Network Load Balancer
A network load balancer, which is present on a public subnet, enables you to connect to a DB system over the internet. However, it is a security risk to make the DB system accessible over the internet. You must restrict the authorized public IP addresses to a single IP address or a small range of IP addresses, and use in-transit encryption. It is recommended to use a VPN connection.
Connecting to a DB System
Use the network load balancer, which is present on a public subnet, to connect to the DB system over the internet.
Using the Console
Use the Console to create a network load balancer that enables you to connect to a DB system over the internet.
Do the following to connect to a DB system over the internet, that is, using a public IP address:
- Create a network security group in the VCN to allow traffic from your local machine to the network load balancer. See Creating a Network Security Group.
- Create a network load balancer to redirect traffic to the DB system. See Creating a Network Load Balancer.
- Configure the backend of the load balancer to route traffic to the DB
system. See Configuring the Backend of the Network Load Balancer.
Do not add more than one DB system in the backend of the load balancer. Writing data to multiple backends results in having inconsistent data across DB systems. If you need public access to more DB systems, create one load balancer for each DB system.
- Add ingress rules to the public security list of the VCN to allow
traffic to the MySQL port. See Adding Ingress Rules for a Network Load Balancer.
If the DB system is in a different subnet, add ingress rules to that subnet. You can view the subnet of your DB system in the DB system details page. Also, ensure you configure Source CIDR to include the load balancer IP address and specify the correct port in Destination port range.
- Connect to the DB system using the public IP address of the network load
balancer using a command-line client such as MySQL Shell:
mysqlsh <UserName>@<NLBPublicIPAddress>
Optionally, you can add another listener and backend to the MySQL X Protocol port. The default port is 33060. Configure an equivalent listener, backend, and security rules for the X Protocol port.
Creating a Network Security Group
Create a network security group(NSG) to allow traffic from your local machine to the network load balancer.
Using the Console
Use the Console to create a network security group.
- Open the navigation menu, select Networking, and then select Virtual cloud networks.
- Select the compartment from the List scope.
- From the list of VCNs, click the name of the VCN to open the Virtual cloud network details page.
- In the Virtual cloud network details page, select Network security groups from the Resources section.
- Click Create network security group.
- In the Create network security group panel, under Basic info,
provide the following information:
- Name: Specify a name of the network security group. For example, MySQLNSG
- Create in compartment: Select the compartment where you want to create the network security group.
- Click Next.
- Under Add security rules, provide the following information:
- Stateless: Do not select.
- Direction: Select Ingress.
- Source type: Select CIDR.
- Source CIDR: Specify the IP address of the machine
from where you want to connect to the DB system. You should narrow down the
range to more specific IP addresses. For example:
- 120.0.0.0/24: Allows traffic from 120.0.0.0 to 120.0.0.255 IP addresses, that is, a total of 256 IP addresses.
- 120.0.2.24/32: Allows traffic from 120.0.2.24 IP address only.
- IP protocol: Select TCP.
- Source port range: Enter All.
- Destination port range: Enter
3306,33060
. - Description: (Optional) Specify a description of the network security group.
- Click Create.
Creating a Network Load Balancer
Create a network load balancer on the public subnet to redirect traffic to the DB system.
Configuring the Backend of the Network Load Balancer
Configure the backend of the network load balancer to route traffic to the DB system. Do not add more than one DB system in the backend of the load balancer. Writing data to multiple backends results in having inconsistent data across DB systems. If you need public access to more DB systems, create one load balancer for each DB system.