Load Balancer Frontend and Backend Protocol Correspondence

BLB BLB

  • API Reference
    • Access control
    • API Service Domain Name
    • Appendix
    • Application BLB Interface
      • Application BLB Instance Related Interfaces
      • Application BLB Listener Related Interfaces
      • Application BLB Security Group Related Interfaces
      • Application BLB Server Group Related Interfaces
    • Application IPv6 BLB Interface
      • Application IPv6 BLB Instance Related Interfaces
      • Application IPv6 BLB Listener Related Interfaces
      • Application IPv6 BLB Security Group Related Interfaces
      • Application IPv6 BLB Server Group Related Interfaces
    • BLB Order Related Interfaces
      • BLB - Resize
      • BLB Charge Shift - Cancel Prepay to Postpay
      • BLB Charge Shift - Postpay to Prepay
      • BLB Charge Shift - Prepay to Postpay
      • BLB Inquiry
      • BLB Unsubscribe Interface
    • Document Update Records
    • Error code
    • Interface Specifications
    • Introduction
    • Load Balancer Dedicated Cluster LBDC Interface
      • LBDC Instance Related Interfaces
    • Service Publishing Point Interface
      • Service Publishing Point Related Interfaces
    • Standard BLB Interface
      • Standard BLB Instance Related Interfaces
      • Standard BLB Listener Related Interfaces
      • Standard BLB Real Server Related Interfaces
      • Standard BLB Security Group Related Interfaces
    • Standard IPv6 BLB Interface
      • Standard IPv6 BLB Related Interfaces
  • FAQs
    • Billing Problems
    • Common Questions Overview
    • Configuration-related questions
    • Fault-related questions
    • General Problems
    • Load Balancer Dedicated Cluster Related Issues
    • Performance-related questions
    • Security Problems
  • Function Release Records
  • Operation guide
    • Access control
    • Access Logs
    • Application BLB instance
    • Application IPv6 Instance
    • BLB metric description
    • Certification
    • Custom configuration
    • Extended domain name
    • General-purpose BLB instance
      • Creating BLB Ordinary Instance
      • Managing BLB Ordinary Instance
    • General-purpose IPv6 BLB instance
    • Identity and access management
    • IP Group Usage Guide
    • Load Balance Dedicated Cluster
    • Load Balancer Frontend and Backend Protocol Correspondence
    • Recording Access Logs Using VPC Flow Logs
    • Service Release Point
    • Tag Management
  • Product Description
    • Application scenarios
    • Basic Architecture
    • Basic concepts
    • Performance Specification Description
    • Product advantages
    • Product features
    • Product Introduction
    • Usage restrictions
  • Product pricing
    • Load Balancer Dedicated Cluster Billing
    • Load Balancer Instance Billing
  • Quick Start
  • SDK
    • GO-SDK
      • Application BLB Instance
      • Initialization
      • Install
      • IPv6 BLB Instance
      • Load Balance Dedicated Cluster (LBDC)
      • Ordinary BLB Instance
      • Overview
      • Service Release Point
      • Version Change Records
    • Java-SDK
      • Application BLB instance
      • General-purpose BLB instance
      • Initialization
      • Install the SDK Package
      • IPv6 BLB Instance
      • Load Balance Dedicated Cluster (LBDC)
      • Overview
      • Service Release Point
      • Version Update Description
    • PHP-SDK
      • Initialization
      • Install
      • Ordinary BLB Instance
      • Overview
    • Python-SDK
      • Application BLB Instance
      • Initialization
      • Install
      • IPv6 BLB Instance
      • Load Balance Dedicated Cluster (LBDC)
      • Ordinary BLB Instance
      • Overview
      • Service Release Point
      • Version Update Description
  • Service Level Agreement (SLA)
    • Description of Baidu AI Cloud Load Balancer Trusted Cloud certification service availability
    • LBDC Service Level Agreement SLA
    • BLB Service Level Agreement (V2.0)
  • Typical Practices
    • BLB Selection Guide
    • Health Check Exception Troubleshooting
    • Implementing BLB Association with Listeners, Real Servers, Security Groups, etc. via Terraform
    • Implementing Multi-Site Hosting via Application BLB
    • Load Balancer Security Protection Strategy
    • Managing BLB via Terraform
    • Obtaining Client Information via Application BLB Instance
    • Using IP Group Function to Mount Real Servers Across VPCs in Different Regions
    • Using IP Group Function to Mount Real Servers Across VPCs in the Same Region
All documents
menu
No results found, please re-enter

