Create an Internal Load Balancer

Task 1. Configure HTTP and health check firewall rules

Configure firewall rules to allow HTTP traffic to the backends and TCP traffic from the Google Cloud health checker.

• Explore the my-internal-app network

  • The network my-internal-app with subnet-a and subnet-b along with firewall rules for RDP, SSH, and ICMP traffic have been configured for you.

    1. In the console, navigate to Navigation menu > VPC network > VPC networks.

    2. Scroll down and notice the my-internal-app network with its subnets: subnet-a and subnet-b.

• Create the HTTP firewall rule

  Create a firewall rule to allow HTTP traffic to the backends from the Load Balancer and the internet (to install Apache on the backends).

  1. Click + Create Firewall Rule.

     

  2. Set the following values, leave all other values at their defaults:

     | Property | Value (type value or select option as specified) | | --- | --- | | Name | app-allow-http | | Network | my-internal-app | | Targets | Specified target tags | | Target tags | lb-backend | | Source filter | IPv4 Ranges | | Source IPv4 ranges | 10.10.0.0/16 | | Protocols and ports | Specified protocols and ports, and then check tcp, type: 80 |

     

     

     

  3. Click Create.

• Create the health check firewall rules

  Health checks determine which instances of a Load Balancer can receive new connections.

  1. In the Firewall rules page, click + Create Firewall Rule.

  2. Set the following values, leave all other values at their defaults:

     | Property | Value (type value or select option as specified) | | --- | --- | | Name | app-allow-health-check | | Network | my-internal-app | | Targets | Specified target tags | | Target tags | lb-backend | | Source filter | IPv4 Ranges | | Source IPv4 ranges | 130.211.0.0/22 and 35.191.0.0/16 | | Protocols and ports | Specified protocols and ports, and then check tcp |

     

     

  3. Click Create.

---

Task 2. Configure instance templates and create instance groups

• Configure the instance templates

  1. In the Console, navigate to Navigation menu > Compute Engine > Instance templates.

     

  2. Click Create instance template.

     

  3. For Name, type instance-template-1.

  4. For Location, Select Global.

  5. For Series, select E2.

     

  6. For Machine type, select Shared-core > e2-micro.

  7. Click Advanced options.

  8. Click Networking.

     

  9. For Network tags, specify lb-backend.

  10. For Network interfaces, click the dropdown icon to edit.

  11. Set Network, Subnetwork and External IPv4 Address.

  12. Click Done.

  13. Click Management.

  14. Under Metadata, click Add item and specify:

      Key 1: startup-script-url

      Value 1: gs://cloud-training/gcpnet/ilb/startup.sh

  15. Click Create.

• Configure the next instance template

  1. In Instance templates, check the box next to instance-template-1, then click Copy. Make sure to update the name as instance-template-2.

  2. Click Advanced options.

  3. Click the Networking tab.

  4. For Network interfaces, click the dropdown icon to edit.

  5. Select subnet-b as the Subnetwork.

  6. Click Done and then click Create.

• Create the managed instance groups

  1. In Compute Engine, in the left pane click Instance groups, and then click Create Instance group.

     

  2. Set the following values, leave all other values at their defaults:

     | Property | Value (type value or select option as specified) | | --- | --- | | Name | instance-group-1 | | Instance template | instance-template-1 | | Location | Single-zone | | Region | us-central1 | | Zone | us-central1-a | | Autoscaling > Minimum number of instances | 1 | | Autoscaling > Maximum number of instances | 5 | | Autoscaling > Autoscaling signals (click the dropdown icon to edit) > Signal type | CPU utilization | | Target CPU utilization | 80 | | Initialization period | 45 |

     

     

     

     

  3. Click Create.
     Repeat the same procedure for instance-group-2 in the different zone of same region as subnet-a:

  4. Click Create Instance group.

  5. Set the following values, leave all other values at their defaults:

     | Property | Value (type value or select option as specified) | | --- | --- | | Name | instance-group-2 | | Instance template | instance-template-2 | | Location | Single-zone | | Region | us-central1 | | Zone | Zone (Use the different zone in same region as subnet-a) | | Autoscaling > Minimum number of instances | 1 | | Autoscaling > Maximum number of instances | 5 | | Autoscaling > Autoscaling signals (click the dropdown icon to edit) > Signal type | CPU utilization | | Target CPU utilization | 80 | | Initialization period | 45 |

     

     

     

     

  6. Click Create.

Verify the backends

1. In Compute Engine, click VM instances.

2. Click Create instance.

   

3. Set the following values, leave all other values at their defaults:

   | Property | Value (type value or select option as specified) | | --- | --- | | Name | utility-vm | | Region | us-central1 | | Zone | us-central1-a | | Series | E2 | | Machine type | Shared-core > e2-micro (1 shared vCPU) |

   

4. Click Advanced options.

5. Click Networking.

6. For Network interfaces, click the dropdown icon to edit.

7. Set the following values, leave all other values at their defaults:

   | Property | Value (type value or select option as specified) | | --- | --- | | Network | my-internal-app | | Subnetwork | subnet-a | | Primary internal IPv4 address | Ephemeral (Custom) | | Custom ephemeral IP address | 10.10.20.50 |

   

8. Click Done and then click Create.

9. For utility-vm, click SSH to launch a terminal and connect.

   

10. To verify the welcome page for instance-group-1-xxxx, run the following command:

    curl 10.10.20.2
    

    

11. To verify the welcome page for instance-group-2-xxxx, run the following command:

    curl 10.10.30.2
    

    

12. Close the SSH terminal to utility-vm:

    exit
    

---

Task 3. Configure the Internal Load Balancer

• Start the configuration

  1. Search the Load balancing page. Click Create load balancer.

     

  2. For Type of load balancer, select Network Load Balancer (TCP/UDP/SSL).

     

  3. For Proxy or passthrough, select Passthrough load balancer.

     

  4. For Public facing or internal, select Internal.

     

  5. Click CONFIGURE.

     

  6. For Name, type my-ilb.

     

  7. For Region, select REGION.

  8. For Network, select my-internal-app.

• Configure the regional backend service

  1. Click on Backend configuration.

  2. Set Instance group as instance-group-1.

     

  3. Click Add a backend.

  4. For Instance group, select instance-group-2.

     

  5. For Health Check, select Create a health check.

     

  6. Add Name, Protocol and Port.

  7. Click Save.

• Configure the frontend

  1. Click on Frontend configuration.

  2. Add Subnetwork and Internal IP.

  3. Specify Name, Static IP address and Custom IP address.

     

  4. Click Reserve.

  5. In Port number, type 80.

     

  6. Click Done.

• Review and create the Internal Load Balancer

1. Click on Review and finalize.

   

2. Review the Backend and Frontend.

3. Click on Create.

---

Task 4. Test the Internal Load Balancer

Verify that the my-ilb IP address forwards traffic to instance-group-1 and instance-group-2.

• Access the Internal Load Balancer

  1. In the Cloud Console, navigate to Navigation menu > Compute Engine > VM instances.

  2. For utility-vm, click SSH to launch a terminal and connect.

     

  3. To verify that the Internal Load Balancer forwards traffic, run the following command:

      curl 10.10.30.5
     

     

     Note: As expected, traffic is forwarded from the Internal Load Balancer (10.10.30.5) to the backend.

  4. Run the same command a couple more times.

In the output, you should be able to see responses from instance-group-1 in us-central1-a and instance-group-2 in the different zone of same region.