Planning Subnets for Dedicated Load Balancers
Scenarios
You can follow the subnet planning suggestions in this section to keep load balancers running smoothly and support future service growth.
Proper subnet planning ensures enough IP addresses for service expansion even when load balancers are using too many IP addresses.
Where Subnet IP Addresses Are Used
IP addresses in the frontend subnet will be assigned to dedicated load balancers to communicate with resources over the private network. IP addresses in backend subnets are assigned to forward requests to and perform health checks on backend servers.
Table 1 shows where subnet IP addresses are used and how many IP addresses are required in each AZ. You can plan a dedicated backend subnet for a load balancer to ensure enough IP addresses for service expansion even when load balancers are using too many IP addresses.
If you are using IPv4/IPv6 dual stack, you need twice as many IP addresses in a subnet compared to using only IPv4.
TLS listeners forward Layer 7 requests and do Layer 7 health checks.
|
Use Case |
Subnet |
AZ-Dependent or Not |
Required IP Addresses in Each AZ |
|---|---|---|---|
|
Virtual IP address of the load balancer |
Frontend subnet |
No |
1 |
|
Forwarding Layer 4 requests |
Backend subnet |
Increases linearly with the number of AZs. |
|
|
Layer 4 health checks |
Backend subnet |
Increases linearly with the number of AZs. |
1 |
|
Forwarding Layer 7 requests |
Backend subnet |
No |
20
NOTE:
Load balancers sharing the same backend subnet can reuse the IP addresses in the subnet. |
|
Layer 7 health checks |
Backend subnet |
No |
IP addresses that are used to forward Layer 7 requests are reused. |
Number of IP Addresses Required by a Load Balancer
If you are using IPv4/IPv6 dual stack, you need twice as many IP addresses in a subnet compared to using only IPv4.
If only IPv4 is used, an IPv4 address in frontend subnet is assigned to the load balancer to receive client requests. If IPv4/IPv6 dual stack is used, both an IPv4 and IPv6 address in the frontend subnet are assigned to the load balancer to receive client requests, regardless of the number of AZs.
The following table lists the number of required IP addresses in each backend subnet if only IPv4 is used.
|
AZs |
Request Forwarding Scenario |
Minimum Number of IP Addresses |
Maximum Number of IP Addresses |
|---|---|---|---|
|
One |
Layer 4 only |
1 |
5 |
|
Layer 7 only |
20 |
20 |
|
|
Both Layer 4 and Layer 7 |
21 |
25 |
|
|
Two |
Layer 4 only |
2 |
10 |
|
Layer 7 only |
20 |
20 |
|
|
Both Layer 4 and Layer 7 |
22 |
30 |
|
|
Three |
Layer 4 only |
3 |
15 |
|
Layer 7 only |
20 |
20 |
|
|
Both Layer 4 and Layer 7 |
23 |
35 |
Planning Subnets for Load Balancers
A load balancer usually needs 10 to 20 IP addresses from the backend subnet to forward requests across backend servers. If you use the service subnet with a small CIDR block as your load balancer's backend subnet, you might run out of IP addresses for future service growth.
To address this issue, you can use a subnet that is different from the service subnet as the backend subnet of a load balancer. Also, plan a large CIDR block for the backend subnet to ensure enough IP addresses for service expansion. Then, you can select this subnet as the backend subnet of all load balancers to prevent load balancers from using the service subnet as their backend subnet. Remember that plan proper subnet size based on service requirements.
If the VPC subnets are insufficient, you can add secondary CIDR blocks by referring to Adding a Secondary IPv4 CIDR Block to a VPC.
|
Subnet |
Scenario |
Function |
|---|---|---|
|
Service subnet |
Deploying services |
IP addresses are assigned to instances such as ECSs and network interfaces for running services. |
|
Frontend subnet |
IP addresses used by load balancers to receive client requests |
Assigns IP addresses to load balancers to receive client requests. Service subnets can be used as frontend subnets. |
|
Backend subnet |
|
Assigns IP addresses to load balancers to forward client requests across backend servers. Service subnets are not recommended to be used as backend subnets. |
In Figure 1, subnet Subnet-frontend in region A is used as the service subnet and load balancer's frontend subnet. You are advised to deploy backend servers in this subnet and use subnet Subnet-backend only as the load balancer's backend subnet.
Key Procedure
- Create a VPC (VPC-elb) and two subnets (Subnet-frontend and Subnet-backend), as shown in Figure 1, by referring to Creating a VPC and Subnet.
- Create a dedicated load balancer by referring to Creating a Dedicated Load Balancer.
Select VPC-elb created in Step 1 for VPC, Subnet-frontend created in Step 1 for Frontend Subnet, and Subnet-backend created in Step 1 for Backend Subnet, as shown in Figure 2.
- Add security group rules to allow traffic from the backend subnet where the load balancer works to the backend servers by referring to Configuring Security Group Rules for Backend Servers.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
