Skip to main content

Create and manage target group

Creating and managing target groups, including creation, listing, updating information, and connecting listeners, are described below.

Create target group

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Click the [Create target group] button in the upper right corner.

  3. In the Step 1: Configure target group screen, enter the settings and click the [Next] button.

    Image Step 1. Create target group

    CategoryItemDescription
    Load balancerAvailability Zone (AZ)Select from the available AZs in the project
    Load balancerProvides a list of all Load Balancers in the selected availability zone
    ListenerProvides a list of all Listeners for the selected load balancer and the option 'No Listener'
    Basic informationTarget group nameThe target group name
    ProtocolSelectable target group protocol based on listener protocol
    - TCP Listener: HTTP, TCP
    - UDP Listener: UDP
    Algorithm- Round Robin: Distributes traffic sequentially among targets in the target group
    - Least connections: Distributes traffic preferentially to targets with fewer connections
    - Source IP Hash: Ensures that traffic from the same client IP header always goes to the same target
    Sticky sessionCan be set to use or not use only in the following Listener x target group combinations (TLS Listener is not supported)
    - TCP x TCP, UDP x UDP
    - Otherwise: 'Not Used' (Disabled)
    Sticky session typeSelectable types based on Listener x target group combinations
    - TCP x TCP: Source IP
    - UDP x UDP: Source IP
    Stickiness durationActivated only when using Sticky Sessions (HTTP Cookie, App Cookie)
    - Integer between 1 and 604800 (Default: 3600 seconds for HTTP Cookie, 360 seconds for others)
    Cookie nameActivated only when using Sticky Sessions (App Cookie)
    - The name of the App cookie used by the user's application must be entered
    - Allowed characters: Alphabets, numbers, and some special characters (! # $ % ^ & _ * + ~ -)
    - Allowed length: 1-255 characters
    Sticky IP-netmaskActivated only when using Sticky Sessions (Source IP)
    - Entered in IPv4 address format only (Default: 255.255.255.255)
    Health checkHealth checkEnable or disable health check
    TypeSelectable types based on target group protocol
    - HTTP target group: HTTP, PING
    - TCP target group: PING, TCP
    - UDP target group: TCP, HTTP
    HTTP method- Set only if the health check type is HTTP
    - Choose from CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE
    HTTP version- Set only if the health check type is HTTP
    - Choose from 1 or 1.1
    HTTP status code- Set only if the health check type is HTTP
    - Enter a single code, comma-separated multiple codes, or a range of codes specified by hyphens (-)
    Check pathEnter in URL format
    Check intervalInteger between 1 and 3600 (Default: 30 seconds)
    - Must be greater than the timeout
    TimeoutInteger between 1 and 900 (Default: 5 seconds)
    - Must be less than the check interval
    Transition criteria (success)Integer between 1 and 10 (Default: 5)
    Transition criteria (failure)Integer between 1 and 10 (Default: 2)
    info

    If the algorithm is Source IP Hash, traffic from a single source will always be directed to the same target, so there is no need for Sticky Session configuration. Sticky session settings are required for specifying the duration of the session; thus, using Source IP Hash is recommended if you want to maintain the session consistently.

  4. In the Step 2: Add targets screen, you can add resources as targets that are in the same AZ and Virtual Private Cloud (VPC) as the selected Load Balancer.

  5. Select the instances to add as targets and enter the port number.

  6. Click the [Add target] button.

    caution

    DSRNLB requires that the port number of the connected Listener matches the port number of the target group's targets. target groups already connected to another Listener cannot be connected to a different Listener. Additionally, all targets in a target group must have the same port number configured.

  7. After adding targets, click the [Next] button.

  8. In the Step 3: Review screen, review the settings and click the [Create] button.

info
  • After creating a target group, you need to set the target's security group. Go to Target Group > Target tab and check the Health check IP address and add the IP address to the security group inbound policy of the target.
  • The IP address is used as a service port, so even if you do not use health check, you must open it through the inbound policy settings.

Manage target group

You can modify or delete existing target groups, or add new targets from the target group details screen.

View list of target groups

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Review the list of target groups.

    CategoryDescription
    Target group nameDisplays the name and ID assigned at creation
    Provisioning statusInformation on whether the target group has been created successfully or if modification or deletion is in progress
    Operating statusInformation on whether the created target group is in an operational state
    ProtocolThe protocol used for routing traffic to targets
    Load balancerThe name and ID of the load balancer connected to the target group
    VPCThe name and ID of the VPC containing the load balancer
    [More] iconProvides options for renaming, listener connection settings, algorithm settings, etc

View target group details

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select a target group to.

