Get started
Yandex Application Load Balancer

Creating backend group

Written by

To create a backend group:

  1. In the management console, select the folder to create your backend group in.

  2. In the list of services, select Application Load Balancer.

  3. On the left-hand panel, select Backend groups.

  4. Click Create backend group.

  5. Enter the backend group name: test-backend-group.

  6. Select the backend group type:

    • HTTP: For HTTP or HTTPS traffic.
    • gRPC: For HTTP or HTTPS traffic with a gRPC call.
    • Stream: For unencrypted TCP traffic or TCP traffic with TLS encryption support.

  7. (optional) Enable session affinity. HTTP and gRPC backend groups support the following session affinity modes:

    • By IP address.
    • By HTTP header.
    • By cookie.

    For a Stream backend group, sessions are assigned to the client IP address.

    Note

    Currently, session affinity only works if a single backend is active (has a positive weight) in a group of backends, includes one or more target groups, and the MAGLEV_HASH load balancing mode is selected for it.

  8. Under Backends, click Add. Specify the backend settings:

    • Name of the backend.
    • Weight: The relative weight of the backend when distributing traffic. If the option is disabled in the field, the backend endpoints won't receive any traffic (the weight will be equal to 0).
    • Type of the backend (for an HTTP backend group): Target group ( Application Load Balancer target groups) or Bucket (Object Storage bucket). For a gRPC or Stream backend group, the type of any backend is Target group. For more information about backend types, see Backend types.

    The settings described below are only applicable to backends of the Target group type.

    • Under Load balancing settings:

      • Balancing mode: Mode for distributing traffic across backend endpoints.
      • Panic mode threshold: Percentage of healthy endpoints for enabling panic mode: the load balancer will distribute requests across all endpoints, regardless of health check results.
      • Locality aware routing: Percentage of incoming traffic that a load balancer node routes to the backends from its availability zone. The rest traffic is evenly distributed between other availability zones. For more information, see Locality aware routing.
      • Strict locality: If this option is enabled, the load balancer will respond with an error (503 Service Unavailable) if no application backends are running in the availability zone that accepted the request.

    • Under Protocol settings:

      • For an HTTP backend group:

        • HTTP/2: Option to use HTTP/2 when routing requests to the backend of an HTTP backend group. By default, the protocol version is 1.1. Backend groups of the gRPC type only support HTTP/2 connections.

        • Protocol: Backend connection protocol: HTTP (without encryption) or HTTPS (with TLS encryption). For HTTPS, specify:

          • SNI. Host domain name for Server Name Indication, an extension to the TLS protocol.
          • Trusted CA certificate. Specify a certificate from the certificate authority that the load balancer will trust when establishing a secure connection with backend endpoints. X.509 certificates in PEM format are supported.

      • For a gRPC backend group:

        • Protocol: The backend connection protocol: Open or Encrypted. For the encrypted protocol, set the SNI and Trusted CA certificate (see above).

      • For a Stream backend group:

        • PROXY protocol: If this option is enabled, the load balancer will pass metadata about its connection with the client, including the IP address, to the backend over PROXY protocol from HAProxy.

        • Protocol: The backend connection protocol: Open or Encrypted. For the encrypted protocol, set the SNI and Trusted CA certificate (see above).

    • Under HTTP health check, gRPC health check, or Stream health check:

      • Timeout: Response waiting time.

      • Interval: Interval for sending check requests.

      • Healthy threshold: The number of consecutive successful checks at which the endpoint is considered healthy. Ignored when the load balancer has just started: one health check is enough.

      • Unhealthy threshold: The number of consecutive failed checks at which the endpoint is considered unhealthy. Ignored if the backend has responded with the 503 Service Unavailable HTTP status code once: it's considered unhealthy immediately.

      • Port.

      • Type: The protocol to use for health checks: HTTP, gRPC, or Stream. The check type may be the same as the backend group type. Also specify:

        • For the HTTP type:

          • Path: Path in the URI of a request to the endpoint.
          • Authority: The value of the Host header for HTTP/1.1 or the :authority pseudo-header for HTTP/2 to be passed to the backend endpoints during health checks.
          • HTTP/2: The option to use HTTP v.2.

        • For the gRPC type:

          • Service name: The name of the gRPC service to check. If no service is specified, the backend's general health is checked.

        • For the Stream type:

          • Send: Data to be sent to the endpoint for a health check.
          • Receive: Data to be received from the endpoint for it to pass the health check.

      For more information, see Health checks.

      To add a health check, click Add health check at the bottom of the backend section and specify the check settings.

      To remove a health check, click next to the HTTP health check, gRPC health check, or Stream health check title and select Delete.

  9. Click Create.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

Note

You can create a gRPC backend group in the management console or using Terraform.

