Networking - NodeBalancers
Managed cloud-based load balancing service that provides high availability and horizontal scaling to any application.
NodeBalancers are managed load balancers as a service (LBaaS), making load balancing accessible and easy to configure on the Linode Platform. They intelligently distribute incoming requests to multiple back-end Compute Instances, so that there’s no single point of failure. This enables high availability, horizontal scaling, and A/B testing on any application hosted with Linode.
High Availability
In a typical single machine configuration, issues with the machine may cause the application to stop working as expected or become inaccessible. High availability solutions remove this single point of failure through combining multiple machines (redundancy), monitoring systems, and automatic failover - all of which are implemented by NodeBalancers.
Horizontal Scaling
There are two main ways to scale an application to increase the performance and capacity within your applications. Vertical scaling increases or decreases the resources on the existing machines. This is achieved by resizing your Compute Instances. Horizontal scaling adds or removes machines that are identically configured to serve your application or perform a certain task. This is commonly accomplished through a load balancing solution, like NodeBalancers. Horizontal scaling can be much more flexible and lets you scale as needed without taking down your site while upgrading or downgrading.
Additional Features
Firewall Security: Cloud Firewall provides enhanced security by allowing you to control who can access your NodeBalancer. The optional Cloud Firewall sits between your NodeBalancer and the internet to filter out unwanted network traffic before it reaches your NodeBalancer. When used in conjunction with NodeBalancers, a Cloud Firewall’s inbound rules only apply to the NodeBalancer’s public IP, not the IPs of the back-end nodes. This means you may also want to add individual back-end nodes to a Cloud Firewall to protect any additional exposed IP addresses.
Managed: NodeBalancers take the infrastructure management out of load balancing. They are designed to be maintenance free after initial configuration.
Sticky Sessions: NodeBalancers can route subsequent requests to the same back end, so all application sessions work correctly.
Health Checks: Traffic is only routed to healthy back ends. Passive health checks happen on every request. You can configure active health checks based on your application or service.
SSL Termination: NodeBalancers can terminate SSL traffic on your behalf and expose the requester’s IP through the back end. This is done using configurable rulesets that give you the power to fine-tune admissible traffic.
Throttling: Prevent potential abuse (and preserve resources on your back ends) by setting a client connection throttle on the NodeBalancer.
Multi-Port: NodeBalancers support balancing traffic to multiple network ports. Several services can be load balanced with a single NodeBalancer.
Recommended Workloads
- Enterprise applications
- High traffic and e-commerce websites
- Applications that require extreme reliability and uptime
- Applications that need to dynamically scale without any downtime
- A/B testing
Availability
NodeBalancers are available across all regions.
Pricing
Each NodeBalancer on an account starts at $10/mo ($0.015/hr). Price may vary by region.
Cloud Firewall is available at no additional charge to customers.
Technical Specifications
- Managed cloud-based load balancing service
- Dynamically routes traffic over any ports to configurable back-end Compute Instances
- Highly available with built-in redundancy
- Up to 10,000 concurrent connections
- Supports TCP-based (layer 4) load balancing (UDP traffic is not supported)
- Supports HTTP and HTTPS (layer 7) load balancing through the HTTP/1.1 protocol (HTTP/2 is not yet available)
- Supports both SSL termination (using the HTTPS protocol mode) and SSL pass-through (using the TCP protocol mode)
- Equipped with both public IPv4 and IPv6 addresses
- Supports inbound Cloud Firewall rules such as IPv4 and IPv6 access control lists (ACLs) to Accept or Drop ingress traffic.
- Fully customizable health checks to ensure traffic lands on a functioning back end
- 40 Gbps inbound network bandwidth
- Free inbound network transfer
- Outbound network transfer usage is counted towards the account-wide monthly network transfer pool
- Provisioning and management through Cloud Manager, Linode CLI, or programmatically through the Linode API
Limits and Considerations
Maximum number of concurrent connections: NodeBalancers each support up to 10,000 concurrent connections. If your application needs to support more than that, contact support to determine additional options or consider using multiple NodeBalancers behind a DNS load balancing solution such as Round-Robin DNS.
Connections per second: There are no defined rate limits for the number of connections over a given time period, though certain modes are more performant. A port configured in TCP mode allows for the most number of connections. A port configured in HTTPS mode is the most resource intensive and accommodates fewer connections.
IP addresses: A public IPv4 address and IPv6 address are configured on each NodeBalancer. Additional addresses are not available.
Private network: Communication with back-end Linodes occurs over a data center’s private network. As such, back-end Linodes must be located within the same data center as the NodeBalancer.
HTTP support: HTTP/1.1 (HTTP/2 support is not yet available).
Network transfer: Outbound transfer usage is counted towards the account-wide monthly network transfer pool. This pool is the combined total of the network transfer allowance of each Linode on the account. Both Incoming transfer and transfer over the private network are provided at no cost.
TLS termination: When using a NodeBalancer with an application that requires HTTPS, you can either terminate the TLS connection on the NodeBalancer (HTTPS mode) or on the back-end Linodes (TCP mode). When terminating TLS connections directly on the NodeBalancer, there are a few key considerations:
- TLS protocols: TLS v1.2 and v1.3 are supported in HTTPS mode.
- While operating in HTTPS mode, internal traffic sent to the back-end Linodes will be unencrypted.
For applications that require a very high connection rate or otherwise need to overcome the above considerations present in HTTPS mode, consider operating in TCP mode and terminating TLS on the back-end Linodes.
Cloud Firewall support: When a Cloud Firewall is assigned to a NodeBalancer, the firewall only looks at incoming requests, this means that only inbound Cloud Firewall rules apply and outbound rules are not applicable.
Note A service (Linode) can be accessed from other interfaces (not just the NodeBalancer). To filter traffic from other interfaces, back-end Linodes require their own firewalls.
This page was originally published on