Load Balancers
Xelon HQ load balancers distribute incoming traffic across multiple virtual machines to improve availability, performance, and fault tolerance. Configure forwarding rules with Layer 4 (TCP/UDP) or Layer 7 (HTTP/HTTPS) balancing, health checks, and SSL/TLS termination.
Load Balancers are managed from the Load Balancer sub-tab within the Networking page. Navigate to Virtual Datacenter > Networking and click the Load Balancer tab.
Creating a Load Balancer
Navigate to Virtual Datacenter > Networking, then click the Load Balancer tab. Click Create Load Balancer. Provide the following:
| Field | Description |
|---|---|
| Load Balancer Name | A descriptive name (lowercase letters, numbers, and hyphens only). |
| Layer 7 Load Balancer | Check this box to create a Layer 7 (HTTP/HTTPS) load balancer instead of Layer 4. |
| Tenant / Cloud | Select the tenant and cloud location. |
| Type | Server load balancer or Kubernetes load balancer. |
| Network / IP | Select the internal network and configure IP addressing. |
| Apply to... | Select the backend devices or cluster to apply forwarding rules to. |
Forwarding Rules
Forwarding rules define how the load balancer routes traffic from a frontend port to backend devices. Each rule specifies the protocol, ports, and balancing method.
Adding a Forwarding Rule (Layer 4)
Click Add Rule and configure:
| Parameter | Description |
|---|---|
| IP | Select one or more backend devices from the connected devices list. |
| Original Protocol | The incoming protocol. Select from predefined services or create a custom entry. |
| Original Port | The port the load balancer listens on for incoming traffic. |
| Translated Protocol | The protocol used to forward traffic to the backend. |
| Translated Port | The port on the backend devices that receives forwarded traffic. |
| SSL certificate | Auto-generate an SSL certificate or upload a custom one. |
Adding a Forwarding Rule (Layer 7)
For Layer 7 load balancers, rules are URL-based. Click Add Rule and configure:
| Parameter | Description |
|---|---|
| URL | The URL pattern to match (e.g., https://example.com:8080/api/). |
| Destination nodes IP and Ports | Backend node IP addresses with ports (e.g., 10.0.0.30:8). |
| Maintenance Mode | Enable to display a maintenance placeholder page. |
| SSL Generate | Auto-generate an SSL certificate or upload a custom one. |
Editing and Deleting Rules
Use the edit and delete icons next to each forwarding rule to modify or remove it. Changes take effect immediately.
Layer 4 vs. Layer 7 Balancing
| Feature | Layer 4 (TCP/UDP) | Layer 7 (HTTP/HTTPS) |
|---|---|---|
| Protocol Awareness | Transport layer only. No inspection of payload. | Application layer. Can inspect HTTP headers, paths, and cookies. |
| Routing | Based on IP and port. | Based on URL path, host header, or HTTP method. |
| Performance | Lower latency, higher throughput. | Slightly higher latency due to content inspection. |
| SSL Termination | Not supported (pass-through only). | Supported. Offload SSL/TLS processing from backends. |
| Use Case | Database connections, TCP services, raw throughput. | Web applications, API gateways, HTTPS services. |
Attaching and Detaching Devices
Backend devices (virtual machines) receive traffic from the load balancer. During load balancer creation, you select devices in the Apply to... dropdown. On the load balancer details page, the Connected Devices panel shows all attached devices and allows you to manage the backend pool.
Attach at least two backend devices per forwarding rule to ensure traffic can be served if one device becomes unavailable.
Health Checks
The load balancer automatically monitors backend devices to verify they are available to receive traffic. Health checks are managed by the platform infrastructure and do not require manual configuration in the UI.
SSL/TLS Termination
Both Layer 4 and Layer 7 forwarding rules support SSL/TLS termination at the load balancer. This offloads encryption processing from your backend servers.
When editing a forwarding rule, enable the SSL Generate toggle to auto-generate a certificate, or click Custom to upload your own SSL certificate. You can also enable Use https on backend to forward encrypted traffic to the backend devices.
Ensure your SSL certificates are renewed before they expire. Expired certificates will cause connection errors for your users.
Deleting a Load Balancer
Navigate to the load balancer details page and click Destroy. All forwarding rules and backend associations are removed. Traffic will no longer be distributed to the backend devices.
Deleting a load balancer immediately stops all traffic distribution. Ensure DNS records or upstream services are updated before deleting.