IBM Cloud Docs
FAQs for application load balancers

FAQs for application load balancers

The following sections contain answers to some frequently asked questions about the IBM Cloud® Application Load Balancer for VPC (ALB).

Can I use a different DNS name for my ALB?

The auto-assigned DNS name for the application load balancer is not customizable. However, you can add a CNAME (Canonical Name) record that points your preferred DNS name to the auto-assigned load balancer DNS name. For example, your load balancer in us-south has ID dd754295-e9e0-4c9d-bf6c-58fbc59e5727, and the auto-assigned load balancer DNS name is dd754295-us-south.lb.appdomain.cloud. Your preferred DNS name is www.myapp.com. You can add a CNAME record (through the DNS provider that you use to manage myapp.com) pointing www.myapp.com to the load balancer DNS name dd754295-us-south.lb.appdomain.cloud.

What's the maximum number of front-end listeners I can define with my application load balancer?

10 is the maximum number of front-end listeners that you can define with your ALB.

What's the maximum number of virtual server instances I can attach to my back-end pool?

50 is the maximum number of virtual server instances that you can attach to a back-end pool.

What's the maximum number of subnets I can attach to my application load balancer?

15 is the maximum number of subnets that you can define with your ALB.

Is the load balancer horizontally scalable?

Yes. The Application Load Balancer for VPC automatically adjusts its capacity based on the load. When horizontal scaling takes place, the number of IP addresses associated with the application load balancer's DNS changes.

What do I do if I use ACLs on the subnets that are used to deploy the application load balancer?

Make sure that the proper ACL rules are in place to allow incoming traffic for configured listener ports. Traffic between the application load balancer and back-end instances need also be allowed.

Why is my application load balancer in maintenance_pending state?

The application load balancer is in maintenance_pending state during various maintenance activities, such as:

  • Horizontal scaling activities
  • Recovery activities
  • Rolling upgrades to address vulnerabilities and apply security patches

Why do I need to choose multiple subnets during provisioning?

The Application Load Balancer for VPC (ALB) is Multi-Zone Region (MZR) ready. Load balancer appliances are deployed to the subnets you selected. To achieve higher availability and redundancy, deploy the application load balancer to subnets in different zones.

Do I need extra IPs in the subnet for application load balancer operations?

It is recommended to allocate 8 extra IPs per MZR to accommodate horizontal scaling and maintenance operations. If you provision your application load balancer with one subnet, allocate 16 extra IPs.

What are the default settings and allowed values for health check parameters?

  • Health check interval - Default is 5 seconds, and the range is 2 - 60 seconds.
  • Health check response timeout - Default is 2 seconds, and the range is 1 - 59 seconds.
  • Maximum retry attempts - Default is two retry attempts, and the range is 1-10 retries.

The health check response timeout value must be less than the health check interval value.

Are the ALB IP addresses fixed?

Application load balancer IP addresses are not guaranteed to be fixed. During system maintenance or horizontal scaling, you see changes in the available IPs associated with the FQDN of your load balancer.

Use FQDN, rather than cached IP addresses.

Does the load balancer support layer 7 switching?

Yes, the load balancer supports layer 7 switching.

Why does HTTPS listener creation or update tell me that my certificate is invalid?

Check for these possibilities:

  • The provided certificate CRN might not be valid.
  • The certificate instance in the Secrets Manager might not have an associated private key.

What is the role of application load balancer front-end listeners?

Load balancer front-end listeners are the listening ports for the application. They act as proxies for back-end pools.

Why are there only 2 IPs instead of 3?

The Application Load Balancer for VPC (ALB) operates in ACTIVE-ACTIVE mode, a configuration that makes it highly available. Horizontal scaling might further add extra appliances when your load increases. The recommendation is that you choose subnets in different zones to make your load balancers support MZR. This way, if a zone is negatively impacted, a new load balancer is provisioned in a different zone.

If a pool is attached to an instance group, what is the maximum number of back-end members that I can have in a pool?

The maximum number of back-end members that are allowed in a pool is 50. So if an instance group is attached to a pool, the number of instances in the group can't scale up beyond this limit.

Why is my listener not receiving traffic?

Make sure that the security group rules that are attached to your load balancer allow incoming ingress and outgoing egress traffic on your listener's port. Security groups attached to your load balancer can be found on your load balancer's overview page. Locate the Attached security groups tab from the load balancer overview, then select the security groups that you want to view and modify their rules.

Does IBM complete quarterly ASV scans of data-plane LBaaS appliances?

Approved Scanning Vendor (ASV) quarterly scanning is a requirement of the Payment Card Industry (PCI) Security Standards Council. ASV scanning of LBaaS data-plane appliances is solely a customer responsibility. IBM does not use ASVs to scan data-plane appliances because these scans can negatively impact customer workload functions and performance.

How are active connections handled when a load balancer is scaled down?

When a load balancer appliance undergoes a scale down due to horizontal scaling or maintenance, the service waits for the active connections to close to allow for traffic to move to other appliances. After 24 hours, the service will complete its scale down event, which may terminate any active connections on those scaled down appliances.

How does the load balancer account disablement policy work?

If you receive a notification that your load balancer service has been suspended, then any load balancers on your account will be deleted. If the suspension on your account is removed, your previous load balancers will be restored only if their pre-requisite resources are still active, such as VPCs, subnets, and security groups. If these resources are no longer available, then you need to provision a new load balancer.