  3. In the details screen, you can check detailed information, targets, health check, and attributes.

    Image Target group details

    CategoryDescription
    DetailsView detailed information of the target group
    TargetsView the list of added targets and detailed information of each target
    Health checkView health check settings
    AttributesView attributes of the target group

Rename target group

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Click the [More] icon > Rename target group.

  3. In the popup, enter the new name and click the [Rename] button.

Delete target group

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Click the [More] icon > select Delete target group.

  3. In the popup, enter the confirmation text and click the [Delete] button.

Configure listener connection

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Click the [More] icon and select Configure listener connection.

  3. In the popup, change the connection settings and click the [Apply] button.

    Image Target group - Listener connection

caution

A target group in DSRNLB can only be connected to a single listener created on one DSRNLB.

Set algorithm

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..
  2. Click the [More] icon > select Set algorithm.
  3. In the popup, change the algorithm and click the [Apply] button.

Configure target

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Click the target group where you want to change the target settings.

  3. In the details screen, click the Target tab, then click the [Configure target] button.

  4. In the popup, review the registered targets and delete or add targets as needed, then click the [Apply] button.

    caution
    • All targets in a single target group must be set to the same port number.
    • When using DSRNLB, the load balancer and target Instances must exist within the same Subnet.

Set traffic weight

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select the target group to change the traffic weight settings.

  3. In the details screen, click the Target tab, then click the [Set traffic weight] button.

  4. In the popup, change the weights and click the [Set] button.

    • Traffic weight can be entered as integers between 0 and 256.
    • Weights are converted to a weight conversion value using the following formula:
      • Weight Conversion: (Weight/256)*100 (rounded up to the nearest tenth)
      • Ratio: Weight Conversion / Sum of Weight Conversions

Set health check

info

To perform a successful health check with DSRNLB, additional settings for target Instances are required. Refer to Configure target instance for more details.

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select the target group to change the health check settings.

  3. In the details screen, click the Health check tab, then click the [Configure health check] button.

  4. In the popup, change the health check status or settings.

    Image Configure health check

    CategoryDescription
    Target groupThe name of the current target group
    ProtocolTypes selectable based on the target group's protocol
    - HTTP target group: HTTP, PING
    - TCP target group: PING, TCP
    - UDP target group: TCP, HTTP
    Health check StatusType: Type of health check
    - PING: Sends packets to the target and checks the response (ICMP Ping)
    - HTTP: Sends packets to the configured path and checks the response
    - HTTPS: Checks the response for targets using certificates in the same way as HTTP
    - TCP: Checks the target's state using TCP Protocol ports
    Interval: Target health check interval (seconds)
    - 1~3600 seconds
    Timeout: Maximum waiting time for a delayed response from the target (seconds)
    - If the specified time is exceeded, the communication with the target is considered failed
    - Set to a value less than the interval
    - 1~900 seconds
    Transition criteria (success): Number of consecutive successful health checks required to consider a target healthy
    Transition criteria (failure): Number of consecutive failed health checks required to consider a target unhealthy and exclude it from traffic distribution
  5. If the health check type is HTTP or HTTPS, additional attributes can be set.

    CategoryDescription
    HTTP methodChoose from GET, HEAD, OPTIONS, POST, PUT, TRACE, PATCH, DELETE, CONNECT
    HTTP versionChoose from 1.0 or 1.1
    HTTP status codeSet the expected HTTP status codes for responses from the target
    - If the target responds with the user-configured HTTP status code, the health check is considered successful
    - Example of single status code: 200, 201
    - Example of multiple status codes: 201, 202, 401, 402
    - Example of range: 200-500
    Check pathEnter the path for the health check in URL format
  6. Click the [Apply] button.

caution

If the target of the target group uses SELinux options provided by newer CentOS distributions like CentOS 8 Stream, SELinux will block shell_exec_t calls. Therefore, PING type health checks will not function.

Set sticky session

Sticky Sessions can be configured for some target groups depending on the Listener and target group protocol.

Sticky session options by listener and target group protocol
Target group\ListenerHTTPHTTPSTCPUDP
HTTPHTTP Cookie, App CookieXXX
HTTPSXXXX
TCPXXSource IPX
UDPXXXSource IP
PROXYXXXX
  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select the target group to change the sticky session settings.

