# Backend Services
## Video Walkthrough (with an emphasis on Load Balancing)
{% embed url="" %}
## Overview
This section defines the Backend Services that Link11 WAAP will protect. In other words, these are the destinations to which Link11 WAAP will send the (legitimate) traffic it receives.
A Service consists of one or more endpoints (defined in the [Endpoint List](#endpoint-list-not-labeled-in-the-ui), discussed below). Each Service can receive traffic for multiple web applications, and for multiple resources/locations within each web application.
For a single Service, you can define multiple endpoints. Within them you can:
* Enable and configure load balancing, weighting and distributing traffic across your primary endpoints.
* Define backups hosts, to which L11WAAP will failover your traffic when your primary hosts aren’t available.
* Take hosts offline for maintenance by ticking a single box in the interface.
## Usage within applications and APIs
Backend Services are designated to receive traffic for specific destination URLs in [Server Groups](/console-walkthrough/sites/server-groups.md).
## Administration
The main window (shown above) lists all currently defined Backend Services.
The administration (addition/deletion/editing/versioning) of these Services follows the conventions described [here](/how-link11-waap-works/ui-overview-and-common-elements.md#configuration-and-administration).
## Parameters
### Name
A name for this Service, to be used within the interface.
### Use HTTP/1.1
Enables HTTP 1.1, which can increase performance due to multiplexing.
### Description
Information about this Service, for use within the interface.
### Transport Protocol
This configures the communication between L11WAAP and the backend.
| Option | Value |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Per Request** | This is the default mode. Incoming HTTP requests will go over HTTP, and incoming HTTPS requests will go over HTTPS. |
| **HTTP Always** | All communication between L11WAAP and the backend will be over HTTP. (This mode should not be used unless L11WAAP runs within the same cloud as the backend.) |
| **HTTPS Always** | All communication between L11WAAP and the backend will be over HTTPS. |
| **Port Bridge Mode** | Link11 WAAP will use the same port as the incoming request. This is not limited to ports 80 and 443; L11WAAP will use whatever port was specified. Note: this mode is not available when more than one host is defined. |
### Load Balancing Stickiness Model
Sometimes an application requires a user to be connected to the same instance and backend endpoint throughout the session. L11WAAP can ensure that this occurs, and can do so using a variety of methods.
| Setting | Behavior |
| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **None** | This is the default. Requests will be distributed across the endpoints in a round-robin fashion, according to the Weights assigned to them (described below in the ). |
| **Auto Cookie** | L11WAAP will automatically generate a cookie to maintain the session on the same endpoint. |
| **Custom Cookie** | You can provide the name of the cookie that L11WAAP will use to track the session, e.g. one generated by an AWS or GCP load balancer. |
| **IP Hash** | Routing will be determined from a hash of the client and destination IP addresses. |
| **Least Connection** | Requests will be sent to the endpoint with the fewest number of connections. |
### Server-to-Backend mTLS Certificate
The certificate to use for mTLS communication between Link11 WAAP and the customer origin.
* The available certificates are those defined in the *Server-to-Backend mTLS Certificates* tab of the [Certificates](/console-walkthrough/sites/ssl/certificates.md#overview) page.
* To use this feature, it must first be [enabled in the System DB](/console-walkthrough/system/system-db.md#enabling-certificates-for-mtls).
### Endpoint List (not labeled in the UI)
This is a list of one or more endpoints. The settings for each endpoint in the list are as follows.
| **Attribute** | **Description** |
| ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Host** |
The name or IP address for each endpoint that L11WAAP protects. (Do not enter self-referential values such as 127.0.0.0/8, 0.0.0.0, ::1/128, ::0/128 or “localhost”.)
The host can be a normal web server, or it can be a load-balancer. Note that L11WAAP also provides load-balancing capabilities in its own right, as discussed below.
In Port Bridge Mode, it is possible to specify more than one host, separated by commas (as in the screenshot above).
|
| **HTTP Port** | The HTTP port(s) for the server. To add a port, click in the field, and enter the port number into the "Search" field. |
| **HTTPS Port** | The HTTPS port(s) for the server. To add a port, click in the field, and enter the port number into the "Search" field. |
| **Weight** | The relative weight of each server for load-balancing purposes. L11WAAP distributes traffic with a round-robin sequence, according to these weights. For example, if two servers are both set to 'weight=1', they will receive equal amounts of traffic. If the first is set to 'weight=3' while the second is set to 'weight=1', the first server will receive three visitors for every single visitor that the second server receives. |
| **Max Fails** | The maximum number of failed communication attempts that are allowed for this server. Once this number of failures occurs, L11WAAP will consider the server to be inactive. If other servers are available, L11WAAP will failover the traffic to them. If this was the only server available, the system will return an error to the client (either 504 Timeout, or 502 Bad Gateway). |
| **Fail Timeout** | When a server fails, this is the length of time in seconds that L11WAAP will wait before trying to send traffic to it again. |
| **Is Down?** | When this box is checked, L11WAAP will not attempt to communicate with this server. This allows you to take a server offline for temporary maintenance or some other purpose. |
{% hint style="info" %}
There is currently a bug when adding a new endpoint to a list of existing endpoints. The second one will have its *Is Down?* checkbox disabled. \
\
Workaround: if you wish to add a "down" endpoint, begin by defining and adding it in "up" mode. Then, edit it; the *Is Down?* checkbox will be available.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://waap.docs.link11.com/console-walkthrough/sites/backend-services.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.