平安云|Ping An Cloud- Building Your Smart Future

Create a TCP Listener for an External/Internal ELB Instance

This article describes how to create an external/internal ELB TCP listener. Prerequisites You have successfully created an external/internal ELB instance. Procedures 1. Log in to the <a href="https://pinganyun.com/console/loadBalance/overview" target="_blank">ELB Console</a>. 2. In the left navigation pane, click Instance Management to enter the Instance Management page. 3. Click the instance name of the target ELB instance and enter the Instance Information page. 4. Click the Listener tab. 5. In the upper-right corner of the tab, click Create to enter the Create Listener page. 6. Configure the listener as described in the following tables. <img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607112912-198149ba91c1.png" style="height:669px; width:830px" /> Basic Information <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:170px"> Configuration item </td> <td style="background-color:#ededed; vertical-align:top; width:611px"> Description </td> </tr> <tr> <td style="width:170px"> Description </td> <td style="vertical-align:top; width:611px"> Customize the description of a listener. </td> </tr> <tr> <td style="width:170px"> Frontend protocol </td> <td style="vertical-align:top; width:611px"> Select TCP. </td> </tr> <tr> <td style="width:170px"> Port </td> <td style="vertical-align:top; width:611px"> Enter the port number used to receive the request and forward the request to the pool. <img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607112607-197ec68f94ac.png" style="height:22px; margin:1px; width:50px" />: In the same ELB instance, the listener port number cannot be repeated. </td> </tr> <tr> <td style="width:170px"> Schedule algorithm </td> <td style="vertical-align:top; width:611px"> Select a schedule algorithm. Currently only Weighted Round Robin is supported. In the weighted round robin mode, the access request will be assigned to the hosts in the server resource pool according to the weight value. The higher the host weight, the greater the probability of being distributed. If the weight values are the same, the round robin mode is implemented. </td> </tr> <tr> <td style="width:170px"> Pool </td> <td style="vertical-align:top; width:611px"> Choose a pool. You need to select a pool based on the following steps: 1. Click Choose Pool, and the Choose Pool dialog box opens. 2. Check the target pool, and click Confirm. If you have not yet created a pool, you need to create one before you can make a selection here. You can also create a server resource pool before you select one for a listener. For more information about creating a pool, see Create an /ELB Pool. </td> </tr> <tr> <td style="width:170px"> Turn on TCP+SSL </td> <td style="vertical-align:top; width:611px"> For external ELB instances, you can choose to turn on or off the TCP+SSL function. For the case where a large number of clients in the IoT environment are electrical appliances, such as refrigerators, washing machines, and air-conditioning terminals, TCP is usually used to initiate the connection. For the security of the connection, the terminal SSL certificate needs to be verified. If you turn on the TCP+SSL, you need to upload an SSL certificate. <img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607112607-197ec68f94ac.png" style="height:22px; margin:1px; width:50px" />: Before uploading the certificate, make sure that the certificate has been created. For more information, see Create a Certificate. You can upload the certificate in the following steps: 1. Click Select Certificate, and the Select Certificate dialog box opens. 2. Check the target certificate, and click Confirm. </td> </tr> </tbody> </table> Advanced configuration <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:257px"> Configuration item </td> <td style="background-color:#ededed; vertical-align:top; width:524px"> Description </td> </tr> <tr> <td style="width:257px"> Session persistence </td> <td style="vertical-align:top; width:524px"> You can choose to turn on or off the session persistence function. After you turn on the session persistence function, requests belonging to the same session will be forwarded to the same host for processing. The way to keep the session is the source address hash SOURCE_ADDRESS. </td> </tr> <tr> <td style="width:257px"> Access control </td> <td style="vertical-align:top; width:524px"> For external ELB instances, you can choose to turn on or off the Access Control function. After you turn on the access control function, you can control the access permission of the specified IP address to ELB. If you turn on the access control function, you need to select the created access control policy group or create a new access control policy group and select the access control mode. The access control policy group includes one or more IP addresses. The access control modes include Whitelist and Blacklist. It decides whether to allow or deny the IP addresses in the policy group to access the ELB instance. </td> </tr> <tr> <td style="width:257px"> Create connection timeout </td> <td style="vertical-align:top; width:524px"> The create connection timeout defines the timeout period when establishing a connection. The session will be disconnected if it is not established. It is 60 seconds by default. The value range is [10，180] seconds. </td> </tr> <tr> <td style="width:257px"> Keepalive timeout </td> <td style="vertical-align:top; width:524px"> Configure the TCP keepalive timeout time. After the connection idle time exceeds this time period, ELB will actively disconnect the connection. It is 600 seconds by default, and the value range is [10, 900] seconds. </td> </tr> <tr> <td style="width:257px"> Source IP address transparent transmission </td> <td style="vertical-align:top; width:524px"> It is used to realize the transparent transmission capability of the four-layer TCP listener to the source IP address accessed. This function is turned off by default. If you need to obtain the source IP address, we recommend that you turn on this function. After you turn on this function, the TCP listener will carry the access source IP address to the back-end server. An nginx process needs to be started on the cloud server in the pool, and the configuration is as follows: stream { log_format basic '$proxy_protocol_addr - $remote_user [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time'; access_log /var/log/nginx/stream.access.log basic; #The source address falls to the log file server { listen 8012 proxy_protocol; #Resolve source address proxy_pass 127.0.0.1:8883; #Proxy to back-end application } } </td> </tr> </tbody> </table> 7. Click Next and configure the health check information of the TCP listener as described in the following tables. <img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607112951-1da28b3f9404.png" style="height:463px; width:830px" /> Health check <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:153px"> Configuration item </td> <td style="background-color:#ededed; vertical-align:top; width:628px"> Description </td> </tr> <tr> <td style="width:153px"> Health check </td> <td style="vertical-align:top; width:628px"> You can choose to turn on or off the health check function. If you turn on the health check function, the ELB service will check the health status of the hosts in the server resource pool. If the ELB service finds that there is a problem with a host, it will forward the request to other normal hosts. When the host returns to normal, the ELB service will resend the request to the host. After you turn on the health check function, you need to configure the following parameters. </td> </tr> <tr> <td style="width:153px"> Protocol </td> <td style="vertical-align:top; width:628px"> Select the protocol for health check. The only protocol available here is TCP. </td> </tr> <tr> <td style="width:153px"> Interval </td> <td style="vertical-align:top; width:628px"> Set the time interval between two health checks. The value range is [5, 300] seconds. </td> </tr> <tr> <td style="width:153px"> Timeout </td> <td style="vertical-align:top; width:628px"> Set the maximum timeout period for each health check response. The value range is [2, 60] seconds. During the health check, if the hosts in the server resource pool do not respond correctly within this period of time, the health check will fail. </td> </tr> <tr> <td style="width:153px"> Frequency threshold </td> <td style="vertical-align:top; width:628px"> Set the number of consecutive health checks to determine the health status of the host. The value range is [2, 10] times. If the frequency threshold is set to 3, the host is determined to be healthy after three times of successive successful health check, and the host is determined to be unhealthy after three times of successive failed health check. </td> </tr> </tbody> </table> 8. Click Create, and you will see an Operation succeeded message at the bottom of the page.

Did the above content solve your problem? Yes No