  3. In the detail screen, click the Attributes tab and then click the [Configure sticky session] button.

  4. In the popup, change the settings and click the [Apply] button.

Configure target instance

To use DSRNLB correctly, additional settings are required for the target instances based on their operating system. Create the instances to be used as targets beforehand, then perform the following tasks. Failure to do so will result in unsuccessful health checks.

Change source/destination check

  1. Go to KakaoCloud Console > Virtual Machine > Instance menu.

  2. Click the [More] icon and select Change source/destination check.

  3. In the popup, select Disable source/destination check and click the [Complete] button.

    caution
    • Instances set to disable source/destination checks will receive all packets that do not have themselves as the destination. To minimize security risks, configure the security group policies in detail.
    • To use DSRNLB, the security group of the target instance must allow inbound traffic from DSRNLB's private IP and Listener port number.

Configure network on target instance

Using DSRNLB requires additional network configuration on the target instance based on its operating system, including Address Resolution Protocol (ARP) settings and Loopback address settings.

  1. Connect to the target instance via SSH.

  2. Enter the following commands. <private_ip_of_dsrnlb> is the private IP address of the DSRNLB associated with this target group (e.g., 10.0.3.49).

    caution

    The following commands must be executed with root privileges. Switch to root using the sudo -i command before running these commands.

    Network Configuration
    sysctl -w net.ipv4.conf.all.arp_ignore=1
    sysctl -w net.ipv4.conf.all.arp_announce=2
    ip a del 127.0.0.1 dev lo
    ip a add <private_ip_of_dsrnlb>/32 dev lo
    ip link set dev lo up
    How to maintain settings after reboot

    For the above configuration, you will need to reapply the settings every time the instance is rebooted. To ensure the settings are maintained after a reboot, additional steps are required. For detailed instructions, please refer to Set up crontab to automatically run scripts at boot.


Set up crontab to automatically run scripts at boot

For Linux operating systems, the settings you previously configured will be reset and need to be reapplied when the instance is rebooted. To ensure the settings are applied after a reboot, you can save the configuration steps as a script file and use the crontab command to execute this script at boot.

  1. Open the crontab file with the following command:

    Open Crontab File
    crontab -e
  2. Add a line to the file using the @reboot expression to automatically execute the code at reboot.

    Add Code to Run at Reboot
    @reboot sh /<file_directory>/<file_name>
    ParameterDescription
    <file_directory>Path where the executable file is located
    <file_name>Name of the shell script file to be executed at boot
    - Example: @reboot sh /home/setup_dsr.sh
  3. Write the shell script that will be executed. This example script performs the tasks described in Configure network on target instance and Bind process running on target instance to DSRNLB's private IPP.

    setup_dsr.sh
    #!/bin/sh
    sysctl -w net.ipv4.conf.all.arp_ignore=1
    sysctl -w net.ipv4.conf.all.arp_announce=2

    ip a del 127.0.0.1 dev lo

    # The private IP address of the DSRNLB that this target instance will be associated with in the target group
    ip a add 172.30.4.237/32 dev lo

    ip link set dev lo up

    # When using a UDP Listener, bind the Process running on the target instance to the DSRNLB's private IP (UDP Server execution)

    # When using a UDP Listener, bind the Process running on the target instance to the DSRNLB's private IP (UDP Server execution)

    python3 /home/sample_python_udp_server.py
  4. Adjust the permissions of the script and Python files to ensure they can be executed. Enter the path to each file or navigate to the directory where the files are located and execute the following commands:

    Grant Execute Permissions
    chmod +x setup_dsr.sh
    chmod +x sample_python_udp_server.py
  5. Verify that the settings persist after rebooting.

    Verify Settings
    # Check ARP settings
    sysctl -a | grep net.ipv4.conf.all.arp_ignore
    sysctl -a | grep net.ipv4.conf.all.arp_announce

    # Check Loopback IP address
    ip a

    # Verify that the UDP Server is running properly (check the port number specified in the Python script)
    netstat -tuln | grep 12345

Additional configuration for target instance when using UDP listener

When using the UDP Listener for DSRNLB, the target instance must run a Linux-based operating system. Additionally, one of the following three configurations must be applied. Even if the configuration is correctly completed, packet loss may occur due to the nature of UDP communication, leading to occasional failures.

