API
Edge Cloud
Edge Cloud
Overview
Overview
Activate and manage you eSIMGetting online in China
Troubleshooting
Account types and permissionsPackagesQuality of Service
Billing
Quotas
Create a project
User rolesAdd a userManage accessView user actions
Cost reports
About Resource reservation
Types of Virtual MachinesCreateCustomize initial setupCheck the statusEnable root user
Connect via Customer Portal
Configure and manage SSH keysConvert an SSH key to PPK formatEstablish SSH connection to a Virtual Machine
OverviewConfigure
OverviewCreate and configure
Monitor
Take a snapshot of your file systemSet up automatic snapshots
SSH connection
About Bare Metal serversTypes of Bare Metal serversCreate a Bare Metal serverConnect to your Bare Metal server via SSH
SSH connection
About Advanced DDoS Protection for Bare MetalActivate Advanced DDoS Protection for Bare Metal
OverviewUpload
NetworkSubnetworkRouter
Floating IP addressReserved IP addressVirtual IP addressDifference between virtual, floating, and reserved IP addressesAllowed address pair
Create Load BalancerAdd TLS certificates to a Load BalancerConfigure mutual TLS authenticationManage Load BalancersLoggingAnnotations
Firewall
OverviewConfigure
OverviewBare Metal support
Create
SSH connectionkubectl
Secure cluster with OpenID Connect
OverviewChange limitsCreate and configure a poolAdvanced autoscaler settingsConfigure GPU autoscaling for Kubernetes
Add users with limited rights to a Kubernetes cluster
Monitor load on a specific node
OverviewInstall nginx ControllerUse nginx Controller
Create a PVC and bind it to a podConfigure NFS CSI driver for Kubernetes
Annotations for Load Balancers
Manage PostgreSQL serversBackup and restore
Upload a PKCS12 file
Function as a ServiceAuthenticate to functions with API keysFunction examples
Create a containerDeploy via GitHub actionsManage containers
Create a Container RegistryManage Container Registries
OverviewConfigure
FilebeatFluent BitFluentdLogstash
Prometheus exporterView logs in Grafana with OpenSearch plugin
TerraformAnsible
Set up a mailing server
API
Chosen image
Home/Edge Cloud/Networking/Load Balancers/Create Load Balancer

Create and configure a Load Balancer

A Load Balancer is a tool used to sort incoming requests across your Virtual Machines to improve your infrastructure's fault tolerance.

Step 1. Initiate Load Balancer creation

Go to your project, navigate to the "Load Balancers" in the "Networking" section and click Create Load Balancer

Initiate the process of Load Balancer creation

The new page opens. Perform the remaining steps there. 

Step 2. Set the region

Select a region for balancing.

You can balance traffic only within a single data center.

Step 3. Set computing configuration

Select a suitable computing configuration for your Load Balancer: GiB and vCPU. We create all Load Balancers in high availability mode with active-standby instances. Upon failure of the active instance, the standby one will seamlessly take over the load-balancing functions.

Select type

Step 4. Configure network

Select a network, public or private, and enable additional features:

  • Reserved IP and IPv6 dual-stack for the public network.
  • Floating IP, reserved IP and IPv6 dual-stack for the private network.
Select public or private network option

Step 5. Configure preferred connectivity

You can choose between L2 (Layer 2) and L3 (Layer 3) connectivity. This setting determines the preferred connectivity method the Load Balancer uses to connect to backend pool members. If the preferred connectivity is not feasible, traffic will automatically route via the alternative method:

L2 (preferred) → (if not possible) L3 → (if not possible) Validation Error

L3 (preferred) → (if not possible) L2 → (if not possible) Validation Error

The Load Balancer determines available routes only by evaluating subnet host routes. Due to current system limitations, it does not take router host_routes into account.

Layer 2

L2 connectivity offers better performance because traffic flows directly between the Load Balancer and pool members without passing through a router. This reduces network hops and minimizes latency.

However, this approach requires more IP addresses. In networks with many /24 subnets, each Load Balancer must create ports in every subnet where its members are located. This can lead to high IP utilization and reduced efficiency in large-scale deployments.

Select Layer 2 connectivity option

Layer 3

L3 connectivity routes traffic through a router or gateway, introducing additional network hops that may slightly impact performance.

It also optimizes IP address utilization by reducing the number of required IPs per Load Balancer. Instead of allocating a separate IP in every subnet, the Load Balancer communicates with pool members across subnets using routing mechanisms. This approach improves scalability and efficiency, especially in environments with multiple subnets.

For most cases, such as a single subnet setup, use L2 connectivity for optimal performance. If your deployment involves multiple subnets or complex networking requirements, contact support to determine the best configuration.

Step 6. Configure listeners

Add listeners that will check for connection requests using the protocol and port that you specify. You can add multiple listeners to a Load Balancer.

To configure a listener:

1. In the Listeners section, click Add listener.

Add listener

2. Enter the listener’s name.

3. Select the required protocol: TCP, UDP, HTTP, Terminated HTTPS, and Prometheus. You can configure multiple TLS certificates for Terminated HTTPS and Prometheus.

4. Specify a port that the Load Balancer will listen on for incoming traffic. You can keep a default port for some protocols or specify the needed port from 1 to 65535.

