FAQ

Last change on 2024-12-06 • Created on 2020-07-02 • ID: NE-8FDC1

What's a Load Balancer and why might it be useful for me?

A Load Balancer is usually put in front of your application servers and acts as the first point of contact for incoming requests. Depending on which algorithm it uses, it is then able to distribute traffic across your infrastructure. This results in increased availability, scalability and performance of your application.

Each Load Balancer has:

  • Public IPv4
  • Public IPv6
  • Private IPv4 (if added to a private Network)

Which server IPs can be added as Load Balancer targets?

You can add the public or private IPv4 of a cloud server and the public or private IPv4 of a dedicated root server (Robot account) as a Load Balancer target.

Dedicated root servers always have to belong to the owner of the project the Load Balancer is in, and they have to be managed by the same account on Hetzner Robot. On Hetzner Console, the IP address of a cloud server is automatically taken from the project and added as a target. But for dedicated root servers, the user must manually enter the IP address as the target.

The following rules apply to private IP targets:

Cloud Server

  • The cloud server and Load Balancer have to be in the same private Cloud Network.

Dedicated root server

  • The dedicated root server and Load Balancer have to be in the same private Cloud Network (vSwitch).
  • The private IP has to be within the IP range of the dedicated server's vSwitch subnet.

How many Load Balancers can I create?

Each customer has a default limit for the number of Cloud resources that we simultaneously provide. If you would like to increase your limit, you can send a request to our support team by opening a support ticket via Hetzner Console. Our team will quickly review your request and, if everything is in order, they will increase your limit.

How do you bill for Load Balancers?

We bill Load Balancers the same way as servers. They have both a monthly price cap and a price per hour.

What performance can I expect from Load Balancers?

Performance depends on your Load Balancer's configuration and workload (e.g. if you require TLS termination). Our Load Balancer plans are designed to deliver efficient and reliable distribution of traffic for most use cases.

The key factor to consider is the number of concurrent open connections each plan supports:

  • LB11 up to 10,000 connections
  • LB21 up to 20,000 connections
  • LB31 up to 40,000 connections

Larger plans are allocated more CPU and memory to handle higher demand.

We do not explicitly limit bandwidth. However, all Load Balancers scheduled on the same node share a 2x10Gbit interface, which represents a hardware-based limitation.

Similarly, we do not explicitly limit the number of new connections over time. The connection rate is limited only by the system's resource constraints.

Choose a plan that matches your application's scalability and performance needs.

Is my Load Balancer highly available?

We designed Load Balancers to be highly available. If there is a hardware failure, an automatic failover will occur, and only a short service interruption will be visible to the clients.

Which protocols do Load Balancers support?

Our Load Balancers are capable of handling any TCP based traffic as well as HTTP and HTTPS. They speak HTTP/2 by default, depending on the client's capabilities.

If you configure the service of your Load Balancer with HTTPS, the encrypted connection will terminate at the Load Balancer (TLS Termination) and not at the target. To communicate with their targets, our Load Balancers use HTTP. To use HTTPS, you will have to use a TCP service.

For health checks, on the other hand, Load Balancers can use HTTPS.

What are health checks?

Health checks protect your application against single server failures by ensuring that traffic is only routed to healthy targets. There are two types of health checks: active and passive. Our Load Balancers support both.

Active health checks are configurable and actively check in certain intervals if the Load Balancers targets are still alive and responding to requests.

Passive health checks are checks that happen passively with every request that is forwarded from the Load Balancer to a target.

Once a target is deemed unresponsive and thus "unhealthy", it is no longer used to forward requests to. The active health checks continue though, and the target will be revived when passing the configured amount of times.

What does proxy protocol mean and should I enable it?

!! Switching proxy protocol on for targets which do NOT support it will render the whole service inaccessible !!

ProxyProtocol is used to transfer the connection information across multiple layers of connections. It can be used to forward the original client's IP address to the target service. For this to work, your listening software on the target must support this feature and have it explicitly enabled.

Here is an example for how to enable it for nginx: https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/

Do Load Balancers forward special HTTP headers?

If you choose protocol http or https, the Load Balancer will add these headers to the forwarded request:

  • X-Forwarded-For - contains the IP address of the original client making the request
  • X-Forwarded-Port - contains the listen port of the Load Balancer service. So if your Load Balancer listens on port 80, it will contain 80.
  • X-Forwarded-Proto - contains the protocol the client used to contact the Load Balancer. Can be http or https.

These HTTP headers are not added when the protocol TCP is used.

How do I determine which IP address a request originally came from?

For service protocols http and https, the “X-Forwarded-For” HTTP header contains the IP address of the requesting client.

If your target service supports it, you can look into using the ProxyProtocol feature to find the IP address. For the service protocol TCP, this is the only option.

Can you send me the request log for my Load Balancer?

Load Balancers do not log individual requests for privacy, performance and cost reasons. This means, we do not have any request logs that we could send you. If you need detailed request logs, you need to setup the target servers accordingly yourself.

Can I assign a Floating IP to my Load Balancer?

Floating IPs only support cloud Servers as targets. Load Balancers themselves are highly available, so using a Floating IP is not necessary to achieve the best uptime.

Because we receive this feature request quite often, we are thinking about extending Load Balancers to support this feature in the future.

Are Load Balancers location bound?

No, targets within a Load Balancer do not have to be from the same location. Please note, however, that the Load Balancer has to be from the same network zone as its targets. IP based targets are only possible for Load Balancers in the eu-central network zone.

Network zone Locations
ap-southeast Singapore (sin)
eu-central Falkenstein (fsn1), Helsinki (hel1), Nuremberg (nbg1)
us-east Ashburn, VA (ash)
us-west Hillsboro, OR (hil)

How can I delete a certificate for my Load Balancer?

You will not find it directly at the Load Balancer but in your Projects Security settings.

So first of all click on Security in the left hand menu. After that, select Certificates on the Top. You will then see a full list of your SSL Certificates configured in Hetzner Console. On the right of a certificate, when clicking on the 3 horizontal dots, you can choose to delete a certificate in the upcoming pop-up.

Table of Contents