Bind process running on target instance to DSRNLB's private IP
  1. On the target instance, create the following example code. This example is written in Python, but you may use an appropriate programming language as needed.

    sample_python_udp_server.py
    import socket

    localIP = "172.30.4.237" # DSRNLB's Private IP
    localPort = 12345 # Port number used by the UDP Server created and run by this source code
    bufferSize = 1024

    msgFromServer = "Hello UDP Client, this is Simple UDP Server."
    bytesToSend = str.encode(msgFromServer)

    # Create a datagram socket
    UDPServerSocket = socket.socket(family=socket.AF_INET, type=socket.SOCK_DGRAM)

    # Bind to address and ip
    UDPServerSocket.bind((localIP, localPort))

    print("UDP server up and listening")
    # Listen for incoming datagrams
    while(True):
    bytesAddressPair = UDPServerSocket.recvfrom(bufferSize)
    message = bytesAddressPair[0]
    address = bytesAddressPair[1]
    clientMsg = "Message from Client:{}".format(message)
    clientIP = "Client IP Address:{}".format(address)
    print(clientMsg)
    print(clientIP)

    # Sending a reply to client
    UDPServerSocket.sendto(bytesToSend, address)


  2. Run the example code.

Use iptables provided by the Linux Kernel for stateful NAT configuration
caution

NAT operations use additional CPU resources, and since DNAT is 'Stateful,' memory consumption can also be high.

  1. On the target instance, create the following example code. This example is written in Python, but you can substitute it with an appropriate programming language as needed.

    • This example code is the same as above, but the localIP address is changed to 0.0.0.0.
    sample_python_udp_server.py
    import socket

    localIP = "0.0.0.0"
    localPort = 12345 # Port number used by the UDP Server created and run by this source code
    bufferSize = 1024

    msgFromServer = "Hello UDP Client, this is Simple UDP Server."
    bytesToSend = str.encode(msgFromServer)

    # Create a datagram socket
    UDPServerSocket = socket.socket(family=socket.AF_INET, type=socket.SOCK_DGRAM)

    # Bind to address and ip
    UDPServerSocket.bind((localIP, localPort))

    print("UDP server up and listening")
    # Listen for incoming datagrams
    while(True):
    bytesAddressPair = UDPServerSocket.recvfrom(bufferSize)
    message = bytesAddressPair[0]
    address = bytesAddressPair[1]
    clientMsg = "Message from Client:{}".format(message)
    clientIP = "Client IP Address:{}".format(address)
    print(clientMsg)
    print(clientIP)

    # Sending a reply to client
    UDPServerSocket.sendto(bytesToSend, address)
  2. Run the example code.

  3. Add iptables DNAT rules by entering the following commands:

Add DNAT rules
iptables -p udp -t nat -A POSTROUTING -j RETURN -d <private_ip_of_target> --dport <udp_server_port>
iptables -p udp -t nat -A PREROUTING -j DNAT --dport <udp_server_port> --to-destination <private_ip_of_target> -d <private_ip_of_dsrnlb>
ItemDescription
<private_ip_of_target>Private IP address of the target instance
<udp_server_port>Port number set in the example code (localPort value)
<private_ip_of_dsrnlb>Private IP address of the DSRNLB associated with the target group to which the target instance is added
Use nftables provided by the Linux Kernel for stateless NAT configuration
info

To use nftables, your Linux kernel version must be 4.10 or higher.

  1. Write the example code from step 1 in Use iptables provided by the Linux Kernel for stateful NAT configuration.

  2. Execute the example code.

  3. Enter the following command:

    Modify Source Address in IP Header of Transmitted Packet
    nft add table raw
    nft add chain raw postrouting {type filter hook postrouting priority 300 \; }
    nft add rule raw postrouting ip saddr <private_ip_of_target> udp sport <udp_server_port> ip saddr set <private_ip_of_dsrnlb>
    CategoryDescription
    <private_ip_of_target>Private IP address of target instance
    <udp_server_port>Port number set in the example code above (localPort value)
    <private_ip_of_dsrnlb>Private IP address of DSRNLB connected to target group where target instance will be set

Manage target

You can view, modify, and delete targets added to the target group.

caution

Two health check IPs are generated per subnet where the target is located. For health checks, communication must be allowed through these IPs. Please refer to View health check IP and Allow communication with health check IP to add an inbound policy to the security group.

View health check IP

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select a target group.

  3. In the detail screen, select the Target tab.

  4. Click the Health check IP per subnet to view the list of health check IPs.

Allow communication with health check IP

There are two methods to allow communication with health check IPs in the security group. Choose one of the following methods for convenience.

