By David Dymko, Technical Lead, Cloud Native Development
Vultr Load Balancers are a fully-managed solution to increase your application's reliability in seconds, without
extra bandwidth charges. When you need to enable horizontal scaling with health monitoring and failover, deploy a
Vultr Load Balancer through our customer portal or the Vultr API.
We've seen tremendous adoption of Load Balancers since our original launch, and we didn't stop development.
We've listened to your feedback and continue to engage with our customer community to learn what features are
most important to you.
Today we are excited to announce some new Load Balancer features that make them even more flexible, convenient, and
powerful. These updates are available to all customers now, and we've automatically upgraded all your existing
Load Balancers with these new capabilities.
Private Network Support
The first significant upgrade is support for private
networks. You can place your entire
infrastructure on a private network and provide public ingress through the Load Balancer. Private Networking
has been extremely useful for many customers. Adding private network support for Load Balancers enables many new
service configurations you've requested.
FIGURE: Diagram of Private Network & Load Balancer
While private network support is helpful on its own, you can also combine it with our new firewall features to create
many networking scenarios. Keep reading to see more examples.
Load Balancer Firewalls
Every application needs strong security protections. One best practice is to use firewall rules which restrict
network traffic to selected IP addresses and ports. That's why we've added support for Vultr Firewalls to
our Load Balancers in two different areas.
The Vultr Load Balancer now has an Integrated Firewall
We've added an integrated
firewall to the Vultr Load Balancer to simplify configuration. Now you can manage your forwarding rules and
protect the backend instances with a firewall from a single control panel. And, just like the Vultr Firewall, the
Load Balancer's firewall features a Cloudflare IP source so that you can target all Cloudflare IPs with a single
firewall rule. The integrated firewall sits in front of the load balancer, protecting it and the instances behind
it.
FIGURE: Diagram of Vultr Load Balancer With Integrated Firewall
The Vultr Firewall is now Load Balancer Aware
If your situation requires a firewall behind the load balancer, we've made that easy too. We've added Load
Balancers as a named source for Vultr
Firewall rules. You can ensure that all
connections to your instances originate from the Load Balancer and prevent direct connections from the
internet.
FIGURE: Diagram of Vultr Firewall Load Balancer Aware
It's easy to place a Load Balancer in front of your compute instances. When you create a Vultr Firewall Rule,
define one of your Load Balancers as the source. Any instance using this Vultr Firewall will accept traffic from the
Load Balancer.
Putting it all Together
With these new Load Balancer features, you can create robust
configurations for high availability. You can combine these features to configure one set of firewall rules for your Load Balancers on the private network and a different set of public firewall rules for the instances behind
them.
For example, you may want to isolate web traffic to a private network and ensure it originates from Cloudflare while
still allowing management access via SSH from a few select IPs on the public network.
FIGURE: Complete Diagram of Robust Configuration With Vultr Load Balancer For High Availability
Available Today
You'll find these new features today in your customer portal. We've also updated our open source tools such
as our Terraform provider and the Vultr API to support these new features. As part of this upgrade, we also
refactored some code to preserve the great performance and reliability you expect from Vultr.
Vultr Load Balancers now give you greater control, flexibility, and security. With these upgrades, Load Balancers
support custom health checks, multiple load balancing algorithms, sticky sessions, proxy protocol, SSL certificates,
firewalls, and private networks. They continue to support all our server products, including Bare Metal, Cloud Compute, High Frequency Compute, and Dedicated Cloud.
We still have some features planned that haven’t made it into this release so please stay tuned. Follow us on Twitter and keep an eye on our news
page for more announcements.