5. (Optional) To identify the origin of the user's IP address connecting to a web server via a load balancer, enable the Add headers X-Forwarded-For, X-Forwarded-Port, X-Forwarded-Proto to requests toggle.

6. If you select Terminated HTTPS and Prometheus protocols, you can configure TLS certificates. Follow instructions from our dedicated guide.

7. Set the connection limit - a maximum number of simultaneous connections that can be handled by this listener.

8. (Optional) Add allowed CIDR ranges to define which IP addresses can access your content. All IP addresses that don’t belong to the specified range will be denied access.

To ensure correct operation and avoid misconfigurations, the IP version of Allowed CIDRs must match the IP version of the Load Balancer's Virtual IPs (VIPs).

Basic Rules:

  • VIPs with both IPv4 and IPv6 support CIDRs of both versions.

    VIPs: 62.112.222.52 (IPv4), 2a03:90c0:4d6:1::2e8 (IPv6)

    Allowed CIDRs: 10.0.0.0/8, fe00::/7

step 8 cidr validation
  • VIPs with only IPv4 allow only IPv4 CIDRs
  • VIPs with only IPv6 allow only IPv6 CIDRs

If the provided CIDRs do not match the VIP's IP version, the API will return a validation error.

9. (Optional) For HTTP-based listeners, you can configure basic user authentication to protect your resource from unauthorized access. Click Add users to enable the authentication:

  • Enter username: specify a username.

  • Password: specify a password or choose the Encrypted password option to store password as a hash. Check out create an encrypted password for instructions.

A password must contain at least one lowercase character, one uppercase character, at least one number, and a special character. The maximum password length is 128 symbols.

10. Click Create Listener.

Listener configuration

Listener configuration options differ depending on the selected protocol. For example, HTTP and Terminated HTTPS protocols allow additional settings, such as enabling headers and authentication, while TCP and UDP listeners focus on specifying ports and connection limits.

Pool

Configure a pool—a list of VMs to which the listener will redirect incoming traffic. Click Add new pool in the "Listeners" block to start configuring.

Add pools

1. Specify the pool name.

2. Select the balancing algorithm:          

  • Round robin—requests are distributed across servers within a cluster one by one: the first request is sent to the first server, the second request is sent to the second server, and so on in a circle. 
  • Least Connection—new requests are sent to a server with the fewest active connections. 
  • Source IP—a client's IP address is used to determine which server receives the request.

 

3. A protocol will be automatically selected based on the listener's settings: the HTTP listener can communicate with servers via the HTTP protocol.

4. Select App Cookie and fill in the "Cookie" field. A special module creates a cookie and then uses it to forward requests to the same server.  

Pool configuration

Virtual Machine

Add Virtual Machine

Click Add Instance to add Virtual Machines that will participate in the traffic distribution for the configured listener.

1. Select Custom IP, Virtual Machine, or Bare Metal and appropriate configurations.

2. Specify its port and weight in the distribution. 

Health Сheck

Configure Health Check

1. Select the protocol for checking: TCP, Ping, HTTP and appropriate configurations. 

2. Specify сheck interval (sec)—time between sent requests.

3. Specify response time (sec)—the time to wait for a response from a server.

4. Specify unhealthy threshold—the number of failed requests after which traffic will no longer be sent to the Virtual Machine.

5. Specify healthy thresholds—the number of successful requests after which the Virtual Machine will be considered ready to receive traffic.

Timeouts

Specify client data, member connect and member data timeouts in msec.

Configure timeouts

Each terminated HTTPS listener requires a default TLS certificate. Additional SNI certificates can also be configured, allowing multiple certificates to be assigned to the same listener.

Step 7. Enter the name

Enter a name for the Load Balancer. This name will be displayed in the Gcore Customer Portal.

Enter Load Banalcer name

Step 8. (Optional) Enable Logging

The Logging service will be activated to store your logs. To learn how it works and how to configure it, refer to the article about Logging.

Configure Logging

Step 9. (Optional) Add tags

Create tags for your load balancer by entering "Key" and "Value".

Configure tags

Step 10. Finalize creation

Check the settings and click Create Load Balancer on the right.

Step 11. Configure firewall

Configure firewalls for Virtual Machines in the pool according to the separate guide.

Make sure their ports are open for the Load Balancer traffic:

  • If a Load Balancer and Virtual Machines are in a public network, set a rule to receive and transmit traffic to the balancer's IP address (specified in the menu) in firewalls settings of the VM.
  • If a Load Balancer and Virtual Machines are in a private subnetwork, set a rule to receive and transmit traffic to the entire private subnetwork or to the balancer's IP address (specified in the menu).
  • If a Load Balancer is in a public network and Virtual Machine are in a private subnetwork, set a rule to receive and transmit traffic to the entire private subnetwork or to the balancer's internal IP address (send a request to the technical support).

Was this article helpful?

Not a Gcore user yet?

Discover our offerings, including virtual instances starting from 3.7 euro/mo, bare metal servers, AI Infrastructure, load balancers, Managed Kubernetes, Function as a Service, and Centralized Logging solutions.

Go to the product page
Edit on GitHub