百度智能云

All Product Document

          Load Balance

          Create BLB Common Instance

          Purchase Common Instance

          1. Log in to the Baidu AI Cloud Platform, select "Product Services" > "Baidu Load Balance (BLB)" > "Common Instance" to enter the "Instance List Page".
          2. Click "Create BLB" to enter the interface for creating instances.

            Note:

            Before creating a BLB instance, you should first create a BCC example; otherwise, you cannot create a BLB instance.

            In order to facilitate clients to manage BLB instances such as service addresses and backend servers in batches, the "Instance List" page supports downloading resource lists. The downloaded resource files are in CSV format, the encoding format is UTF-8, and the file naming specification is Product Name_Region_Date_List.CSV". The downloaded instance is consistent with the filter criteria of the current instance list, and the content contains all fields of the EIP instance.

            image.png

          3. Select configuration information.

            image.png

            • Basic information: You can select the region and set the instance name. the network where we are connecting is the private network (VPC) to which the cloud resources currently created such as BLB and corresponding BCC belong.

            Note:

            • BLB and its bound backend server BCC need to be established under the same private network VPC. The system provides a default private network. If you need to customize a VPC, please see Create Private Network (VPC).
            • You need to specify a subnet when creating a BLB instance.
            • Configure public network access: You can select to "Enable" or "Disable" public network access according to the actual situation

              • If "OFF" is selected, disable. The public IP address will not be bound when the BLB instance is created. You can bind the public IP address as required after you purchase the service successfully.
              • If "ON" is selected, enable. It indicates that the public network IP is purchased and bound when the BLB instance is created.
            • Purchase information: Select the purchase quantity and whether the configuration is released automatically.

            Note: When creating a BLB instance, the user can directly perform the BLB instance Auto Release Setting to automatically release the BLB instance at a set time.

            (Optional. The system will automatically skip this step if public network access is disabled) Configure EIP instance information. For how to configure an EIP instance, please see Create EIP Instance.

          4. Confirm the configuration information and complete the order confirmation and payment according to the prompt of the system. The user will receive a text message prompt if the creation is successful.

          Configure Listener

          Configure TCP Listener

          Configuring TCP listening contains two parts: "Configuration Information" and "Health Check Settings".

          If the health check is enabled, BLB will automatically block unhealthy backend servers.

          1. Select "Product Services > Baidu Load Balance (BLB) > General Instance", and the general instance list is displayed.
          2. Click the ID link in the "Load Balance ID/Name" column to enter the instance details page.
          3. Click "Listener Settings > Add listener Settings" on the left navigation bar to perform basic settings and health check settings for the listener. Select "TCP" for the BLB protocol.
          4. Set the configuration information.

            Item Description
            BLB protocol [Port] Specify the protocol and port that the BLB listener listens on. The port input range is an integer from 1 to 65,535.The default is "80".
            Backend protocol [Port] Specify the protocol and port on which the backend server provides services. The BLB service forwards the request to the target service. The port on which the target service listens. The port input range is an integer from 1 to 65,535.The default is "80".
            Forwarding rules Weighted round-robin: Requests are sent to the backend server in turn according to the weight of the backend server, which is often used for short connection services such as HTTP service. For how to configure weights, please see the chapter "Configure Backend Servers".
            Least connection: Requests are sent to backend servers with the Least connection first. It is often used for long-connection services such as database connection services. With this algorithm, server weights do not take effect.
            Source IP: The requested source IP is hashed and distributed to a matching server. This can ensure that requests for the same client IP are always sent to a certain server. The source IP algorithm provides a keep session mechanism for TCP listeners. With this algorithm, server weights do not take effect.
          5. Set up a health check.

            image.png

            Item Description
            Health Check Agreement Specify the type of protocol used when checking the health of the backend server.
            Response timeout If no response is received from the backend server within the specified time, the backend server response is considered to have timed out.
            Health check interval Interval for checking backend servers.
            Unhealthy threshold If the number of consecutive health check failures of the backend server exceeds the threshold, the server is considered unhealthy.
            Healthy threshold For an unhealthy server, if the number of consecutive health check successes exceeds the threshold, the server is considered healthy.
          6. After completing the above configuration, click the "Confirm" button to finish adding the TCP listener.