BLB BLB

  • API Reference
    • Access control
    • API Service Domain Name
    • Appendix
    • Application BLB Interface
      • Application BLB Instance Related Interfaces
      • Application BLB Listener Related Interfaces
      • Application BLB Security Group Related Interfaces
      • Application BLB Server Group Related Interfaces
    • Application IPv6 BLB Interface
      • Application IPv6 BLB Instance Related Interfaces
      • Application IPv6 BLB Listener Related Interfaces
      • Application IPv6 BLB Security Group Related Interfaces
      • Application IPv6 BLB Server Group Related Interfaces
    • BLB Order Related Interfaces
      • BLB - Resize
      • BLB Charge Shift - Cancel Prepay to Postpay
      • BLB Charge Shift - Postpay to Prepay
      • BLB Charge Shift - Prepay to Postpay
      • BLB Inquiry
      • BLB Unsubscribe Interface
    • Document Update Records
    • Error code
    • Interface Specifications
    • Introduction
    • Load Balancer Dedicated Cluster LBDC Interface
      • LBDC Instance Related Interfaces
    • Service Publishing Point Interface
      • Service Publishing Point Related Interfaces
    • Standard BLB Interface
      • Standard BLB Instance Related Interfaces
      • Standard BLB Listener Related Interfaces
      • Standard BLB Real Server Related Interfaces
      • Standard BLB Security Group Related Interfaces
    • Standard IPv6 BLB Interface
      • Standard IPv6 BLB Related Interfaces
  • FAQs
    • Billing Problems
    • Common Questions Overview
    • Configuration-related questions
    • Fault-related questions
    • General Problems
    • Load Balancer Dedicated Cluster Related Issues
    • Performance-related questions
    • Security Problems
  • Function Release Records
  • Operation guide
    • Access control
    • Access Logs
    • Application BLB instance
    • Application IPv6 Instance
    • BLB metric description
    • Certification
    • Custom configuration
    • Extended domain name
    • General-purpose BLB instance
      • Creating BLB Ordinary Instance
      • Managing BLB Ordinary Instance
    • General-purpose IPv6 BLB instance
    • Identity and access management
    • IP Group Usage Guide
    • Load Balance Dedicated Cluster
    • Load Balancer Frontend and Backend Protocol Correspondence
    • Recording Access Logs Using VPC Flow Logs
    • Service Release Point
    • Tag Management
  • Product Description
    • Application scenarios
    • Basic Architecture
    • Basic concepts
    • Performance Specification Description
    • Product advantages
    • Product features
    • Product Introduction
    • Usage restrictions
  • Product pricing
    • Load Balancer Dedicated Cluster Billing
    • Load Balancer Instance Billing
  • Quick Start
  • SDK
    • GO-SDK
      • Application BLB Instance
      • Initialization
      • Install
      • IPv6 BLB Instance
      • Load Balance Dedicated Cluster (LBDC)
      • Ordinary BLB Instance
      • Overview
      • Service Release Point
      • Version Change Records
    • Java-SDK
      • Application BLB instance
      • General-purpose BLB instance
      • Initialization
      • Install the SDK Package
      • IPv6 BLB Instance
      • Load Balance Dedicated Cluster (LBDC)
      • Overview
      • Service Release Point
      • Version Update Description
    • PHP-SDK
      • Initialization
      • Install
      • Ordinary BLB Instance
      • Overview
    • Python-SDK
      • Application BLB Instance
      • Initialization
      • Install
      • IPv6 BLB Instance
      • Load Balance Dedicated Cluster (LBDC)
      • Ordinary BLB Instance
      • Overview
      • Service Release Point
      • Version Update Description
  • Service Level Agreement (SLA)
    • Description of Baidu AI Cloud Load Balancer Trusted Cloud certification service availability
    • LBDC Service Level Agreement SLA
    • BLB Service Level Agreement (V2.0)
  • Typical Practices
    • BLB Selection Guide
    • Health Check Exception Troubleshooting
    • Implementing BLB Association with Listeners, Real Servers, Security Groups, etc. via Terraform
    • Implementing Multi-Site Hosting via Application BLB
    • Load Balancer Security Protection Strategy
    • Managing BLB via Terraform
    • Obtaining Client Information via Application BLB Instance
    • Using IP Group Function to Mount Real Servers Across VPCs in Different Regions
    • Using IP Group Function to Mount Real Servers Across VPCs in the Same Region
  • Document center
  • arrow
  • BLBBLB
  • arrow
  • Operation guide
  • arrow
  • Load Balancer Frontend and Backend Protocol Correspondence
Table of contents on this page
  • TCP (Transmission Control Protocol):
  • UDP (User Datagram Protocol):
  • HTTP (Hypertext Transfer Protocol):
  • HTTPS (Hypertext Transfer Protocol Secure):
  • ICMP(Internet Control Message Protocol):
  • Note:
  • Common HTTPS handshake process
  • 1.ClientHello:
  • 2.ServerHello:
  • 3. Certification:
  • 4. Negotiate encrypted key:
  • 5. Handshake completion:
  • 6. Data transmission:
  • HTTPS service optional pairing instructions
  • 1. HTTPS listener paired with HTTP backend protocol
  • 2. TCP listener paired with TCP backend protocol
  • 3. HTTPS listener paired with HTTPS backend protocol
  • 4. SSL listener paired with TCP backend protocol

