Guide

Getting started with NodeBalancers

Suggest Edits

Nearly every production application can benefit from a load balancing solution like Akamai's NodeBalancers. This guide covers how to get started with NodeBalancers, including how to architect your application, configure the NodeBalancer, and update the DNS.

Prepare the application

To start using a NodeBalancer and benefiting from load balancing, your application should be stored on at least two Linodes.

You can use both VPC and non-VPC Linodes as backend nodes. Each NodeBalancer configuration can have an associated VPC, which must be set when the NodeBalancer is created. For VPC backends, the NodeBalancer routes traffic to backend nodes through the VPC’s subnets. The subnet must be located in the same data center as the NodeBalancer.

📘

Once the NodeBalancer is created, its VPC cannot be changed.

Each instance of your application should be able to fully serve the needs of your users, including being able to respond to web requests, access all necessary files, and query any databases. When determining your application's infrastructure, consider the following components:

  • Application deployment: How will you deploy your application's code and software infrastructure to each Linode? Consider using automated git deployments or more advanced CI/CD tooling.

  • File storage and synchronization: Should the application's files be stored alongside the application's code or should you consider implementing a distributed storage solution on separate instances? For simple applications, consider file synchronization/backup tools like rsync or csync2. For a more robust solution, consider a distributed file system like GlusterFS.

  • Database replication: How will you maintain consistency between multiple databases? Consider the suggested architecture and available tooling for the database software you intend to use. Managed Databases, when deployed with high availability enabled, are a great fully-managed solution. Alternatively, Galera is a self-hosted option that can be used with MySQL.

In some simple applications, the servers that store your application's code can also store its files and databases. For more complex applications, you may want to consider designating separate application servers, file servers, and database servers. The application servers (where the web server software and application code resides) operate as the backends to the NodeBalancer. The file servers and database servers can be built on cloud-based solutions (like Managed Databases) or self-hosted software on Linodes.

For advice on load balancing and high availability, review the following resources:

Create the NodeBalancer

If you are using a Linode Cloud Firewall with this NodeBalancer, have the name of the firewall available. To see a listing of available firewalls, log in to Cloud Manager and select Firewalls from the navigation menu. If the firewall doesn't exist yet, Create a Cloud Firewall and add firewall rules.

If you are using backend Linodes in a VPC with this NodeBalancer, have the name of the VPC and subnet information available. To see a listing of available VPCs, log in to Cloud Manager and select VPC from the navigation menu. If the VPC doesn't exist yet, Create a VPC.

Once your application has been deployed on multiple Linodes, you are ready to create the NodeBalancer. Simple instructions have been provided below. For complete instructions, see the Create a NodeBalancer guide.

  1. Log in to Cloud Manager, select NodeBalancers from the left menu, and click the Create NodeBalancer button. This displays the NodeBalancers Create form.

  2. Enter a Label for the NodeBalancer, as well as any Tags that may help you organize this new NodeBalancer with other services on your account.

  3. Select a Region for this NodeBalancer. The NodeBalancer needs to be located in the same data center as your application'sLinodes.

  4. If you are using a firewall, select a firewall from the Assign Firewall list. Only one firewall can be selected, however you can attach the same Cloud Firewall to multiple NodeBalancers, Linode Interfaces or Linodes.

    You can also create a new firewall by clicking the Create Firewall button. This displays the Create Firewall drawer.

    Select the option to create a Custom Firewall or create a firewall From a Template. Templates are available for VPC and public Linode interfaces and come with some pre-configured rules.

    Configure your Firewall with the required fields:

FirewallConfigurationDescription
Custom FirewallLabelThe label is used as an identifier for this Cloud Firewall. Required.
Default Inbound PolicyThe default behavior for inbound traffic is set to Drop, which blocks all unsolicited inbound traffic unless explicitly allowed by other rules.
Default Outbound PolicyThe default behavior for outbound traffic is set to Accept, which allows all outbound traffic unless explicitly denied by other rules.

Note. Outbound firewall rules do not apply to NodeBalancers.
LinodesThe Linode(s) and it's interfaces on which to apply the firewall. A list of all Linode on your account are visible. You can skip this configuration if you do not yet wish to apply the firewall to a Linode.

For Linodes using Configuration Profile network interfaces, firewalls are assigned at the Linode level, and the same firewall rules apply to all non-VLAN interfaces in the profile.

For Linodes using Linode network interfaces, separate firewalls can be assigned to the VPC network interface and the public network interface. To assign firewalls to Linode Interfaces, see Apply firewalls.
Additional NodeBalancersThe NodeBalancer(s) on which to apply the firewall. A list of all NodeBalancers on your account are visible. You may skip this configuration if you do not yet wish to apply the firewall to a NodeBalancer. Note that outbound firewall rules do not apply to NodeBalancers.
From a TemplateLabelThe label is used as an identifier for this Cloud Firewall. Required.
Firewall TemplateCustomizable templates are available for both VPC and public Linode Interfaces. Each comes with pre-configured firewall rules to help you get started.

Note. For improved security, narrow the allowed IPv4 and IPv6 ranges in the Allow Inbound SSH Sources rule after the firewall is created, see Manage Cloud Firewall rules.

VPC Template. The rule set is a starting point for VPC Linode Interfaces. It allows SSH access, essential networking control traffic, and inbound traffic from the VPC address space.

Public Template.The rule set is a starting point for Public Linode Interfaces. It allows SSH access and essential networking control traffic.
Default Inbound PolicyThe default behavior for inbound traffic is set to Drop, which blocks all unsolicited inbound traffic unless explicitly allowed by other rules.
Default Outbound PolicyThe default behavior for outbound traffic is set to Accept, which allows all outbound traffic unless explicitly denied by other rules.