          Configure HTTP Listener

          Configuring HTTP listening contains two parts: "configuration information" and "health check settings".

          If the health check is enabled, BLB will automatically block unhealthy backend servers.

          1. Select "Product Services" > "Baidu Load Balance (BLB)" to enter the BLB list.
          2. Click the ID link in the "Load Balance ID/Name" column to enter the instance details page.
          3. Click "Listener Settings > Add listener Settings" on the left navigation bar to perform basic settings and health check settings for the listener. Select "HTTP" for the BLB protocol.
          4. Set the configuration information.

            image.png

            Item Description
            BLB protocol [Port] Specify the protocol and port that the BLB listener listens on. The port input range is an integer from 1 to 65,535.The default is "80".
            Backend protocol [Port] Specify the protocol and port on which the backend server provides services. The BLB service forwards the request to the target service. The port on which the target service listens. The port input range is an integer from 1 to 65,535.The default is "80".
            Forwarding rules Weighted round-robin: Requests are sent to the backend server in turn according to the weight of the backend server, which is often used for short connection services such as HTTP service. For how to configure weights, please see the chapter "Configure Backend Servers".
            Least connection: Requests are sent to backend servers with the Least connection first. It is often used for long-connection services such as database connection services. With this algorithm, server weights do not take effect.
            keep session The TCP listener can maintain the session through the source IP forwarding rules; the 7-layer listener (HTTP and HTTPS) maintains the session by inserting/modifying cookies. You can select "On" or "Off".
            Append HTTP header Attach a header field to the HTTP request to obtain the client's real IP or listening protocol information when the backend server processes the message.
            Get real IP: If this feature is enabled, the user's IP address can be recorded in the X-Forwarded-For header field;
            Get the monitoring protocol: If this feature is enabled, the monitoring protocol can be recorded in the X-Forwarded-Proto header field.
            Enable HTTPS redirect Redirects this listener's HTTP request to this BLB's HTTPS listener. Please make sure the HTTPS listener on the corresponding port is working properly. You can select "On" or "Off". Off by default.
            HTTP requests allow non-ASCII characters When this option is enabled, if the HTTP request contains non-ASCII characters, BLB will pass it and forward it to the backend server for processing. Enabling this option may bring security risks. It is recommended to keep it off for non-special use scenarios. Off by default.
            Timeout period The timeout period for waiting for the response from the backend server; if the backend server takes a long time to process the request, you can increase the value appropriately. It is 30 seconds by default.
          5. Set up a health check.

            image.png

            Item Description
            Health Check Agreement Specify the type of protocol used when checking the health of the backend server. You can select "HTTP" or "TCP"
            Check port Specify the port on which the backend server provides services. The field is valid only for HTTP health checks.
            Check path URI for health check page files. It is recommended to check static pages.
            Length is limited to from1 to 80 characters. Only letters, numbers, -, /, ., %, ?, # and & can be used. The field is valid only for HTTP health checks.
            Response timeout If no response is received from the backend server within the specified time, the backend server response is considered to have timed out.
            Health check interval Interval for checking backend servers.
            Unhealthy threshold If the number of consecutive health check failures of the backend server exceeds the threshold, the server is considered unhealthy.
            Healthy threshold For an unhealthy server, if the number of consecutive health check successes exceeds the threshold, the server is considered healthy.
            Normal code status Normal HTTP status code for health check. You can select "http_2xx", "http_3xx", "http_4xx" and "http_5xx". The field is only valid for HTTP health check

          6.After completing the above configuration, click the "Confirm" button to finish adding the HTTP listener.

          Configure HTTPS Listener

          To ensure information security, users can configure the protocol of the BLB listener to HTTPS. BLB decrypts the user's HTTPS request and then sends it to the backend server; the packet returned after the backend server processes the request is first sent to BLB, encrypted by BLB, and then returned to the user side. The whole process is shown in the following figure:

          blb_https01.png

          Pre-task

          Before configuring the HTTPS listener, you should first apply for a certificate and upload the certificate to the certificate management module. For details, please see Certificate Management.

