We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Learn more →

How To Balance TCP Traffic with DigitalOcean Load Balancers

PostedFebruary 14, 2017 7.8k views Load Balancing DigitalOcean Clustering


DigitalOcean Load Balancers can be used to distribute traffic among a pool of Droplets for better performance and availability. While many applications communicate using HTTP or HTTPS, its secure variant, there are a large number of applications that interface using TCP.

In this guide, we will demonstrate how to set up TCP balancing using DigitalOcean Load Balancers. As an example, we will be balancing traffic to a MariaDB Galera cluster, but the Load Balancing steps will be applicable to a wider range of software.


As stated above, we will be using a Galera cluster to demonstrate TCP balancing. Before you begin, you will need to follow our MariaDB Galera cluster on Ubuntu 16.04 to set up a three server cluster.

After following the above tutorial, you will have:

  • A Galera cluster spanning three Droplets
  • A sample database called playground that contains an equipment table
  • A sudo user on each Droplet
  • A firewall policy that allows cluster communication between the three nodes

You will also need a client machine to connect to the cluster through the Load Balancer. We will use an Ubuntu 16.04 Droplet for this. Set up a sudo user on this machine by following the Ubuntu 16.04 initial server setup guide.

Once the servers your servers are up and running, you should be ready to continue below.

Configuring an External Database User

Before we configure a Load Balancer as a frontend to the Galera cluster, we need to configure remote access on the database. We will add a remote user with access to the playground database that was created in the prerequisites.

To begin, log into one of your Galera Droplets with your sudo user.

Start an interactive shell with MariaDB by typing:

  • mysql -u root -p

You will be asked to provide the password for the MariaDB root account. After entering it correctly, you will be dropped into an interactive MariaDB shell.

Verify that the playground database is available by typing:


You should see the playground database among the results:

+--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | playground | +--------------------+ 4 rows in set (0.00 sec)

Next, we will create a new remote user with full access to this database. Since DigitalOcean Load Balancers are a highly available service with automatic failover, connections coming from the Load Balancer may not always originate from the same IP address.

Because of this, we will need to create rather permissive user that is not limited by the remote connecting address. We will create a remoteuser account and give it full access to the playground database. Be very careful to choose a strong password for this account:

  • GRANT ALL ON playground.* TO 'remoteuser'@'%' IDENTIFIED BY 'strong_password';
Query OK, 0 rows affected (0.01 sec)

Flush the privileges to make sure that the changes are implemented:

Query OK, 0 rows affected (0.00 sec)

Back out of the MariaDB session and return the shell by typing:

  • exit

The cluster now has a remote user account that can be used to access the playground database.

Setting Up the MariaDB Client Droplet

Before setting up the Load Balancer, we will configure the MariaDB client Droplet and test the remote database user we just added. Connect to the MariaDB client Droplet as your sudo user.

We will install the MariaDB client software from the default Ubuntu repository so that we can connect to the nodes in the cluster. Update the local package index and install the client by typing:

  • sudo apt-get update
  • sudo apt-get install mariadb-client

After the installation is complete, we will test to make sure the remote user we set up on the Galera cluster is working as expected.

Connect to the playground database on any of the Galera server's public IP addresses with the MariaDB client command:

  • mysql -u remoteuser -p -h galera_server_IP playground

You will be prompted for the remoteuser password that you set in the last section. Afterwards, you will be dropped into an interactive session.

Display the contents of the equipment table to verify that everything is functioning correctly:

  • SELECT * FROM equipment;
+----+--------+-------+--------+ | id | type | quant | color | +----+--------+-------+--------+ | 4 | slide | 2 | blue | | 8 | swing | 10 | yellow | | 12 | seesaw | 3 | green | +----+--------+-------+--------+ 3 rows in set (0.00 sec)

After verifying access to the database, exit back to the shell by typing:

  • exit

We have verified that the client can connect to the individual cluster members. Now we are ready to set up a Load Balancer in front of the cluster to balance requests among each of the nodes.

Creating a TCP Load Balancer

We have everything we need to create a DigitalOcean Load Balancer to manage connections to the cluster.

Begin by navigating to the Load Balancer section of the DigitalOcean control panel. Click Networking in the top menu and then select Load Balancers:

DigitalOcean Load Balancer nav

Next, create a new Load Balancer by clicking Create Load Balancer:

create new DigitalOcean Load Balancer button

You will be taken to the Load Balancer creation page. Choose a name for your Load Balancer. These can be composed of letters, digits, periods, and dashes.

Afterward, add each of the Galera Droplets to the Load Balancer in the Add Droplets section. The easiest way to do this is start typing each of the Droplet's name and then selecting them. This should automatically select your region:

Add Galera nodes to Load Balancer

Next, in the Forwarding rules section, we will modify the existing rule.