Click on the Create Firewall button to finish creating the Cloud Firewall and to return to the NodeBalancers Create form.

📘

By default, a new Cloud Firewall accepts all inbound and outbound connections. Only inbound firewall rules apply to NodeBalancers, see Cloud Firewall inbound rules for NodeBalancer. Custom rules can be added as needed in the Firewall application. See Add rules.

  1. NodeBalancers can route to VPC or non‑VPC backend nodes. If none of the backends are (or will be) in a VPC, skip this step.
    • VPC. Select the VPC that contains the backend nodes (Linodes) that this NodeBalancer will route requests to.
    • Subnet. Choose the subnet that the NodeBalancer will use to source IP addresses for routing requests to Linodes in the VPC.
    • Auto-assign IPs for this NodeBalancer. When enabled, the system automatically allocates a /30 IPv4 range from the selected subnet for this NodeBalancer’s backend nodes. This helps you reserve address space for other NodeBalancers in the same VPC. When disabled, you can manually enter the IPv4 range the NodeBalancer will use to communicate with backend nodes.
  2. Create a NodeBalancer configuration. Each configuration defines the inbound port, the protocol, the load balancing algorithm, health checks, and the backend nodes that serve traffic for the specified port. You can add additional configurations using the Add another Configuration button.

🚧

UDP configurations

Currently, you can create NodeBalancer configurations using the TCP, HTTP, or HTTPS protocols in Cloud Manager. However, configurations using UDP can only be created via the API.

You can configure UDP on the same NodeBalancer that also uses TCP, HTTP, or HTTPS, but only when managing it through the API. If UDP is configured and you make changes to the TCP, HTTP or HTTPS settings in Cloud Manager, the existing UDP configuration will be overwritten. This is because Cloud Manager doesn't currently support UDP.

📘

The following recommended parameters can be used for deploying a website. For other applications or to learn more about these settings, see the Configuration options guide.

  • Port: For load balancing a website, configure two ports: port 80 and port 443. Each of these ports can be configured separately. See Configuration options > Port.

  • Protocol: Most applications can benefit from using the TCP protocol. This option is more flexible, supports HTTP/2, and maintains encrypted connections to the backend Linodes. If you intend to manage and terminate the TLS certificate on the NodeBalancer, use HTTP for port 80 and HTTPS for port 443. See Configuration options > Protocol.

  • Algorithm: This controls how new connections are allocated across backend nodes. Selecting Round Robin can be helpful when testing (in conjunction with no session stickiness). Otherwise, Least Connections can help evenly distribute the load for production applications. See Configuration options > Algorithm.

  • Session Stickiness: This controls how subsequent requests from the same client are routed when selecting a backend node. For testing, consider selecting None. Otherwise, Table can be used for any protocol and HTTP Cookie can be used for HTTP and HTTPS. See Configuration options > Session stickiness.

  • Health Checks: NodeBalancers have both active and passive health checks available. These health checks help take unresponsive or problematic backend Linodes out of the rotation so that no connections are routed to them. These settings can be left at the default for most applications. Review Configuration options > Health Checks for additional information.

  • Backend nodes: Each Linode for your application should be added as a backend node to the NodeBalancer. Backend nodes can be VPC and non-VPC Linodes. Within the Backend Nodes area of the creation form, add each Linode you intend on using with this NodeBalancer, making sure to select the correct private IPv4 address for non-VPC backends or the IPv4 address for the VPC backend. These Linodes need to be located in the same data center as your NodeBalancer. Set a Label for each instance, select the corresponding IP address from the dropdown menu, and enter the Port that the application is using on that instance. See Backend nodes (Linodes).

    For most web applications that have the inbound ports 80 and 443 configured using the TCP protocol, you can set the backend nodes to use the same ports. If you are using the HTTPS protocol, TLS termination happens on the NodeBalancer and your Linodes should only need to listen on port 80 (unencrypted). If that's the case, backend nodes for both inbound ports can be configured to use port 80.

  1. Review the summary and click the Create NodeBalancer button to provision your new NodeBalancer.
  2. Check Backend Node Status.

    📘

    Backend node status: DOWN

    If the backend node status is DOWN, you may need to take one or more of the following actions:

    1. Install web server software. To allow the NodeBalancer to connect to the backend node on the designated port, you'll need to install a web server. SSH into the Linode and install the web server software. For example, installing NGINX will automatically set it up to listen on port 80:
    apt update && apt upgrade && apt install nginx
    1. Enable Network Helper. If you've configured a static IP address, enable Network Helper.
    2. Update configuration files. Alternatively, if Network Helper is turned off, and you are using a static IP address for the Linode, ensure that the configuration files are updated with the correct IP address, refer to the section covering how to update the configuration files.

    After completing these steps, recheck the backend node status to ensure it is operational (UP).

Update the DNS

After deploying your NodeBalancer and putting your application behind the NodeBalancer, the application can now be accessed using the NodeBalancer's public IPv4 and IPv6 addresses. Since most public-facing applications use domain names, you need to update any associated DNS records. The A record should use the NodeBalancer's IPv4 address and the AAAA record (if you're using one) should use the NodeBalancer's IPv6 address. See Manage NodeBalancers to view your NodeBalancer's IP addresses. For help changing the DNS records, consult your DNS provider's documentation. If you are using Akamai's DNS Manager, see Edit DNS Records. Keep in mind that DNS changes can take up to 24 hours to fully propagate, though that typically happens much faster.

Updated 1 day ago