Listeners¶

A load balancer can have several listeners, a common setup would be to listen on both port 80/tcp and port 443/tcp when load balancing connections to a web application that runs on both http and https protocols. Each listener will forward requests to a pool, the members of the pool can be the same but they are defined on each pool as they might use different health checkers. The main option for the listener is what protocol to use. There are 5 protocols available:

• TCP, this is a standard TCP connection (basically a port proxy). Its not application aware but will rather just forward traffic.

• UDP, same as above but for UDP.

• HTTP, these are protocol aware and will be able to provide som layer 7 features relating to the http protocol.

• HTTPS, same as HTTP but encrypted.

• Terminate HTTPS, same as HTTPS but will take a HTTPS request and forward it to members as HTTP (unencrypted), thus terminating the SSL connection and negating the need to manage certificates on the members servers. In order to do this, the platform will need access to an SSL certificate via out secret store.

On the listener, you are able to configure various settings:

• Timeouts for the connection to the listener, we do however recommend to leave the default values for this.

• Layer 7 (mainly HTTP) policies enabling for instance redirects or rejections directly on the listener, negating the need to send requests to members.

• Allowed CIDR prefixes, meaning who can connect. 0.0.0.0/0 is the default and means “all networks”.

• HTTP headers, for instance x-forwarded-for.

To the listener, you would normally (unless the service is internal) connect a floating IP for accessing the service from the internet. The listener then becomes the service endpoint for your application from the users perspective.