control panel, on the top menu, click Products and select Load Balancer.

3. Click Connect a load balancer.

4. Select a plan according to the required channel bandwidth — 20, 50, 100, or 1000 Mbps. If you need a different channel bandwidth, select Other and specify the required value in Mbps.

5. Specify the global router to which you connected the networks and subnets — its name, identifier, or the list of subnets added to the router. Router details can be viewed in the control panel: in the top menu, click Products → Global router → router page.

6. Specify the load balancer subnet you entered when configuring routing on the servers.

7. Select a balancing algorithm:

   • Round Robin — a round-robin algorithm where requests are passed to each server in turn;
   • Weighted Round Robin — a weighted round-robin algorithm where each server is assigned a weight coefficient corresponding to its performance and power. Servers with a higher coefficient receive more requests;
   • Source IP hash — an algorithm where the preferred server for receiving a request is selected depending on the HTTP header or IP address;
   • Least Connections — an algorithm where the request is sent to the least loaded server.

8. If Sticky Sessions are required, select the Sticky Sessions checkbox.

9. Select the target server protocol: TCP, HTTP, HTTPS.

10. If you selected the TCP protocol, specify the parameters for using the protocol — all private IP addresses assigned within the global router networks, specifying the ports.

11. If you selected the HTTP protocol, specify all combinations of URLs accepted from the Internet and the IP addresses to which they should be redirected, specifying the port. For example, http://domain.com/page — http://X.X.X.X:X.

12. If you selected the HTTPS protocol, specify:

    • all combinations of URLs accepted from the Internet and the IP addresses to which they should be redirected, specifying the port. For example, https://domain.com/page — http://X.X.X.X:X;
    • The ID of the certificate added in step 1. You can view the ID in the control panel: in the top menu, click Products → Certificate Manager → in the menu for the certificate, select Copy UUID;
    • The ID of the project where the certificate is located.

13. Optional: if you need to provide any additional information, enter it in the Additional comment field. For example, describe the use case in more detail, specify in which pools the infrastructure is hosted, or leave administrator contact information for details.

14. Click Connect a load balancer.

15. We will create and send a ticket to connect the service. The connection process takes up to seven business days. Once the load balancer is ready, we will provide you with a protected public IP address in the ticket; you need to direct incoming traffic to this address for balancing.

6. Verify load balancer operation

To verify load balancer operation, send test requests to the IP address you received when ordering the load balancer.