This is the 20th day of my participation in the August More Text Challenge

Security reminder: Do not test directly under the company account or production server account. First, create a personal account and set up an SLB charging by volume (public NETWORK SLB costs money, internal NETWORK SLB is free) to test

preface

SLB(Load Balance) S is a Server for Load balancing. It receives traffic from the forward CDN and firewall and distributes the traffic to back-end servers based on scheduling policies

The common nginx also has load balancing capabilities, usually distributing traffic to back-end servers according to scheduling policies

The SLB-API called here refers to the traditional load balancing in Ali Cloud load balancing

demand

Now that we are going to do secondary development based on API, what functions and goals are we going to achieve

In common business scenarios, SLB can do the following functions, but manual operation is required, so next we use code to achieve, increase automation ability

  • Grayscale release (traffic access control after project release)
  • Traffic control (Traffic distribution for different services based on rules)
  • Off-hook operation (server migration, failover, etc., remove the corresponding server and do not accept traffic)
  • Blacklist and whitelist (Restrict or allow IP access according to rules to improve service security)

implementation

Next, we started to directly copy the code, the above requirements part gray release, flow control, off-hook operation in SLB is actually all an operation for traffic distribution

  1. Off-hook operation is actually zero traffic, so you can operate the 0 traffic server at will
  2. Traffic control is to set different traffic for different servers based on server performance and deployment conditions
  3. Grayscale release is actually a process of increasing flow, that is, the flow continues to increase after passing the test

The whitelist controls which IP addresses the SLB allows and which IP addresses it does not allow

  1. The blacklist prevents certain IP addresses from accessing our services, which can be used for ddos and CC attacks.
  2. The whitelist allows access from certain IP addresses but cannot be accessed from other IP addresses. The whitelist can be used for enterprise internal services only

Visual debugging

OpenAPI Explorer provides a visual interface, and its own generation of various languages demo, very friendly for beginners

Once the call is made, you can see the results, along with the API’s documentation and parameter details, conveniently above the generated code sample

Used to the code editor to move bricks, so the rest of the editor operation

Function implementation

The specific implementation of flow control is to control the value of server weight

Weight value 0-100 0 indicates that traffic is not accepted (return to zero). 100 indicates the maximum value

If an SLB has two servers with weights of 100, traffic is distributed at 1:1 traffic. If an SLB has three servers with weights of 100, 50, and 50, traffic is distributed at 2:1:1 traffic

Flow control

package main

import (
   "flag"
   "fmt"
   "github.com/aliyun/alibaba-cloud-sdk-go/services/slb"
)

func main() {
   // Implement the off-hook function
   SLBWeight("loadBalanceInstanceId"."0"."serverInstanceId")
   // Implement grayscale publishing
   SLBWeight("loadBalanceInstanceId"."5"."serverInstanceId")
   SLBWeight("loadBalanceInstanceId"."10"."serverInstanceId")
   // Implement flow control
   SLBWeight("loadBalanceInstanceId"."100"."serverInstanceId")}// This method takes three parameters SLB instance ID weight value server instance ID
func SLBWeight(lbID string,weight string,serverId string)  {
   AccessKey ID and AccessKey Secret are API keys
   client, err := slb.NewClientWithAccessKey("cn-hangzhou"."AK"."AS")

   request := slb.CreateSetBackendServersRequest()
   request.Scheme = "https"
   request.LoadBalancerId = lbID

   request.BackendServers = "[{"ServerId": serverId, "Weight": weight, "Type":"ecs","Port":"80","Description":""}]"

   fmt.Println("request is: ",request.BackendServers)
   response, err := client.SetBackendServers(request)
   iferr ! = nil { fmt.Print(err.Error()) } fmt.Printf("response is %#v\n", response.BackendServers.BackendServer)

}
Copy the code

Black and white list

You need to create a blacklist and whitelist in advance on the SLB. You need to create a blacklist policy group and a whitelist policy group in sequence to add IP addresses to the corresponding policy group

package main

import (
   "fmt"
   "github.com/aliyun/alibaba-cloud-sdk-go/services/slb"
)

func main() {
   // Implement a blacklist
   SLBAccessControl("blackListId"."ip")
   // Implement whitelist
   SLBAccessControl("whiteListId"."ip")}// This method requires two parameters to access the IP to be restricted by the instance control group ID
func SLBAccessControl(acID string,ipEntry string)  {
   client, err := slb.NewClientWithAccessKey("cn-hangzhou"."<accessKeyId>"."<accessSecret>")

   request := slb.CreateAddAccessControlListEntryRequest()
   request.Scheme = "https"
   request.AclId = "acID"
   request.AclEntrys = `[{"entry":ipEntry,"comment":""}]`

   response, err := client.AddAccessControlListEntry(request)
   iferr ! = nil { fmt.Print(err.Error()) } fmt.Printf("response is %#v\n", response)
}
Copy the code

conclusion

SLB API calls are generally simple and further integrated with projects as util packages by writing Web projects to provide interfaces

Find documentation or instructions on the OpenAPI Explorer page for any problems with API calls