          Operation Steps

          Configuring HTTP listening contains two parts: "configuration information" and "health check settings".

          If the health check is enabled, BLB will automatically block unhealthy backend servers.

          1. Select "Product Services" > "Baidu Load Balance (BLB)" to enter the BLB list.
          2. Click the ID link in the "Load Balance ID/Name" column to enter the instance details page.
          3. Click "Listener Settings > Add listener Settings" on the left navigation bar to perform basic settings and health check settings for the listener. Select "HTTPS" for the BLB protocol.
          4. Set the configuration information.

            image.png

            Item Description
            BLB protocol [Port] Specify the protocol and port that the BLB listener listens on. The port input range is an integer from 1 to 65,535.The default is " 403".
            Backend protocol [Port] Specify the protocol and port on which the backend server provides services. The BLB service forwards the request to the target service. The port on which the target service listens. The port input range is an integer from 1 to 65,535.The default is "80".
            Forwarding rules Weighted round-robin: Requests are sent to the backend server in turn according to the weight of the backend server, which is often used for short connection services such as HTTP service. For how to configure weights, please see the chapter "Configure Backend Servers".
            Least connection: Requests are sent to backend servers with the Least connection first. It is often used for long-connection services such as database connection services. With this algorithm, server weights do not take effect.
            Certificate Before configuring the HTTPS listener, you should first apply for a certificate and upload the certificate to the certificate management module. For specific operations, please see Certificate Management.
            Encryption options You can select "IE-compatible encryption method" or "Disable insecure encryption method".
            You can configure the SSL encryption protocol and algorithm through "Encryption Options". The system enables IE-compatible encryption by default; if you disable the encryption method with hidden security risks, it may not be compatible with earlier versions of clients.
            keep session The TCP listener can maintain the session through the source IP forwarding rules; the 7-layer listener (HTTP and HTTPS) maintains the session by inserting/modifying cookies. You can select "On" or "Off". Off by default.
            Append HTTP header Attach a header field to the HTTP request to obtain the client's real IP or listening protocol information when the backend server processes the message.
            Get real IP: If this feature is enabled, the user's IP address can be recorded in the X-Forwarded-For header field;
            Get the monitoring protocol: If this feature is enabled, the monitoring protocol can be recorded in the X-Forwarded-Proto header field.
            HTTP requests allow non-ASCII characters When this option is enabled, if the HTTP request contains non-ASCII characters, BLB will pass it and forward it to the backend server for processing. Enabling this option may bring security risks. It is recommended to keep it off for non-special use scenarios. Off by default.
            Timeout period The timeout period for waiting for the response from the backend server; if the backend server takes a long time to process the request, you can increase the value appropriately. It is 30 seconds by default.
          5. Set up a health check.

            image.png

            Item Description
            Health Check Agreement Specify the type of protocol used when checking the health of the backend server. You can select "HTTP" or "TCP"
            Check port Specify the port on which the backend server provides services. The field is valid only for HTTP health checks.
            Check path URI for health check page files. It is recommended to check static pages.
            Length is limited to from1 to 80 characters. Only letters, numbers, -, /, ., %, ?, # and & can be used. The field is valid only for HTTP health checks.
            Response timeout If no response is received from the backend server within the specified time, the backend server response is considered to have timed out.
            Health check interval Interval for checking backend servers.
            Unhealthy threshold If the number of consecutive health check failures of the backend server exceeds the threshold, the server is considered unhealthy.
            Healthy threshold For an unhealthy server, if the number of consecutive health check successes exceeds the threshold, the server is considered healthy.
            Normal code status Normal HTTP status code for health check. You can select "http_2xx", "http_3xx", "http_4xx" and "http_5xx". The field is only valid for HTTP health check
          6. After completing the above configuration, click the "Confirm" button to finish adding the HTTPs listener.