Click the drop down menu in the first field to change HTTP to TCP. Change the port in both the Load Balancer side and the Droplet side from 80 to 3306, the MariaDB listening port:

Change default forwarding rule in DigitalOcean Load Balancer

Next, click on the Edit Advanced Settings button within the Advanced settings section:

Edit advanced settings in DigitalOcean Load Balancer

In the expanded interface, in the Health checks section, an HTTP health check is defined by default. Since the Galera cluster does not use HTTP, this health check would fail.

Modify the health check by choosing TCP from the drop down in the first field. In the Port field, change the value from 80 to 3306:

Change DigitalOcean Load Balancer health check

When you are finished, click the Create Load Balancer button:

Create DigitalOcean Load Balancer button

Your Load Balancer will begin the creation process. This may take a few minutes to complete.

Connecting the Galera Cluster Through the Load Balancer

Once the Load Balancer is available, we can connect to the Galera cluster by connecting to the Load Balancer.

You can find your Load Balancer's public IP address by visiting the Load Balancer index page within the DigitalOcean control panel again. Click Networking in the top menu and then select Load Balancers. The Load Balancer IP address will be listed:

Find DigitalOcean Load Balancer IP address

We will perform two separate checks to make sure the Load Balancer is functioning properly.

Verify That the Cluster Can Be Reached Through the Load Balancer

On your MariaDB client Droplet, connect to the Load Balancer's public IP address using the MariaDB client. We will connect to the playground database again, using the same syntax as last time:

  • mysql -u remoteuser -p -h load_balancer_IP playground

You will be prompted for the remoteuser password. Afterwards, you will be dropped into an interactive MariaDB session.

Verify that you can display the equipment table contents exactly as you could when connecting to the Galera machines directly:

  • SELECT * FROM equipment;
+----+--------+-------+--------+ | id | type | quant | color | +----+--------+-------+--------+ | 4 | slide | 2 | blue | | 8 | swing | 10 | yellow | | 12 | seesaw | 3 | green | +----+--------+-------+--------+ 3 rows in set (0.00 sec)

Exit the MariaDB session by typing:

  • exit

If you have connected to the Load Balancer IP address and are able to display the table contents, the Load Balancer is correctly forwarding traffic.

Verify Backend Rotation on Multiple Connections

Next, we should verify that the Load Balancer is correctly balancing requests among the available backends.

To do this, we will connect to the Load Balancer's IP address repeatedly and ask it to display the node that is handling the request each time. If the Load Balancer is passing off requests appropriately, the information should reflect different backends.

The wsrep_node_address and wsrep_node_name holds each node's Galera name and IP address. We can query for this information by typing:

  • mysql -u remoteuser -p -h load_balancer_IP playground -e 'SHOW VARIABLES LIKE "wsrep_node%";'

You will be prompted for the remoteuser password again. After entering it, you should see output that looks similar to this:

+-----------------------------+------------------+ | Variable_name | Value | +-----------------------------+------------------+ | wsrep_node_address | node2_IP_address | | wsrep_node_incoming_address | AUTO | | wsrep_node_name | node2 | +-----------------------------+------------------+

The node name and IP address you see will reflect the values of the Galera cluster node that responded to the request.

To verify that the Load Balancer is distributing requests among the backend servers, issue the request again:

  • mysql -u remoteuser -p -h load_balancer_IP playground -e 'SHOW VARIABLES LIKE "wsrep_node%";'

Again, you will be prompted for the remoteuser password. This time, the results should reflect a new backend:

+-----------------------------+------------------+ | Variable_name | Value | +-----------------------------+------------------+ | wsrep_node_address | node3_IP_address | | wsrep_node_incoming_address | AUTO | | wsrep_node_name | node3 | +-----------------------------+------------------+

Issue the same command again:

  • mysql -u remoteuser -p -h load_balancer_IP playground -e 'SHOW VARIABLES LIKE "wsrep_node%";'

After entering the password, you should see the information for your last Galera server:

+-----------------------------+------------------+ | Variable_name | Value | +-----------------------------+------------------+ | wsrep_node_address | node1_IP_address | | wsrep_node_incoming_address | AUTO | | wsrep_node_name | node1 | +-----------------------------+------------------+

This sequence will repeat as additional requests are made. This verifies that the Load Balancer is correctly alternating between our backend Droplets.


This guide demonstrated how to balance TCP traffic with DigitalOcean Load Balancers. We set up a Galera cluster as an example TCP application, but the configuration of the Load Balancer should be similar for other TCP balancing tasks.


Creative Commons License