Load balancer as a service OpenStack LbaaS
The following guide will show you how to deploy a LoadBalancer in Openstack with Neutron, but first, you should understand how it works, and what his components do.
A Load Balancer is composed of the following components:
Pool - A pool is a group of servers(members) who are designed to make
the same job, generally, a pool of web servers is used for balancing
traffic between the members of the pool. Here we will configure the
Load Balancing Method (ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP)
Members - Members are instances, a server, any aplication that you
can balance the load. They are assigned as pool members.
VIP - VIPs are Virtual IPs that logically represents the pool
members. It is the IP where the load will be balanced between
instances.
Healthmonitor - Healthmonitor will check if the members of a pool are
healthy, if an member is not working or the port/protocol monitored
is down, healthmonitor will send a message to the pool to not balance
the load to this member.
Now will create a Pool with 2 members, this Pool have a VIP and a Healthmonitor on it.
First we create a Pool
[stack@localhost devstack]$ neutron lb-pool-create --lb-method ROUND_ROBIN --name LoadBalancerPool --protocol HTTP --subnet-id e5a90ab2-918e-412b-9723-0d822804f022
Created a new pool:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| health_monitors | |
| health_monitors_status | |
| id | 3eb0d41c-3df5-4beb-9758-ebfef56909df |
| lb_method | ROUND_ROBIN |
| members | |
| name | LoadBalancerPool |
| protocol | HTTP |
| provider | haproxy |
| status | PENDING_CREATE |
| status_description | |
| subnet_id | e5a90ab2-918e-412b-9723-0d822804f022 |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
| vip_id | |
+------------------------+--------------------------------------+Next boot 2 instances in the same network
[stack@localhost devstack]$ nova boot --flavor m1.tiny --image 6a3a7880-bc6f-454d-9a62-d9c2d268ef78 --security-groups default --nic net-id=daddce32-b6e8-4e3f-bd55-32459ed327ea WebServer1
[stack@localhost devstack]$ nova boot --flavor m1.tiny --image 6a3a7880-bc6f-454d-9a62-d9c2d268ef78 --security-groups default --nic net-id=daddce32-b6e8-4e3f-bd55-32459ed327ea WebServer2
[stack@localhost devstack]$ nova list
+--------------------------------------+------------+--------+------------+-------------+------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------------+--------+------------+-------------+------------------+
| c10e63c6-f342-4d1c-ae22-146c392ce398 | WebServer1 | BUILD | spawning | NOSTATE | private=10.0.0.3 |
| ceef9e6b-6198-4118-8027-00898dee1abe | WebServer2 | BUILD | spawning | NOSTATE | private=10.0.0.4 |
+--------------------------------------+------------+--------+------------+-------------+------------------+Assign both instances to the Pool
[stack@localhost devstack]$ neutron lb-member-create --address 10.0.0.3 --protocol-port 80 LoadBalancerPool
Created a new member:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| address | 10.0.0.3 |
| admin_state_up | True |
| id | a6de6bf0-3191-4721-aa01-5781ff05876e |
| pool_id | 3eb0d41c-3df5-4beb-9758-ebfef56909df |
| protocol_port | 80 |
| status | PENDING_CREATE |
| status_description | |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
| weight | 1 |
+--------------------+--------------------------------------+
[stack@localhost devstack]$ neutron lb-member-create --address 10.0.0.4 --protocol-port 80 LoadBalancerPool
Created a new member:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| address | 10.0.0.4 |
| admin_state_up | True |
| id | 9688a770-6494-4599-88fa-6afcd18c4dd1 |
| pool_id | 3eb0d41c-3df5-4beb-9758-ebfef56909df |
| protocol_port | 80 |
| status | PENDING_CREATE |
| status_description | |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
| weight | 1 |
+--------------------+--------------------------------------+Then create a Healthmonitor and associate it to the Pool
[stack@localhost devstack]$ neutron lb-healthmonitor-create --timeout 3 --max-retries 3 --delay 60 --type HTTP
Created a new health_monitor:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| admin_state_up | True |
| delay | 60 |
| expected_codes | 200 |
| http_method | GET |
| id | cb73f8fd-14ea-4937-aa10-019e3da8432f |
| max_retries | 3 |
