Search code examples
oracle-cloud-infrastructure

Load Balancer not able to connect with backend

I have deployed the Spring boot app on the OCI compute and its comping up nicely. Compute is created with public ip and have the security list updated to allow connections from internet. But, I wasn't able to hit the end point from internet. For that reason, I thought of configuring the load balancer.

enter image description here

Created load balancer in a separate subnet(10.0.1.0/24), routing table and security list. Configured the LB's security list to send all protocol packets to compute's CIDR(10.0.0.0/24) and configured compute's security list to accept the packets from LB. I was expecting LB to make connection with back end. But, its not.

enter image description here

I am able to hit the LB from internet :-

enter image description here

Lb's routing table with all ips routed through internet gateway. There is no routing defined for compute's CIDR as its in the VCN.

enter image description here

LB has its own security list, which has allowed out going packets to compute and incoming from internet as below:

enter image description here enter image description here

Compute's security list accepting packet's from LB: enter image description here enter image description here

Let me know, if I am missing something here.

My internet gateway :- enter image description here

My backend set connection configuration from LB:

enter image description here

LB fails to make connection with backend, there seems to be no logging info available :

enter image description here

App is working fine , if I access from the compute node :

enter image description here

Solution

  • The LB has a health check that tests the connection to your service. If it fails, the LB will keep your backend out of rotation and give you the critical health like you're seeing.

    Default health check

    You can get to it by looking at the backend set and clicking the Update Health Check button.

    Backend Set configuration screen

    Edit: Ultimately I figured it out, you should run the following commands on your backend:

    sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

    Use the port that you configured your app to listen on.

    I used httpd instead of spring, but I also did the following

    sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
sudo restorecon -F -R -v /var/www/html

    I'm not really too familiar with selinux but you may need to do something similar for your application.

    Additionally, setting up a second host in the same subnet to login to and test connecting to the other host will help troubleshooting, since it will verify if your app is accessible at all outside the host that it's on. Once it is, the LB should come up fine.