Create a rule for TCP or UDP traffic

Create a rule for TCP or UDP traffic

Control panel

1. In control panel from the top menu, press Products and select Cloud servers.

2. Go to the section Balancers → tab Balancers.

3. Open the balancer page.

4. Click Create a rule.

5. Select the protocol for receiving traffic — TCP or UDP.

6. For the selected protocol, the default port on which the balancer will listen to traffic will be automatically selected — change it if necessary.

7. Optional: Enter the allowed CIDRs from which the balancer will accept traffic with the selected protocol and port. You can enter a subnet in CIDR format or a single IP address with a mask /32. If you leave the field blank, the balancer will accept traffic from any IP addresses. You can specify the allowed IP addresses in the rule after the rule has been created.

   If the field is absent, the balancer network is turned off traffic filtering (port security).

8. Select a target group or create a new target group suitably protocol.

9. Optional: change connection settings To do this, open the block Advanced rule settings and specify:

   • for incoming requests to the balancer — specify the connection timeout and maximum connections;
   • for requests from the balancer to servers — specify the connection timeout, inactivity timeout and TCP packet waiting timeout.

10. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a rule for the balancer:

   openstack loadbalancer listener create \
     --name <listener_name> \
     --protocol <protocol> \
     --protocol-port <port> \
     [--allowed-cidr <allowed_cidr>] \
     <loadbalancer>

   Specify:

   • <listener_name> — NAME OF RULE;
   • <protocol> — protocol name, TCP or UDP;
   • <port> — port number;
   • optional: --allowed-cidr <allowed_cidr> — The IP address from which traffic is allowed to be received, where <allowed_cidr> — subnet in CIDR format or single IP address with mask /32. If you want to specify several addresses, specify each address in a separate parameter --allowed-cidr. In order for the restriction to work, the balancer network must have the following enabled traffic filtering (port security). You can specify the allowed IP addresses in the rule after the balancer has been created;
   • <loadbalancer> — ID or name of the load balancer. You can view the list using the command openstack loadbalancer list.

3. Create a task force:

   openstack loadbalancer pool create \
     --name <pool_name> \
     --lb-algorithm <algorithm> \
     --listener <listener_name> \
     --protocol <protocol>

   Specify:

   • <pool_name> — the name of the target group;
   • <algorithm> — algorithm name: ROUND_ROBIN or LEAST_CONNECTIONS;
   • <listener_name> — NAME OF RULE;
   • <protocol> — protocol name.

4. Add the server to the target group:

   openstack loadbalancer member create \
     --subnet-id <subnet_uuid> \
     --address <server_ip_address> \
     --protocol-port <port> \
     <pool_name>

   Specify:

   • <subnet_uuid> — The ID of the private or public subnet of the server can be viewed with the command openstack subnet list;
   • <server_ip_address> — The IP address of the server from the specified subnet.