          Replace Certificate

          For users who have added HTTPS listeners, you can complete certificate replacement in the following way:

          1. Create a certificate. For how to create a certificate, please see Certificate Management
          2. Select "Product Services" > "Baidu Load Balance (BLB)" to enter the BLB list.
          3. Click the ID link in the "Load Balance ID/Name" column to enter the instance details page.
          4. Click "Listening Settings", find the HTTPS listener that has been configured, and click "Edit Configure WAF" to enter the configuration page.

            image.png

          5. Click the "Certificate" drop-down menu, find the certificate created in Step 1 from the certificate list, and click "OK" to finish its replacement.

          Configure UDP Listener

          Scenario Introduction

          Common application scenarios for UDP traffic are: DNS services, the Internet of Things, and some scenarios where data transmission reliability is not highly required.

          Introduction to UDP Health Check

          UDP Health Check Principle

          BLB sends UDP packets to the backend server to implement the health check. The backend server can receive and return the BLB health check packet if it is running normally. BLB is considered healthy if it receives the UDP packet returned by the backend server. The user needs to specify what the UDP packet carries, namely, the check string.

          For example: The user can send a UDP packet with the content of "resolving the DNS request of www.abc.com" to the backend server (assuming the backend server is a DNS server). At this time, the backend server will return a UDP packet containing the DNS resolution result.

          Check String

          The check string is the payload content of the UDP packet used for health check. For convenience of expression, the payload of a UDP packet can be expressed in hexadecimal uniformly because it is binary. If the payload contains ASCII characters, ASCII characters can also be used to replace the corresponding content.

          There are two ways to configure the check string:

          Method 1: If you can adjust the application on the backend server, you can set the check string to a simple string similar to "hello" and then adjust your application to respond to UDP packets that carry "hello". The response content can be filled in arbitrarily. As long as the BLB receives the response packet, it is considered healthy.

          Method 2: If it is not convenient to adjust the application on the backend server, for example, the general-purpose DNS resolution service is running on the backend server, you can configure a normal service request for health check.

          Get the payload corresponding to a normal request: You can use the tcpdump command to capture the UDP packets received by this machine on the backend server or the UDP packets sent by this machine on the client machine.

          Example: Assuming that the backend server needs to provide DNS analysis services, we capture packets on the backend server:

          tcpdump -i any udp and dst host $(hostname) and dst port 53 -X

          The command will capture all UDP packets sent to this machine through Port 53.

          The first 28 bytes in the request are the IP header + UDP header, which needs to be skipped. Starting from the 29th byte (5063), it is the payload of the UDP packet. So the check string can be set to: \50\63\01\00\00\01\00\00\00\00\00\00\03\77\77\77\05\62\61\69\64\75\03\63\6f\6d\00\00\01\00\01; In order to facilitate the setting of the check string, a DNS resolution request "\00\01\01\00\00\01\00\00\00\00\00\00\05baidu\03com\00\00\01\00\01" is prefilled in for baidu.com.

          Note: "\" in the string represents a hexadecimal byte. For example, "\77" stands for the following byte: 01110111 (16-bit binary representation), can also be replaced by the corresponding ASCII code "w".

          Operation Steps

          Configuring UDP listeners contains two parts: "configuration information" and "health check settings".

          If the health check is enabled, BLB will automatically block unhealthy backend servers.

          1. Select "Product Services" > "Baidu Load Balance (BLB)" to enter the BLB list.
          2. Click the ID link in the "Load Balance ID/Name" column to enter the instance details page.
          3. Click "Listener Settings" > "Add listener Settings" to perform basic settings and health check settings for the listener. Select "UDP" for the BLB protocol.
          4. Set the configuration information.

            image.png

            Item Description
            BLB protocol [Port] Specify the protocol and port that the BLB listener listens on. The port input range is an integer from 1 to 65,535.The default is " 53".
            Backend protocol [Port] Specify the protocol and port on which the backend server provides services. The BLB service forwards the request to the target service. The port on which the target service listens. The port input range is an integer from 1 to 65,535.The default is " 53".
            Forwarding rules Weighted round-robin: The requests are sent to the backend server in turn based on the weight of the backend server. For how to configure weights, please see the chapter "Configure Backend Servers".
            Least connection: Prioritize requests to backend servers with the least connection. With this algorithm, server weights do not take effect.
            Source IP: The requested source IP is hashed and the request is dispatched to a matching server. This can ensure that requests for the same client IP are always dispatched to a specific server. The source IP algorithm provides a keep session mechanism for the UDP listener. With this algorithm, server weights do not take effect.
          5. Set up a health check.