Method 1. Register an inbound policy allowing the IP in the existing security group of the target instance
  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. View the health check IP and select the target group to allow communication.

  3. Select the Target tab.

  4. Click on Health check IP by subnet to view the health check IP list. Keep the health check IP query screen open or copy the list.

  5. In the Target list at the bottom of the tab detail view, check the instance to allow communication with the health check IP and select the security group name of the instance.

    • If there are multiple connected security groups, select any one to register.
    • If the same policy has already been added to one or more of the connected security groups, it means that communication is already allowed.
  6. Click the [Manage inbound rules] button in the Inbound rules tab.

  7. In the popup, click the [Add] button at the bottom of the Inbound Policy tab to add a new policy input field.

  8. Based on the detailed information from Step 5 in the Target Group > Target Tab, enter the policy information and click the [Apply] button on the right.

    Inbound policy configuration
    FieldDescription
    ProtocolProtocol for communication (TCP, UDP, ICMP, ALL), select based on the health check type of the target group
    - If the health check type is PING: ICMP
    - If the health check type is HTTP, HTTPS, TCP: TCP
    Packet sourceSource IP to allow access
    - Enter the health check IP identified in the target details
    - Register each of the two health check IPs generated in the Subnet that includes the target
    PortPort for communication
    - Enter the monitoring port of the target
    Policy description (Optional)Description of the policy
  9. Click the [Close] button.

Method 2. Create a new security group for health check and attach it to the target instance
  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. View the health check IP and select the target group to allow communication.

  3. Select the Target tab in the detail view.

  4. Click on Health check IP per subnet. Keep the health check IP query screen open or copy the list.

  5. Refer to Create security group to go to the new security group creation screen.

  6. In the popup, enter the security group name and description, and add the inbound policy.

  7. Based on the detailed information from Step 3 in the Target Group > Target tab , enter all policy information.

    • Register all health check IPs in one security group and connect the entire target instance to this security group.
      Or, create security groups by subnet and register only the health check IP generated in that Subnet, then connect only the target Instances in the same Subnet.
    Inbound policy configuration
    FieldDescription
    ProtocolProtocol for communication (TCP, UDP, ICMP, ALL), select based on the health check type of the target group
    - If the health check type is PING: ICMP
    - If the health check type is HTTP, HTTPS, TCP: TCP
    Packet sourceSource IP to allow access
    - Enter the health check IP identified in the target details
    - Register each of the two health check IPs generated in the Subnet that includes the target
    - If managing with a single security group, register each of the entire health check IPs
    PortPort for communication
    - Enter the monitoring port of the target
    - Can be entered as a single port or a range
    Policy description (Optional)Description of the policy
  8. Click the [Create] button to complete the creation of the security group.

  9. In the Security group list, click the [More] icon > [Modify association] button to connect the target instance.

Set monitoring port

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select the target group to modify.

  3. Select the Target tab in the detail view.

  4. Check the list of targets added to the target group.

  5. Select the [More] icon > [Set monitoring port].

  6. In the popup, change the information.

    • Set to the same port as the target port: The traffic port and monitoring port are the same
    • Set to different port from the target port: The traffic port and monitoring port are different, so enter the monitoring port
  7. Click the [Apply] button.

View target

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select a target group.

  3. Select the Target tab in the detail view.

  4. Check the list of targets added to the target group.

    FieldDescription
    IPTarget IP
    PortTarget port
    Provisioning statusInformation on whether the target was added successfully or if it is in the process of modification or deletion
    Operating statusInformation on whether the added target is available
    InstanceName and ID of the target instance
    SubnetName of the subnet containing the target
    Security groupsecurity group connected to the target instance
    Monitoring portPort where health check is performed
    WeightWeight ratio calculated based on the input weight
    [More] iconProvides functions for setting the monitoring port and disconnecting the target

Modify target

info

The port of the added target cannot be modified. If you want to change the port, delete the target and perform the target configuration again.

Detach target

  1. Go to KakaoCloud Console > Beyond Networking Service > Load Balancing > Target Group..

  2. Select the target group to disconnect the target.

  3. Select the Target tab in the detail view.

  4. Check the list of targets added to the target group.

  5. Select the [More] icon amd [Detach target].

  6. In the popup, click the [Detach] button.

info

Detaching the target will not delete the instance. To reconnect, please add it again.