Load Balancer Frontend and Backend Protocol Correspondence

Updated at:2025-10-16

Network protocol description

A network protocol is a set of rules governing communication and data exchange in computer networks. Below is a concise overview of network protocols relevant to load balancers:

TCP (Transmission Control Protocol):

TCP is a connection-oriented, reliable protocol used for data transmission over networks. It provides functions such as packet sequencing, retransmission mechanism, flow control and congestion control to ensure reliable data transmission. TCP establishes a connection via a three-way handshake, then performs data transmission, and finally terminates the connection with a four-way handshake.

UDP (User Datagram Protocol):

UDP is a connectionless, unreliable protocol suitable for applications requiring fast transmission but do not require reliability guarantees. UDP is simple and efficient, suitable for real-time applications like audio and video streaming, as it does not require establishing connections or maintaining status.

HTTP (Hypertext Transfer Protocol):

HTTP is an application-layer protocol for transmitting hypertext data, commonly used for data transfer between web browsers and web servers. HTTP is stateless, and each request-response period is independent and does not retain session status HTTP communication is in plaintext and lacks encryption, making transmitted data vulnerable to eavesdropping and tampering.

HTTPS (Hypertext Transfer Protocol Secure):

HTTPS is a secure transmission protocol with encryption mechanism based on HTTP, which encrypts data via SSL/TLS protocol. HTTPS verifies the server identity through digital certificates and encrypts the transmitted data, providing higher security to prevent data eavesdropping and tampering. HTTPS is typically used for websites with high security requirements, such as banking, e-commerce, etc., to protect the security of user data.

ICMP(Internet Control Message Protocol):

ICMP is a protocol used to send control messages and error reports over IP networks, operating at the network layer. ICMP is used for communication between network devices, providing functions such as diagnosing network issues, reporting errors and performing network probing. ICMP is commonly used for network operations such as Ping tests, Traceroute tools, and router notifications.