| pools | |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
| timeout | 3 |
| type | HTTP |
| url_path | / |
+----------------+--------------------------------------+
[stack@localhost devstack]$ neutron lb-healthmonitor-associate cb73f8fd-14ea-4937-aa10-019e3da8432f LoadBalancerPool
Associated health monitor cb73f8fd-14ea-4937-aa10-019e3da8432fCreate a VIP to the Pool
[stack@localhost devstack]$ neutron lb-vip-create --name LoadBalancerVIP --protocol-port 80 --protocol HTTP --subnet-id e5a90ab2-918e-412b-9723-0d822804f022 LoadBalancerPool
Created a new vip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| address | 10.0.0.5 |
| admin_state_up | True |
| connection_limit | -1 |
| description | |
| id | 4e3c2b84-a286-4999-a258-51c44965a81a |
| name | LoadBalancerVIP |
| pool_id | 3eb0d41c-3df5-4beb-9758-ebfef56909df |
| port_id | d4ed46ac-aabf-40b6-8f28-1a2013971391 |
| protocol | HTTP |
| protocol_port | 80 |
| session_persistence | |
| status | PENDING_CREATE |
| status_description | |
| subnet_id | e5a90ab2-918e-412b-9723-0d822804f022 |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
+---------------------+--------------------------------------+Create a floating IP to the VIP
[stack@localhost devstack]$ neutron floatingip-create 23101147-e724-4574-82c7-a05ccb661d4d
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 172.24.4.3 |
| floating_network_id | 23101147-e724-4574-82c7-a05ccb661d4d |
| id | 62fbf609-77db-4471-b6ae-9fe25a091a21 |
| port_id | |
| router_id | |
| status | DOWN |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
+---------------------+--------------------------------------+Associate the floating IP with the VIP port
[stack@localhost devstack]$ neutron floatingip-associate 62fbf609-77db-4471-b6ae-9fe25a091a21 d4ed46ac-aabf-40b6-8f28-1a2013971391
Associated floating IP 62fbf609-77db-4471-b6ae-9fe25a091a21Create security rules to allow HTTP, SSH and ICMP traffic
[stack@localhost devstack]$ neutron security-group-rule-create --protocol TCP --port-range-min 80 --port-range-max 80 be0b2264-744a-48b8-9a1e-033227d78f2b
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 4635cbb6-d939-40b3-ac11-637c8b63b027 |
| port_range_max | 80 |
| port_range_min | 80 |
| protocol | tcp |
| remote_group_id | |
| remote_ip_prefix | |
| security_group_id | be0b2264-744a-48b8-9a1e-033227d78f2b |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
+-------------------+--------------------------------------+
[stack@localhost devstack]$ neutron security-group-rule-create --protocol icmp be0b2264-744a-48b8-9a1e-033227d78f2b
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 988329a1-d686-4541-8950-a22c721f847b |
| port_range_max | |
| port_range_min | |
| protocol | icmp |
| remote_group_id | |
| remote_ip_prefix | |
| security_group_id | be0b2264-744a-48b8-9a1e-033227d78f2b |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
+-------------------+--------------------------------------+
[stack@localhost devstack]$ neutron security-group-rule-create --protocol TCP --port-range-min 22 --port-range-max 22 be0b2264-744a-48b8-9a1e-033227d78f2b
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | d18724dc-2eda-4031-be88-202a73c30c24 |
| port_range_max | 22 |
| port_range_min | 22 |
| protocol | tcp |
| remote_group_id | |
| remote_ip_pref |
| security_group_id | d7412bb3-9824-4eb7-bc4b-cd80ab6a570d |
| tenant_id | b1aaddea9f694e60aea5f1c0d1dd7c24 |
+-------------------+--------------------------------------+Login to both instances and run the command below to run a "webserver".
[stack@localhost devstack]$ ssh cirros@INSTANCEIP
The authenticity of host '10.0.0.3 (10.0.0.3)' can't be established.
RSA key fingerprint is 94:00:8e:fe:9a:9d:af:ef:bc:e3:fd:9d:ad:d3:ab:a3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.3' (RSA) to the list of known hosts.
$ while true; do echo -e 'HTTP/1.0 200 OK \r\n\r\nServer1' | sudo nc -l -p 80 ; done
$ while true; do echo -e 'HTTP/1.0 200 OK \r\n\r\nServer2' | sudo nc -l -p 80 ; doneIf we check with curl the VIP's floating IP, we'll see that in every connection one of both servers reply with his name.
[stack@localhost ~]$ curl http://172.24.4.3
Server1
[stack@localhost ~]$ curl http://172.24.4.3
Server2
[stack@localhost ~]$ curl http://172.24.4.3
Server1
[stack@localhost ~]$ curl http://172.24.4.3
Server2Last updated