NavigationContentFooter
Jump toSuggest an edit

Public vs private Load Balancers

Reviewed on 14 June 2024Published on 14 June 2024

When creating a Load Balancer, you are prompted to configure its accessibility. There are two options: private or public.

Overview

  • Private: A private Load Balancer has no public IP address, and is only accessible from the Private Network(s) it is attached to.

  • Public: A public Load Balancer is accessible from the internet via its public IP address.

Accessibility cannot be modified after creation of the Load Balancer.

Public Load Balancers

A Load Balancer is defined as public when you choose the “public” accessibility option during Load Balancer creation. A public Load Balancer has the following characteristics:

  • It must have a public IPv4 address, which can either be a new address created along with the Load Balancer, or an existing available flexible IP address held in your account.
  • It can optionally have an additional public IPv6 address.
  • The Load Balancer is accessible over the public internet via its public IP address(es), but can optionally also be attached to up to eight different Private Networks.
  • It can be configured or deleted using the Scaleway API, console, CLI, Terraform or other devtools.
  • It provides its metrics to Scaleway Cockpit, allows the use of Let’s Encrypt certificates, and (if the appropriate Load Balancer type is selected), supports multicloud IP addresses for its backend servers.

Private Load Balancers

A Load Balancer is defined as private when you choose the “private” accessibility option during Load Balancer creation. A private Load Balancer has the following characteristics:

  • It has no public IP address for sending requests or initiating TCP connections.
  • It only listens to requests or connections sent to its interface(s) on the Private Network(s) it is attached to. It is not accessible over the public internet.
  • Like a public Load Balancer, it can be attached to up to eight different Private Networks.
  • It can be configured or deleted using the Scaleway API, console, CLI, Terraform, or other devtools.
  • It provides its metrics to Scaleway Cockpit, even though there is no traffic.
  • It does not allow the use of a Let’s Encrypt certificate - only imported certificates are supported.
  • It does not support multicloud IP addresses for its backend servers, since it is not directly connected to the internet. Routes to them are thus, not guaranteed.

A private Load Balancer can be used to balance requests between backends internally, where your backends’ clients are in the same Private Network as the Load Balancer. The security of your infrastructure is strengthened, as the Load Balancer does not have a public IP address and is not accessible over the public internet.

When you attach a private Load Balancer to multiple Private Networks, it has an IP address in each one. The Load Balancer can then forward traffic to any resource or service attached to any of its Private Networks, thus allowing inter-Private-Networks load balancing. Scaleway’s managed DNS also makes it possible to contact the Load Balancer over the Private Network without knowing its IP address (using lb-name.pn-name, which then resolves to its private IP address).

Docs APIScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCarreer
© 2023-2024 – Scaleway