Create a rule for TCP or UDP traffic

Create a rule for TCP or UDP traffic

Control panel

1. In the dashboard, on the top menu, click Products and select Cloud Servers.

2. Go to Balancers → Balancers tab.

3. Open the balancer page.

4. Click Create Rule.

5. Select the protocol for receiving traffic — TCP or UDP.

6. For the selected protocol, the default port on which the balancer will listen to traffic will be automatically selected — change it if necessary.

7. Optional: Enter the allowed CIDRs from which the balancer will accept traffic with the selected protocol and port. You can enter a subnet in CIDR format or a single IP address with a /32 mask. If you leave the field blank, the balancer will accept traffic from any IP addresses. You can specify the allowed IP addresses in the rule after the rule is created.

   If this field is absent, port security is disabled on the balancer's network.

8. Select a target group or create a new target group with a suitable protocol.

9. Optional: change the connection settings, to do this, open the Advanced Rule Settings block and specify:

   • for incoming requests to the balancer — specify the connection timeout and maximum connections;
   • for requests from the balancer to servers — specify the connection timeout, inactivity timeout and TCP packet waiting timeout.

10. Click Create.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create a rule for the balancer:

   openstack loadbalancer listener create \
     --name <listener_name> \
     --protocol <protocol> \
     --protocol-port <port> \
     [--allowed-cidr <allowed_cidr>] \
     <loadbalancer>

   Specify:

   • <listener_name> — rule name;
   • <protocol> — protocol name, TCP or UDP;
   • <port> — port number;
   • optional: --allowed-cidr <allowed_cidr> — IP address from which it is allowed to receive traffic, where <allowed_cidr> — subnet in CIDR format or single IP address with mask /32. If you need to specify multiple addresses, specify each address in a separate --allowed-cidr parameter . For the restriction to work, port security must be enabled on the balancer network . You can specify the allowed IP addresses in the rule after the balancer is created;
   • <loadbalancer> — The ID or name of the load balancer. The list can be viewed with the command openstack loadbalancer list.

3. Create a task force:

   openstack loadbalancer pool create \
     --name <pool_name> \
     --lb-algorithm <algorithm> \
     --listener <listener_name> \
     --protocol <protocol>

   Specify:

   • <pool_name> — the name of the target group;
   • <algorithm> — algorithm name: ROUND_ROBIN or LEAST_CONNECTIONS;
   • <listener_name> — rule name;
   • <protocol> — protocol name.

4. Add the server to the target group:

   openstack loadbalancer member create \
     --subnet-id <subnet_uuid> \
     --address <server_ip_address> \
     --protocol-port <port> \
     <pool_name>

   Specify:

   • <subnet_uuid> — The ID of the private or public subnet of the server can be viewed with the command openstack subnet list;
   • <server_ip_address> — The IP address of the server from the specified subnet.