Load Distribution Condition Settings
Set the traffic conditions for load distribution when creating a load balancer or for an existing load balancer.
To set the traffic conditions for load distribution, use a "listener" to determine how the traffic that has reached the front-end port communicates with the back-end port.
Creating/Modifying a Listener
When creating a load balancer, configure the following settings to create a listener. You can also specify the name of an existing load balancer to create a new listener or modify an existing one.
It is possible to specify the SSL certificate used for HTTPs communication and SSL communication in a listener.
To use an SSL certificate, you must use the Key Management Function or the Registering Server Certificates Used by Load Balancers to register the certificate in advance.
For the private key, register the key decrypted using a passphrase.
Item | Description | Required |
---|---|---|
Protocol |
Specify the front-end and back-end communication protocols. Tip:
Only the following combinations can be specified:
*1: The HTTP keep-alive time is one second. *2: For information about supported SSL protocols and SSL cipher suites, refer to Appendix "Predefined Security Policies". |
Yes |
Front-end Port No. | Specify the front-end port number (1 - 65535). | Yes |
Back-end Port No. | Specify the TCP port number (1 - 65535) for the virtual server at the distribution destination. | Yes |
SSL Certificate ID |
Specify the ID of the server certificate registered using the key management function. Important: Only one server certificate can be specified for each listener. If you set a different server certificate than the one that has been specified for a given port, the certificate that was set most recently is enabled.
Tip: For the method for registering the server certificate of the load balancer with the key management function, refer to Registering Server Certificates Used by Load Balancers.
|
Managing Listener Policies
You can register, modify, and delete the policies that are applied to a listener. You can create a maximum of 100 policies per load balancer. The following types of policies can be applied:
-
Session persistence policy
If this policy is specified, cookie information that identifies the virtual server that is targeted for load distribution is embedded in the response packet. When this cookie information is sent in a request from the client, the load balancer distributes the load to the virtual server to which the first access was allocated.
Note:- This policy can be applied only if an HTTP/HTTPS listener is specified.
- You can specify a single policy per load balancer.
Specify the following settings to register the session persistence policy:
Table 2. List of Settings for the Session Persistence Policy Item Description Required Load Balancer Name Specify the name of the load balancer to set for the session persistence policy. Yes Policy Name Specify a name for the session persistence policy to be created.
Note: The name must be unique in the load balancer.Yes Session Persistence Period Specify the maximum amount of time in seconds (1 - 2,147,483,647) for a session for session persistence using cookies. -
Sorry page redirect policy
Set the redirect information to be used if there is no virtual server that is available for load distribution.
Note: This policy can be applied only if an HTTP/HTTPS listener is specified.Specify the following settings to register the sorry page redirect policy:
Table 3. List of Settings for the Sorry Page Redirect Policy Item Description Required Load Balancer Name Specify the name of the load balancer for which to set the redirect policy. Yes Redirect Policy Name Specify a name for the policy to be created.
Note: The name must be unique in the load balancer.Yes Redirect Destination URI Specify the URI for the redirect destination.
Tip: This is set as the Location information for redirect responses.Yes -
Security policy
This policy specifies the SSL protocol that is applied when HTTPS or SSL is specified as a protocol in the Listener Settings.
Note: You can specify a single policy per load balancer.Specify the following settings to register or to modify a security policy:
Table 4. List of Security Policy Settings Item Description Required Load Balancer Name Specify the name of the load balancer for which to configure the security policy. Yes Enable SSL Protocol (list of attributes related to policy name) Enable (true) or disable (false) SSL separately for each protocol. The SSL protocols that can be configured are as follows:
- SSL 3.0 (default setting: disabled)
- TLS 1.0 (default setting: disabled)
- TLS 1.1 (default setting: enabled)
- TLS 1.2 (default setting: enabled)
Tip:- Specify whether to enable (true) or disable (false) SSL for each SSL cipher suite. For information about the SSL cipher suites that can be specified for each SSL protocol, refer to Appendix Predefined Security Policies.
- The DH private key length used when performing TLS communication is 1024 bit.
Yes Policy Name Specify the name of the security policy to create.
Note: The name must be unique in the load balancer.Yes Policy Type Specify the following policy type:
-
SSLNegotiationPolicyType
A policy related to the SSL encryption protocol. This policy can be set to listeners where the protocol that is set to "Protocol" begins with HTTPS or SSL.
Yes