Home
Support
Product Support
Wireless
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure
Configuration Guides

Unified Load Balancer Configuration and Administration Guide, Release 2026.02

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Introduction to Unified Load Balancer

ULB overview
ULB key features and capabilities
Benefits of using ULB
Limitations

ULB deployment architecture

Key components of ULB

Getting started

Requirements
Initial configurations for on-premise deployment

Deploy and configure ULB through Ops center

ULB Ops center
Prerequisites for ULB deployment
Deploy the ULB
Access the ULB Ops center

Unified Load Balancer traffic distribution

How the ULB works

ULB features and configuration

Resilience and traffic convergence via BGP and BFD
Neighbor discovery
Core dump generation
Service outbound route (SOR)
Support for data path metrics based on eBPF
Miscellaneous configurations

Performance metrics and KPIs

ULB operator metrics
ULB agent metrics

Sample custom resource definitions for load balancer and egress management policy

Load balancer CR (IPv4)
Load balancer CR (IPv6)
Egress management policy CR for stateful pods (IPv4)
Egress management policy CR for stateful pods (IPv6)
Egress management policy CR for stateless pods (IPv4)
Egress management policy CR for stateless pods (IPv6)
Egress management policy CR for stateful pods without port ranges (IPv4)
Service outbound route (SOR) IPv4
Service outbound route (SOR) IPv6

Service outbound route (SOR)

Updated: April 23, 2026

Want to summarize with AI?

On this page

Overview

Benefits of implementing SOR
Limitations and restrictions with SOR
How the SOR feature works

Overview

Explains the Service Outbound Route (SOR) feature, including its technical implementation, operational benefits, limitations, and how SOR works within Kubernetes clusters.

The Service Outbound Route (SOR) feature provides a policy-based mechanism to isolate outbound traffic for applications within a Kubernetes cluster. It eliminates the need for manual configuration of static routes by allowing administrators to define custom routing policies using a Custom Resource (CR). The SOR CR is referenced by Load Balancer (LB) CRs for Direct Server Return (DSR) and Egress Management Policy (EMP) CRs for egress traffic.

Benefits of implementing SOR

Simplified network configuration: Automates the configuration of outbound routing, reducing manual effort and potential errors.
Enhanced security: Isolates outbound traffic, enabling more granular control and security policies.
Improved compliance: Facilitates adherence to compliance requirements by ensuring outbound traffic follows defined paths.
Resource optimization: Reduces the operational overhead associated with managing static routes.

Limitations and restrictions with SOR

Backend application pods must use separate target ports for different applications or interfaces in the respective LB or EMP CRs.
This feature is applicable only for LB/EMP CRs that have a target port defined.
Currently, SOR is only applicable for UDP traffic.

How the SOR feature works

The SOR feature in the ULB isolates outbound traffic using routing tables and rules. For applications that require outbound traffic isolation, the network administrator creates an SOR CR that specifies the next-hop (gateway IP address) and device (network interface). The load balancer and endpoint custom resources reference this SOR CR to manage routing.

Network administrator creates an SOR CR specifying next-hop and device.
ULB assigns routing table ID and configures routes.
Load balancer and endpoint custom resources reference the SOR CR.

Summary

The main actors and components involved in this process are:

Network administrator: Creates and manages SOR CRs for outbound traffic isolation.
ULB (Unified Load Balancer): Assigns routing table IDs and configures routes based on SOR CRs.
Load balancer and endpoint custom resources: Reference SOR CRs to manage routing for associated pods.

This process ensures that outbound traffic from pods is routed through the specified gateway, enabling controlled and efficient routing for outbound requests.

Workflow

These stages describe how the SOR feature manages outbound traffic routing using SOR CRs and routing tables.

The network administrator creates an SOR CR specifying the next-hop (gateway IP address) and device (network interface).
The ULB assigns a unique routing table ID and configures routes using the specified next-hop and device.
Load balancer and endpoint custom resources reference the SOR CR to manage routing for associated pods.
IP rules are set so that pod traffic uses the corresponding routing table. Updates or deletions of pods trigger changes or removal of these IP rules. Iptables are adjusted for load balancer events.
When a pod generates outbound traffic, the routing table linked to the SOR CR ensures the traffic is sent through the configured gateway.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.