This section describes a simple load balancing configuration. As an example, we use a topology for balancing the traffic between two HTTP servers listening on port 80. The example topology includes the following parameters:
Back-end servers 10.10.0.4
and 10.10.0.3
in the private-subnet
subnet run an HTTP application that listens on the TCP port 80.
The public-subnet
subnet is a shared external subnet created by the cloud
operator and accessible from the Internet.
The created load balancer is accessible through an IP address from the public subnet that will distribute web requests between the back-end servers.
To configure load balancing:
Log in to a keystone-client
pod.
Create a load balancer:
openstack loadbalancer create --vip-subnet-id=private-subnet --name test-lb
Create an HTTP listener:
openstack loadbalancer listener create --name test-listener \
--protocol HTTP --protocol-port 80 test-lb
Create a LBaaS pool that will be used by default for test-listener
:
openstack loadbalancer pool create --protocol HTTP \
--lb-algorithm ROUND_ROBIN --name test-pool --listener test-listener
Create a health monitor that ensures health of the pool members:
openstack loadbalancer healthmonitor create --delay 5 --name test-hm \
--timeout 3 --max-retries 3 --type HTTP test-pool
Add back-end servers to the pool. The following example adds the
10.10.0.3
and 10.10.0.4
back-end servers:
openstack loadbalancer member create --address 10.10.0.3 --protocol-port 80 test-pool
openstack loadbalancer member create --address 10.10.0.4 --protocol-port 80 test-pool
Create a floating IP address in a public network and associate it with a port of the load balancer VIP:
vip_port_id=$(openstack loadbalancer show test-lb -c vip_port_id \
-f value)
fip_id=$openstack floating ip create public -c floating_ip_address \
-f value)
openstack floating ip set --port $vip_port_id $fip_id
All load balancer ports from the Tungsten Fabric (TF) side have
secuirty_port_enabled
to restrict access to the load balancer
from outside. Disable secuirty_port_enabled
:
In the TF web UI, navigate to Configure > Networking > Ports.
Find the load balancer ports and click the gear icon next to a load balancer that does not have neutron:LOADBALANCER in the Device column.
Disable Security Groups and click Save.
Repeat the steps 8.2 and 8.3 for the remaining load balancers that do not have neutron:LOADBALANCER in the Device column.
Access the VIP floating IP address and verify that requests are distributed between the two servers. For example:
curl http://10.11.12.103:80
Welcome to addr:10.10.10.4
curl http://10.11.12.103:80
Welcome to addr:10.10.10.3
In the example above, an HTTP application that runs on the back-end servers returns an IP address of the host on which it runs.