Note:

  • HTTP and HTTPS protocols are both built on the TCP protocol, as they rely on TCP for reliable data transmission and connection management.
  • As a transport layer protocol, TCP provides reliable data transmission for HTTP and HTTPS, ensuring data integrity and order.
  • HTTPS builds upon HTTP with encryption mechanisms, safeguarding transmitted data by using connections provided by the TCP protocol.
  • When UDP protocol initiates an access, it doesn’t inherently include a "connection" concept. However, the load balancer maintains session information for the UDP access port. UDP session timeout is commonly referred to in the industry as the "connection timeout duration" for UDP.

Description of front-back correspondence

When using the load balancer product, the protocols that need to be paid attention to include:

  • Front reception protocol: It refers to the protocol used by the client when the load balancer forwards client requests.
  • Real server protocol: It refers to the protocol used by the real server to provide services.
  • Health check protocol: It refers to the protocol used when the load balancer initiates health checks to the real server.

For different listener and real server protocols, the following combinations exist:

Listener protocol Compatible real server protocols Compatible health check protocols
TCP TCP TCP
SSL TCP TCP
UDP UDP UDP ICMP
HTTP HTTP HTTP (effective only for HTTP real servers) TCP
HTTPS HTTP HTTPS TCP HTTP (effective for HTTP, HTTPS real servers only) HTTPS (effective for HTTPS real servers only)

HTTPS access instructions

Common HTTPS handshake process

1.ClientHello:

The client sends a ClientHello message to the server, which includes supported encryption algorithms, protocol versions, and other necessary information.

2.ServerHello:

After receiving the ClientHello message, the server selects an encryption algorithm and protocol version, then responds with a ServerHello message containing the server certificate and additional relevant data.

3. Certification:

The client verifies the server's certificate upon receipt, checking details such as whether it is signed by a trusted certificate authority and whether it has expired.

4. Negotiate encrypted key:

If the certificate verification passes, the client creates a random symmetric key, encrypts it using the server's public key, and sends it to the server for encrypting and decrypting subsequent data transmission.

5. Handshake completion:

Once the server receives the encrypted key, it uses its private key to decrypt it and retrieves the symmetric key generated by the client. From this point, both client and server use this key for encrypting and decrypting communications.

6. Data transmission:

After the handshake is successfully completed, a secure connection is established between the client and server. All data transmission is encrypted through this secure channel to ensure confidentiality and data integrity.

HTTPS service optional pairing instructions

1. HTTPS listener paired with HTTP backend protocol

The HTTPS listener in the load balancer handles encrypted key negotiations. During the Client -> Load Balancer Instance -> Real Server process, the first segment uses the certificate configured on the load balancer instance for encrypted communication, while the second segment involves the load balancer acting as a requester using the HTTP protocol without encryption.

2. TCP listener paired with TCP backend protocol

In this configuration, when a user initiates HTTPS access, the load balancer instance performs only NAT and forwarding operations on TCP packets without altering the TCP Payload section. The user directly establishes encrypted communication with the real server.

3. HTTPS listener paired with HTTPS backend protocol

The load balancer's HTTPS listener offloads the task of encrypted key negotiation to the load balancer instance. In the process of Client -> Load Balancer Instance -> Real Server, the first segment uses the certificate configured on the load balancer instance for encryption negotiation, while in the second segment, the load balancer instance acts as the client and performs another encryption negotiation with the real server using its certificate.

4. SSL listener paired with TCP backend protocol

In this configuration, when a user initiates HTTPS access, the load balancer instance manages the SSL connection encryption negotiation. In the process of Client -> Load Balancer Instance -> Real Server, the first segment uses the certificate configured on the load balancer instance for SSL encryption negotiation, while the second segment uses the HTTP protocol without encryption, with the load balancer instance acting as the client.

Previous
Load Balance Dedicated Cluster
Next
Recording Access Logs Using VPC Flow Logs