Documentation | Tencent Cloud

Recent Pages

CLB Listener Overview

Last updated: 2021-03-12 14:37:19

After creating a CLB instance, you need to configure a listener to it. The listener listens to requests on the instance and routes traffic to real servers based on the load balancing policy.

You need to configure a CLB listener with the following items:

Listening protocol and port. The listening port, or frontend port, is used to receive and forward requests to real servers.
Listening policies, such as load balancing policy and session persistence.
Health check policies.
Real server. Bind a real server by selecting its IP and port. A service port, or backend port, is used by the real server to receive requests.

Supported Protocol Types

A CLB listener can listen to layer-4 and layer-7 requests on a CLB instance and route them to real servers for processing. The main difference between layer-4 CLB and layer-7 CLB is whether layer-4 or layer-7 protocol is used to forward traffic for load balancing of user requests.

Layer-4 protocols: transport layer protocols that receive requests and forward traffic to the real server mainly via VIP and port.
Layer-7 protocols: application layer protocols that distribute traffic based on application layer information such as URL and HTTP header.

If you use a layer-4 listener (i.e., layer-4 protocol forwarding), the CLB instance will establish a TCP connection with the real server on the listening port, and directly forward requests to the real server. This process does not modify any data packets (in pass-through mode) and has high forwarding efficiency.

Tencent Cloud CLB supports request forwarding over the following protocols:

TCP (transport layer)
UDP (transport layer)
TCP SSL (transport layer)
HTTP (application layer)
HTTPS (application layer)

Note：
TCP SSL listeners currently support public network CLB instances but not private network or classic CLB instances.

Protocol Type	Protocol	Description	Use Case
Layer-4 protocol	TCP	Connection-oriented and reliable transport layer protocol: The source and destination ends must perform a three-way handshake to establish a connection before data transfer. Client IP (source IP)-based session persistence is supported. The client IP can be found at the network layer. The server can directly obtain the client IP.	It is suitable for scenarios that have high requirements for reliability and data accuracy but relatively low requirements for transfer speed, such as file transfer, receiving and sending emails, and remote login. For more information, please see Configuring a TCP Listener.
	UDP	Connection-less transport layer protocol: The source and destination ends do not establish a connection, nor maintain the connection status. Each UDP connection is point-to-point. One-to-one, one-to-many, many-to-one, and many-to-many communications are supported. Client IP (source IP)-based session persistence is supported. The server can directly obtain the client IP.	It is suitable for scenarios that have high requirements for transfer efficiency but relatively low requirements for accuracy, such as instant messaging and online videos. For more information, please see Configuring a UDP Listener.
	TCP SSL	Secure TCP: TCP SSL listeners support configuring certificates to prevent unauthorized access requests. Unified certificate management is provided for CLB to implement decryption. One-way and mutual authentications are supported. The server can directly obtain the client IP.	It is suitable for scenarios that have high requirements for security when TCP is used and supports TCP-based custom protocols. For more information, please see Configuring a TCP SSL Listener.
Layer-7 protocol	HTTP	Application layer protocol: Forwarding based on requested domain name and URL is supported. Cookie-based session persistence is supported.	It is suitable for applications where request contents need to be identified, such as web applications, mobile apps, and so on. For more information, please see Configuring an HTTP Listener.
Layer-7 protocol	HTTPS	Encrypted application layer protocol: Forwarding based on requested domain name and URL is supported. Cookie-based session persistence is supported. Unified certificate management is provided for CLB to implement decryption. One-way and mutual authentications are supported.	It is suitable for HTTP applications requiring encrypted transmission. For more information, please see Configuring an HTTPS Listener.

Port Configuration

Port Type	Notes	Restrictions
Listening port (frontend port)	Listening ports are used by CLB instances to receive and forward requests to real servers You can configure CLB instances for ports 1 to 65535, such as port 21 (FTP), 25 (SMTP), 80 (HTTP), and 443 (HTTPS), etc.	On one CLB instance: Listening ports of UDP can be used for TCP; e.g., a `TCP:80` listener and a `UDP:80` listener can coexist. Listening ports must be unique for the same type of protocol. TCP, TCP SSL, HTTP, and HTTPS are of TCP, so for example, a `TCP:80` listener and an `HTTP:80` listener cannot coexist.
Service port (backend port)	Service ports are used by CVM instances to provide services, receive and process traffic from CLB instances. On one CLB instance, one listening port can forward traffic to ports of multiple CVM instances.	On one CLB instance: Service ports of different listening protocols do not need to be unique; e.g., the listener `HTTP:80` and `HTTPS:443` can be both bound to the same port of a CVM instance. When using the same listening protocol, each backend service port can be bound to one listener only, that is, the quadruple (VIP, listening protocol, private IP of real server, and backend service port) must be unique.