            image.png

            Item Description
            Health Check Agreement Specify the type of protocol used when checking the health of the backend server.
            Check string BLB implements health checks by sending UDP packets with user-specified strings to backend servers.
            You need to configure the application to complete the response. For the case where the backend server is a DNS server,
            you can configure a DNS resolution request as a health check packet. The default value is a DNS resolution request for baidu.com
            (00\01\01\00\01\00\00\00\00\00\00\05baidu\03com\00\00\01\00\01).
            Response timeout If no response is received from the backend server within the specified time, the backend server response is considered to have timed out.
            The input range is an integer from 1 to 60. It is recommended to set it to 3 seconds.
            Health check interval Interval for checking backend servers. The input range is an integer from 1 to 10.It is recommended to set it to 3 seconds.
            Unhealthy threshold If the number of consecutive health check failures of the backend server exceeds the threshold, the server is considered unhealthy.
            Healthy threshold For an unhealthy server, if the number of consecutive health check successes exceeds the threshold, the server is considered healthy.
          6. After completing the above configuration, click the "Confirm" button to finish adding the UDP listener.

          Edit Listening Settings

          On the "Monitoring Settings" tab, click < Edit> to jump to the editing interface. After editing, click < OK>.

          image.png

          Release Listening Settings

          1. On the "Listener Settings" tab, select the monitoring settings you want to release and click the < Release> button.

            image.png)

          2. On the pop-up interface, click < OK> to complete the release.

          Configure Backend Server

          Add Backend Server

          1. Select "Product Services" > "Baidu Load Balance (BLB)" to enter the BLB list.
          2. Click the ID link in the "Load Balance ID/Name" column to enter the instance details page.
          3. Click "Back-end Server" > "Add back-end Server" to enter the list of backend servers. The backend server list displays information such as the BCC instance name and status in the private network VPC where the BLB is currently located.
          4. Configure backend server weights. Weights are used to set different request forwarding ratios for different backend server instances. For example, if there are two backend server instances with different configurations, for the higher-configuration instance, you can select to set a higher weight to receive more external access requests.

            • The weight value is a relative value. If it is set to the same value, the forwarding ratio is the same.
            • Support setting a weight value ranging from 0 to 100. The higher the weight is, the more requests are received; if the weight is set to "0", no new requests will be received.
            • Non-zero weights have no effect on forwarding rules other than Weighted round-robin.

            image.png

          5. Select one or more backend server instances to be added, and click "Confirm" to add them to the Load Balance service.

          Set Up Backend Server Security Group

          Currently, the inbound rule of the BCC default security group is to allow all traffic. If you need to configure security group rules in more detail, please see the following instructions.

          BLB interacts with BCC through a specific intranet network segment to complete a health check. So when you configure a BCC security group, you need to pay attention to releasing these intranet IP segments for the inbound rules of the security group.

          As the 4-layer listener (eg.TCP protocol) enables the real IP feature by default (the source IP of the data packet is the client IP), the inbound rules of the user BCC security group also need to release the client IP address; as the real IP feature of the 7-layer listener ( eg. HTTP protocol) is implemented through the X-Forwarded-For header, the backend BCC security group of the 7-layer listener does not need to release the client IP address.

          The inbound rules of the BCC security group need to configure the source IP as follows:

          Beijing, Guangzhou

          Listener type Public network BLB Intranet BLB
          The 4-layer listener (e.g. TCP protocol) -Allow public client IP segment where the client is located
          - Allow 100.64.0.0/10 (health check)
          -Allow the 10.0.0.0/8 network segment (the IP address of the intranet BCC packet will be converted to the IP address of the 10.0.0.0/8 network segment, so it appears to the backend server of the BLB that the client request is from the 10.0.0.0/8 network segment)
          -Allow 100.64.0.0/10 network segments (health check)
          The 7-layer listener (e.g. HTTP protocol) Allow 100.79.0.0/16 network segments Allow 100.79.0.0/16 network segments

          The ports opened by the security group should include at least the BLB backend service port and the health check port.

