NodeBalancers
NodeBalancers are managed load balancers as a service (LBaaS), making load balancing accessible and easy to configure on the Linode Platform. They intelligently distribute incoming requests to multiple backend Compute Instances, so that there's no single point of failure. This enables high availability, horizontal scaling, and A/B testing on any application hosted with Linode.
High availability
In a typical single machine configuration, issues with the machine may cause the application to stop working as expected or become inaccessible. High availability solutions remove this single point of failure through combining multiple machines (redundancy), monitoring systems, and automatic failover - all of which are implemented by NodeBalancers.
Horizontal scaling
There are two main ways to scale an application to increase the performance and capacity within your applications. Vertical scaling increases or decreases the resources on the existing machines. This is achieved by resizing your Compute Instances. Horizontal scaling adds or removes machines that are identically configured to serve your application or perform a certain task. This is commonly accomplished through a load balancing solution, like NodeBalancers. Horizontal scaling can be much more flexible and lets you scale as needed without taking down your site while upgrading or downgrading.
Additional features
-
Firewall Security: Cloud Firewalls provides enhanced security by allowing you to control who can access your NodeBalancer. The optional Cloud Firewalls sits between your NodeBalancer and the internet to filter out unwanted network traffic before it reaches your NodeBalancer. When used in conjunction with NodeBalancers, a Cloud Firewalls’s inbound rules only apply to the NodeBalancer’s public IP, not the IPs of the backend nodes. This means you may also want to add individual backend nodes to a Cloud Firewalls to protect any additional exposed IP addresses.
-
Managed: NodeBalancers take the infrastructure management out of load balancing. They are designed to be maintenance free after initial configuration.
-
Sticky Sessions: NodeBalancers can route subsequent requests to the same back end, so all application sessions work correctly.
-
Health Checks: Traffic is only routed to healthy back ends. Passive health checks happen on every request. You can configure active health checks based on your application or service.
-
SSL termination: NodeBalancers can terminate SSL traffic on your behalf and expose the requester’s IP through the back end. This is done using configurable rulesets that give you the power to fine-tune admissible traffic.
-
Throttling: Prevent potential abuse (and preserve resources on your back ends) by setting a client connection throttle on the NodeBalancer.
-
Multi-Port: NodeBalancers support balancing traffic to multiple network ports. Several services can be load balanced with a single NodeBalancer.
Recommended workloads
- Enterprise applications
- High traffic and e-commerce websites
- Applications that require extreme reliability and uptime
- Applications that need to dynamically scale without any downtime
- A/B testing
Availability
NodeBalancers are available across all regions.
Pricing
Each NodeBalancer on an account starts at $10/mo ($0.015/hr). Price may vary by region.
Cloud Firewalls is available at no additional charge to customers.
Technical specifications
- Managed cloud-based load balancing service
- Dynamically routes traffic over any ports to configurable backend Compute Instances
- Highly available with built-in redundancy
- Up to 10,000 concurrent connections
- Supports TCP-based (layer 4) load balancing (UDP traffic is not supported)
- Supports HTTP and HTTPS (layer 7) load balancing through the HTTP/1.1 protocol (HTTP/2 is not yet available)
- Supports both SSL termination (using the HTTPS protocol mode) and SSL pass-through (using the TCP protocol mode)
- Equipped with both public IPv4 and IPv6 addresses
- Supports inbound Cloud Firewalls rules such as IPv4 and IPv6 access control lists (ACLs) to Accept or Drop ingress traffic.
- Fully customizable health checks to ensure traffic lands on a functioning back end
- Maximum 10 Gbps inbound network bandwidth per NodeBalancer.
- Free inbound network transfer
- Outbound network transfer usage is counted towards the account-wide monthly network transfer pool
- Provisioning and management through Cloud Manager, Linode CLI, or programmatically through the Linode API
Limits and considerations
-
Maximum number of concurrent connections: NodeBalancers each support up to 10,000 concurrent connections. If your application needs to support more than that, contact support to determine additional options or consider using multiple NodeBalancers behind a DNS load balancing solution such as Round-Robin DNS.
-
Connections per second: There are no defined rate limits for the number of connections over a given time period, though certain modes are more performant. A port configured in TCP mode allows for the most number of connections. A port configured in HTTPS mode is the most resource intensive and accommodates fewer connections.
-
IP addresses: A public IPv4 address and IPv6 address are configured on each NodeBalancer. Additional addresses are not available.
-
Private network: Communication with backend Linodes occurs over a data center's private network. As such, backend Linodes must be located within the same data center as the NodeBalancer.
-
HTTP support: HTTP/1.1 (HTTP/2 support is not yet available).
-
Network transfer: Outbound transfer usage is counted towards the account-wide monthly network transfer pool. This pool is the combined total of the network transfer allowance of each Linode on the account. Both Incoming transfer and transfer over the private network are provided at no cost.
-
TLS termination: When using a NodeBalancer with an application that requires HTTPS, you can either terminate the TLS connection on the NodeBalancer (HTTPS mode) or on the backend Linodes (TCP mode). When terminating TLS connections directly on the NodeBalancer, there are a few key considerations:
-
TLS protocols: TLS v1.2 and v1.3 are supported in HTTPS mode.
-
While operating in HTTPS mode, internal traffic sent to the backend Linodes will be unencrypted.
For applications that require a very high connection rate or otherwise need to overcome the above considerations present in HTTPS mode, consider operating in TCP mode and terminating TLS on the backend Linodes.
-
-
Cloud Firewalls support: When a Cloud Firewall is assigned to a NodeBalancer, the firewall only looks at incoming requests, this means that only inbound Cloud Firewall rules apply and outbound rules are not applicable.
A service (Linode) can be accessed from other interfaces (not just the NodeBalancer). To filter traffic from other interfaces, backend Linodes require their own firewalls.
Developer resources
- Linode API provides the ability to programmatically manage the full range of Akamai cloud computing products and services.
- Linode CLI is a wrapper around the Linode API that lets you manage your account and resources from the command line. Learn how to use the Linode CLI to create and manage NodeBalancers.
- Terraform: Terraform is an Infrastructure-as-code tool that includes management features for various types of Linode resources. Use Linode’s official Terraform Provider to Create a NodeBalancer with Terraform. To learn more about Terraform see our documentation library’s Terraform section.
- Pulumi: Pulumi is a development tool that lets you write computer programs which deploy cloud resources. With Pulumi’s Linode integration, you can manage your Linode resources in several programming languages, like JavaScript, Go, Python, and TypeScript. Pulumi manages your resources in the same way as Linode's API or CLI. See Pulumi’s documentation to get started.
Updated about 1 month ago