Neutron includes a service known as Load Balancing as-a-Service (LBaaS), which provides users with the ability to create load balancers that balance traffic to applications deployed across instances in the cloud. In a reference architecture, Neutron relies on an open source load balancing package known as HAProxy to provide the load balancing functionality. Much like the Neutron L3 agent handles virtual routers and the DHCP agent handles virtual DHCP servers, the Neutron LBaaS agent handles the construction and configuration of virtual load balancers upon request.
There are three major components to a load balancer in OpenStack:
A pool member describes a layer 4 object that is composed of the IP address and port of a service residing on an instance. For example, a pool member might be a web server with a configured address of 10.30.0.2
listening on TCP port 80
.
A pool is a group of pool members serving identical content.
A listener is an object that represents a virtual IP (VIP) and port that is listening on the load balancer itself. Traffic to the virtual IP will be balanced among the members of the associated pool.
Additional components, such as health monitors and L7 policies, help extend the usefulness and functionality of a load balancer, but are not required.
The workflow for creating a functioning load balancer is as follows:
As of the Pike release of OpenStack, load balancer-related commands are not available in the OpenStack client. Instead, the neutron
client should be used. Load balancers in OpenStack can be created using the neutron lbaas-loadbalancer-create
command.
You will need the following details, at a minimum, for the load balancer:
A name is also recommended. For our example, the following will be used:
COOKBOOK_LOADBALANCER_1
COOKBOOK_TENANT_SUBNET_1
With the Neutron client installed on our system, we are now able to create a load balancer object with the following command:
neutron lbaas-loadbalancer-create COOKBOOK_TENANT_SUBNET_1 --name COOKBOOK_LOADBALANCER_1
The output will resemble the following:
Load balancers are created with the following syntax:
neutron lbaas-loadbalancer-create VIP_SUBNET [--name NAME]
When a load balancer is created, OpenStack assigns an IP address known as a virtual IP. The VIP will be used by clients to access the load-balanced application. Creating a load balancer object is only the first step in load balancing traffic to instances. The next steps, creating a listener, pool, and health monitor will be discussed in the following sections.
Pools that are associated with load balancers are objects that represent a collection of instances that receive traffic sent to the VIP. Load balancing pools in OpenStack can be created using the neutron lbaas-pool-create
command.
You will need the following details, at a minimum, for the pool:
A name is also recommended. For our example, the following will be used:
COOKBOOK_POOL_1
ROUND_ROBIN
HTTP
COOKBOOK_LOADBALANCER_1
A load balancer can be associated with multiple listeners, which in turn can be associated with their own respective pool. A common scenario for this type of set up would be a load balancer with a listener on port 80
and another on port 443
, each with their respective backend pool.
With the Neutron client installed on our system, we are now able to create a load balancer pool with the following command:
neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --protocol HTTP --loadbalancer COOKBOOK_LOADBALANCER_1 --name COOKBOOK_POOL_1
The output will resemble the following:
Load balancer pools are created with the following syntax:
neutron lbaas-pool-create [--name NAME] --lb-algorithm {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} [--listener LISTENER | --loadbalancer LOADBALANCER] --protocol {HTTP,HTTPS,TCP}
Other load-balancing objects, such as members and monitors, reference pools and cannot be created without being applied to one at that time.
Members are associated with pools, and are objects that represent a backend application listening on a particular IP and port. Pool members in OpenStack can be created using the neutron lbaas-member-create
command.
You will need the following details, at a minimum, for the member:
A name is also recommended. For our example, the following will be used:
COOKBOOK_MEMBER_1
COOKBOOK_TENANT_SUBNET_1
172.16.200.11
(Corresponds to COOKBOOK_TEST_PORT_2
)80
COOKBOOK_POOL_1
A member can only be associated with a single pool. However, the same IP address and application port combination can be used for multiple members.
With the Neutron client installed on our system we are able to create a pool member with the following command:
neutron lbaas-member-create --name COOKBOOK_MEMBER_1 --subnet COOKBOOK_TENANT_SUBNET_1 --address 172.16.200.11 --protocol-port 80 COOKBOOK_POOL_1
The output will resemble the following:
Pool members are created with the following syntax:
neutron lbaas-member-create [--name NAME] --subnet SUBNET --address ADDRESS --protocol-port PROTOCOL_PORT POOL
Listeners are associated with load balancer objects, and they describe the relationship between the load balancer VIP and the port a service is listening on. Clients send traffic to the listener address and port, which is then proxied and sent to one member within pool of servers. Each listener can be configured to send traffic to a different pool. Listeners in OpenStack can be created using the neutron lbaas-listener-create
command.
You will need the following details, at a minimum, for the listener:
A name and default pool are also recommended. For our example, the following will be used:
COOKBOOK_LISTENER_1
COOKBOOK_LOADBALANCER_1
HTTP
80
COOKBOOK_POOL_1
With the Neutron client installed on our system, we are now able to create a listener with the following command:
neutron lbaas-listener-create --name COOKBOOK_LISTENER_1 --loadbalancer COOKBOOK_LOADBALANCER_1 --protocol HTTP --protocol-port 80 --default-pool COOKBOOK_POOL_1
The output will resemble the following:
Listeners are created with the following syntax:
neutron lbaas-listener-create [--name NAME] --loadbalancer LOADBALANCER --protocol {TCP,HTTP,HTTPS,TERMINATED_HTTPS} --protocol-port PORT [--default-pool DEFAULT_POOL]
Once the workflow has been completed and the application on the pool members has been started, connectivity to the load balancer VIP can be verified using a web browser or the curl
command from a client that can reach the VIP. In this example, a web server is running on the pool member configured in a previous section. We will be connecting from the qlbaas
namespace associated with the load balancer, but you can also connect from the qdhcp
namespace associated with the network from which the VIP address was sourced.
You will need the following details, at a minimum, to test connectivity
For our example, the following will be used:
aa599cee-b49f-44f1-a0fd-51fa69ebf6db
(COOKBOOK_LOADBALANCER_1
)172.16.200.14:80
From within the Neutron agent container, connectivity to the VIP can be confirmed using curl
within the qdhcp
or qlbaas
namespace:
# ip netns exec qlbaas-aa599cee -b49f-44f1-a0fd-51fa69ebf6db curl http://172.16.200.14:80
The output will resemble the following:
Hello Cookbook Readers!
To provide access to the load balancer virtual IP from outside networks, it may be necessary to map a floating IP to the virtual IP. Instructions provided earlier in this chapter can assist with that task.
3.144.21.190