  1. View a description of the CLI command to create a backend group:

    yc alb backend-group create --help

  2. Create a backend group by running the command:

    yc alb backend-group create <backend group name>

    Result:

    id: a5dg2cv4ngne8575fb1p
name: test-backend-group
folder_id: aoerb349v3h4bupphtaf
created_at: "2021-02-11T20:46:21.688940670Z"

  3. Add a backend and health check to the group. All backends within the group must have the same type: HTTP or Stream.

    HTTP backend

    Run this command:

    yc alb backend-group add-http-backend \
  --backend-group-name <name of the backend group> \
  --name <name of the backend to be added> \
  --weight <backend weight> \
  --port <backend port> \
  --target-group-id=<target group ID> \
  --panic-threshold 90 \
  --http-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15, \
timeout=10s,interval=2s,host=your-host.com,path=/ping

    Where:

    • --panic-threshold: The threshold for panic mode.
    • --http-healthcheck: Parameters for checking the resource status:
      • port: The port.
      • healthy-threshold: The healthy threshold.
      • unhealthy-threshold: The unhealthy threshold.
      • timeout: The timeout.
      • interval: The interval.
      • host: The host address.
      • path: The path.

    Result:

    id: a5dqkr2mk3rr799f1npa
name: test-backend-group
folder_id: aoe197919j8elpeg1lkp
http:
  backends:
  - name: backend1
    backend_weight: "1"
    load_balancing_config:
      panic_threshold: "90"
    port: "80"
    target_groups:
      target_group_ids:
      - a5d2iap3nue9s3anblu6
    healthchecks:
    - timeout: 10s
      interval: 2s
      healthy_threshold: "10"
      unhealthy_threshold: "15"
      healthcheck_port: "80"
      http:
        host: your-host.com
        path: /ping
created_at: "2021-02-11T20:46:21.688940670Z"
    Stream backend

    Run this command:

    yc alb backend-group add-stream-backend \
  --backend-group-name <name of the backend group> \
  --name <name of the backend to be added> \
  --weight <backend weight> \
  --port <backend port> \
  --target-group-id=<target group ID> \
  --panic-threshold 90 \
  --http-healthcheck port=80,healthy-threshold=10,unhealthy-threshold=15,\
timeout=10s,interval=2s,host=your-host.com,path=/ping

    Where:

    • --panic-threshold: The threshold for panic mode.
    • --http-healthcheck: Parameters for checking the resource status:
      • port: The port.
      • healthy-threshold: The healthy threshold.
      • unhealthy-threshold: The unhealthy threshold.
      • timeout: The timeout.
      • interval: The interval.
      • host: The host address.
      • path: The path.

    Result:

    id: ds77tero4f5h46l4e2gl
name: test-backend-group
folder_id: b1gu6g9ielh690at5bm7
stream:
  backends:
  - name: stream-backend
backend_weight: "1"
    port: "80"
    target_groups:
      target_group_ids:
      - ds7eof3r2cte9u069p97
    healthchecks:
    - timeout: 10s
      interval: 2s
      healthy_threshold: "10"
      unhealthy_threshold: "15"
      healthcheck_port: "80"
      http:
        host: your-host.com
        path: /ping
created_at: "2022-04-06T09:17:57.104324513Z"

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it by configuration files. They store the infrastructure description in HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Mozilla Public License.

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

For more information about the Terraform, see our documentation.

  1. In the Terraform configuration file, describe the parameters of the resource to create:

    resource "yandex_alb_backend_group" "test-backend-group" {
  name                     = "<backend_group_name>"
  session_affinity {
    connection {
      source_ip = <true_or_false>
    }
  }

  http_backend {
    name                   = "<backend_name>"
    weight                 = 1
    port                   = 80
    target_group_ids       = ["<target_group_ID>"]
    load_balancing_config {
      panic_threshold      = 90
    }    
    healthcheck {
      timeout              = "10s"
      interval             = "2s"
      healthy_threshold    = 10
      unhealthy_threshold  = 15
      http_healthcheck {
        path               = "/"
      }
    }
  }
}

    Where:

    • yandex_alb_backend_group specifies the backend group parameters:

    • name: Backend group name.

    • session_affinity: Settings for session affinity (an optional parameter).

      Note

      Currently, session affinity only works if a single backend is active (has a positive weight) in a group of backends, includes one or more target groups, and the MAGLEV_HASH load balancing mode is selected for it.

      • connection: Session affinity mode based on the IP address (source_ip). The cookie and header modes are also available. Only one of the modes should be specified. If the backend group has the Stream type (includes the stream_backend resources), you can only use the connection mode for session affinity.

    • http_backend, grpc_backend, and stream_backend: Backend type. All backends within the group must have the same type: HTTP, gRPC, or Stream.

    Backend parameters:

    • name: Backend name.
    • port: Backend port.
    • weight: Backend weight.
    • target_group_ids: Target group ID. To get a list of available target groups, run the following CLI command: yc alb target-group list.
    • load_balancing_config: Load balancing settings:
      • panic_threshold: Threshold for panic mode.
    • healthcheck: Health check parameters:
      • timeout: The timeout.
      • interval: The interval.
      • healthy_threshold: The healthy threshold.
      • unhealthy_threshold: The unhealthy threshold.
      • http_healthcheck: Parameters for HTTP health checks:
        • path: The path.

    For more information about the yandex_alb_backend_group resource parameters, see the Terraform provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    Terraform will create all the required resources. You can check that the resources are there using the management console or the CLI command below:

    yc alb backend-group list

Use the create REST API method for the BackendGroup resource or the BackendGroupService/Create gRPC API call.