          Example

          The BLB type is public network BLB. The network segment where the client is located is 7.0.0.0/8.The backend service port is 80. The configuration of the listener is shown in the following figure:

          According to the above scenario, the configuration of the BCC security group is shown in the following figure. For the specific configuration of the security group, please see Management Security Group.

          Edit Backend Server

          1. Click the "Edit" button on the "Backend Server" tab to enter the list of backend server instances.
          2. The user can re-select the backend server and configure its weight value. For the specific configuration method, please see Add Backend Server.

          Remove Backend Server

          1. Select the backend server instances to remove on the "Backend Servers" tab.
          2. Click < Bulk Removal > to remove.

          View of Monitoring Data

          View Through Console

          Click the "Instance Monitoring" tab on the details page of BLB, you can see the various chart data of monitoring: It contains instance monitoring information and port monitoring information.

          The system gives the monitoring information within the last hour by default. If you need to see more content, you can click the drop-down menu to switch the time range, as shown in the figure below:

          image.png

          Instance monitoring information represents the monitoring information of the EIP instance bound to the BLB instance, including:

          • Traffic from extranet: Inbound traffic (traffic from the user to the site) in unit: bytes/minute.
          • Traffic flowing to extranet: Outbound traffic (traffic from the site to the user) in unit: bytes/minute.
          • Export bandwidth: EIP instance instantaneous bandwidth in unit: bits/second.

          image.png

          For the 4-layer listener, the port monitoring information includes:

          • Number of instances

            • Total number of instances: Number of backend servers added.
            • Number of healthy instances: Number of backend servers with normal healthy check.
            • Number of abnormal instances: Number of backend servers with abnormal health check.
          • Network traffic

            • Network incoming traffic: The user traffic received by the listener, unit: bytes/minute.
            • Network outgoing traffic: The traffic sent by the listener to the user, unit: bytes/minute.
          • Network packet

            • Input data packets: Number of user packets received by the listener, unit: pcs/minute.
            • Output data packets: Number of packets sent by the listener to the user, unit: pcs/minute.
          • Number of active connections: Number of currently active TCP connections.

          For the 7-layer listener, in addition to the above, the port monitoring information also includes:

          • Number of requests: Number of HTTP requests received by the listener, in unit: pcs/minute.

          You can view detailed monitoring information by clicking the icon at the top right of the chart, as shown in the figure below:

          image.png

          The system generates a monitoring data every minute. Users can obtain statistics of different dimensions by adjusting "Statistics" and "Sampling Period". For example, if the "Sampling Period" is set to 1 hour, there will be 60 monitoring data in each sampling period; then if the "Statistics" is set to an average value, the mean of 60 monitoring data will be displayed to the user in each sampling period.

          The sampling period includes: 1 minute, 5 minutes, 20 minutes, 1 hour, 6 hours, 12 hours, and 1 day.

          Statistical items include:

          • Average value: The average of all sampling points during the sampling period.
          • Sum value: The sum of the values of all sampling points in the sampling period.
          • Maximum value: The maximum value among all sampling points in the sampling period.
          • Minimum value: The minimum value among all sampling points in the sampling period.
          • Number of samples : The number of samples in the sampling period.

          View via API

          For detailed interface, please see Cloud Monitoring BCM Query Data Interface

          Among them, to obtain the request parameters "scope", "metricName" and "dimensions" monitored by BLB, please see the following table:

          scope metricName dimensions
          BCE_BLB UnhealthyCount
          TotalCount
          HealthyCount
          RequestCount
          NetworkInBytes
          NetworkOutBytes
          ActiveConnCount
          NetworkInPkgCount
          NetworkOutPkgCount
          BlbId + BlbPort are concatenated by ".". For example: BlbId=lb-dd45e123, BlbPort=80
          The instance is then: lb-dd45e123.80

          Manage Alarms

          On the "Instance Monitoring" tab, click < Alarm Details> button to enter the alarm management page to manage the alarm policies of the port. For detailed operation steps, please see BCM Management Alarm.

          image.png

          Previous
          Identity Verification
          Next
          Manage BLB Common Instance