Dedicated Load Balancer Allowlists
If you want to allow IP addresses access to your dedicated load balancer (DLB), you must add those IP addresses, in CIDR notation, to the allowlist of the DLB.
| The allowlist works for inbound connections at the load-balancer level only, not at the CN certificate level. |
You can either add the allowed IP addresses when you create the DLB or add them to an existing DLB using either Runtime Manager or the command-line interface.
DLB Allowlist Entry Limits
The maximum number of IP address entries that you can add to the DLB allowlist depends on the inbound HTTP mode setting in the DLB configuration, which specifies the behavior of the DLB when receiving an HTTP request.
| Inbound HTTP Mode | Maximum Allowlist Entries |
|---|---|
Off |
240 |
On |
120 |
Redirect |
120 |
| If the number of entries in the DLB allowlist exceeds 120, you can’t set HTTP mode to On. |
Add an IP Address to the Allowlist of an Existing DLB
To add an IP address to the allowlist of a DLB using Runtime Manager:
-
From Anypoint Platform, click Runtime Manager.
-
Click Load Balancers and then click the load balancer name.
-
In the Allowlisted CIDRs tab, click Add New CIDR:
Figure 1. The arrow shows the Add New CIDR option in the Allowlisted CIDRs tab. -
Enter the IP address in valid CIDR format (for example,
10.2.0.0/16). -
Click Add To List.
-
If you want to delete a CIDR, hover over the … icon to display the trash can icon.
-
Click Apply Changes.
To add a range of IP addresses to the allowlist for a DLB using the CLI:
cloudhub load-balancer allowlist add myLB_name myCIDRblock
The IP addresses must be in valid CIDR format (for example, 10.2.0.0/16).
If you want to remove IP addresses from the allowlist:
cloudhub load-balancer allowlist remove myLB_name myCIDRblock