Application Load Balancer (ALB) supports load balancing for Google Remote Procedure Call (gRPC) services. gRPC supports only frontend encryption and backend plaintext. This topic describes how to configure a gRPC server group on an ALB instance, configure an HTTPS listener, enable HTTP/2.0, and configure health checks for the ALB instance to forward gRPC requests to the gRPC server group.

Scenario

The following scenario is used as an example in this topic. A company deployed a gRPC service in a virtual private cloud (VPC) that is deployed in the China (Hangzhou) region. An ALB instance and a gRPC server group are deployed in the VPC. On the ALB instance, an HTTPS listener is configured, HTTP/2.0 is enabled, and gRPC health checks are configured. The company wants to use the ALB instance to forward gRPC requests from clients in the China (Hangzhou) region to the gRPC service in the VPC. grpc

Prerequisites

  • A VPC is created in the China (Hangzhou) region. A vSwitch is deployed in each of Zone H and Zone I. For more information, see Create a VPC and a vSwitch.
  • Required certificates are deployed. If the certificates are purchased from a third-party service provider, you must upload them to Certificate Management Service. In addition, make sure that the certificates are associated with your domain name. For more information about how to apply for a certificate, see Submit a certificate application.
  • An Elastic Compute Service (ECS) instance is deployed in the VPC. A gRPC service is deployed on the ECS instance. Another ECS instance that serves as a client is deployed in the region to send requests to the backend server. For more information, see Create an instance by using the wizard.
    Note
    • For more information about how to deploy a gRPC service on an ECS instance, see the gRPC documentation.
    • Make sure that the ECS instances in the VPC and the ALB instance are deployed in the same region. In addition, make sure that the ALB instance and the ECS instances belong to the same VPC.
    • Make sure that the zones of the ECS instances are included in the zones of the ALB instance.

Procedure

en

Step 1: Create an ALB instance

  1. Log on to the ALB console.
  2. On the Instances page, click Create ALB.
  3. On the ALB (Pay-As-You-Go) International Site buy page, set the following parameters and click Buy Now.
    Parameter Description
    Region Select the region where you want to create the ALB instance. In this example, China (Hangzhou) is selected.
    Network Type Select a network type. Public-facing is selected in this example.
    VPC Select the VPC where you want to deploy the ALB instance.
    Zone
    1. Select two or more zones. Hangzhou Zone H and Hangzhou Zone I are selected in this example.
    2. Select a vSwitch in each of the zones. In this example, a vSwitch in Zone H and a vSwitch in Zone I are selected.
    IP Mode Select an IP mode for the ALB instance. In this example, Static IP is selected.
    Edition Select an edition for the ALB instance. In this example, Basic is selected.
    Associate with EIP Bandwidth Plan Specify whether to associate the ALB instance with an EIP bandwidth plan. In this example, the ALB instance is not associated with an EIP bandwidth plan.
    Billing Method By default, Pay-By-Data-Transfer is selected.
    Name Enter a name for the ALB instance.
    Resource Group Select the resource group to which the ALB instance belongs.

Step 2: Create a server group and add backend servers to the server group

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where you want to create a server group. China (Hangzhou) is selected in this example.
  3. In the left-side navigation pane, choose ALB > Server Group.
  4. On the Server Group page, click Create Server Group.
  5. In the Create Server Group dialog box, set the parameters and click Create.
    The following table describes some of the parameters. Keep the default values for other parameters. For more information about the parameters, see Create a server group.
    Parameter Description
    Server Group Type: Select a server group type. In this example, Server Type is selected.
    Server Group Name Enter a name for the server group.
    VPC Select a VPC from the VPC drop-down list. Only servers in the VPC can be added to the server group.
    Backend Server Protocol Select a protocol used by the backend servers. In this example, gRPC is selected.
    Scheduling Algorithm Select a scheduling algorithm. In this example, Weighted Round-Robin is selected.
    Select a resource group. Select the resource group to which the server group belongs.
    Session Persistence Specify whether to enable session persistence. In this example, the default value is used. Session persistence is disabled.
    Configure Health Check Specify whether to enable health check. In this example, health check is enabled and cannot be disabled.
    Advanced Settings If you enable health check, you can click Modify next to Advanced Settings to configure advanced settings.
    Select and Load Health Check Select and load a health check template. In this example, Custom Health Check is selected.
    Health Check Protocol Select the protocol of the health check. Valid values: In this example, gRPC is selected.
    Health Check Method Specify a health check method. In this example, POST is selected by default.
    Health Check Port Specify the ports that are probed by health checks. In this example, Backend Server Port is selected by default.
    Health Check Status Codes Enter one or more HTTP status codes. The specified HTTP status codes are returned if the ports pass the health check. In this example, 12 is used.
  6. On the Server Group page, find the server group and click its ID.
  7. Click the Backend Servers tab and click Add Backend Servers.
  8. In the Add Backend Servers panel, select the ECS instance created in Step 1 and click Next.
  9. On the Ports/Weights page, set the port and weight of the ECS instance and click OK.
    In this example, the port is set to 9100 and the weight is set to 100.
    Note The ECS instance and the gRPC service must use the same port.

Step 3: Configure a listener

  1. Log on to the ALB console.
  2. On the Instances page, find the ALB instance that you want to manage and click the ID of the instance.
  3. Click the Listener tab and click Create Listener.
  4. On the Configure Listener page, set the following parameters and click Next.
    The following table describes some of the parameters. Keep the default values for other parameters. For more information, see Add an HTTPS listener.
    Parameter Description
    Select Listener Protocol Select a protocol for the listener. HTTPS is selected in this example.
    Note Only HTTPS is supported when the backend servers use the gRPC protocol.
    Listener Port Set the listening port that is used to receive requests and forward them to the backend servers. Port 443 is used in this example.
    Listener Name Enter a name for the listener.
    Advanced Settings In this example, the default settings are used. You can click Modify to modify the settings.
    Enable HTTP/2 Specify whether to enable HTTP/2.0. HTTP/2.0 is enabled in this example.
    Note HTTP/2.0 must be enabled when the backend servers use the gRPC protocol.
    WAF Protection Specify whether to enable Web Application Firewall (WAF) protection for the listener. WAF is disabled in this example.
  5. On the Configure SSL Certificates page, select an SSL certificate from the Select Server Certificate drop-down list. Keep the default values for the other parameters and click Next.
  6. On the Server Group page, select Server Type and select a server group from the Server Type drop-down list. Check the server group information and click Next.
  7. On the Confirm page, confirm the configurations and click Submit.
  8. Click OK to return to the Listener tab. If the Health Check Status column displays Normal, the ECS instance can process requests forwarded by the ALB instance.

Step 4: Test network connectivity

After you complete the preceding steps, the ALB instance allows the ECS instance that serves as a client to access the ECS instance that serves as a backend server where the gRPC service is deployed. The following procedure shows how to test the connectivity between the client and the gRPC service:
  1. Remotely log on to the ECS instance that serves as a client. For more information, see Guidelines on ECS instance connection.
  2. Run the following command on the ECS instance to access the other ECS instance, which is deployed in the VPC: 
    grpcurl -insecure -v [ALB domain name]:[listening port] helloworld.Greeter/SayHello
    The following figure shows the echo reply packet, which indicates that the client can access the gRPC service through the ALB instance. results