Configure load balancing

This section describes a simple load balancing configuration. As an example, we use a topology for balancing the traffic between two HTTP servers listening on port 80. The example topology includes the following parameters:

  • Back-end servers 10.10.0.4 and 10.10.0.3 in the private-subnet subnet run an HTTP application that listens on the TCP port 80.

  • The public-subnet subnet is a shared external subnet created by the cloud operator and accessible from the Internet.

  • The created load balancer is accessible through an IP address from the public subnet that will distribute web requests between the back-end servers.

To configure load balancing:

  1. Log in to a keystone-client pod.

  2. Create a load balancer:

    openstack loadbalancer create --vip-subnet-id=private-subnet --name test-lb
    
  3. Create an HTTP listener:

    openstack loadbalancer listener create --name test-listener \
    --protocol HTTP --protocol-port 80 test-lb
    
  4. Create a LBaaS pool that will be used by default for test-listener:

    openstack loadbalancer pool create  --protocol HTTP \
    --lb-algorithm ROUND_ROBIN --name test-pool --listener test-listener
    
  5. Create a health monitor that ensures health of the pool members:

    openstack loadbalancer healthmonitor create --delay 5 --name test-hm \
    --timeout 3 --max-retries 3 --type HTTP test-pool
    
  6. Add back-end servers to the pool. The following example adds the 10.10.0.3 and 10.10.0.4 back-end servers:

    openstack loadbalancer member create --address 10.10.0.3 --protocol-port 80 test-pool
    openstack loadbalancer member create --address 10.10.0.4 --protocol-port 80 test-pool
    
  7. Create a floating IP address in a public network and associate it with a port of the load balancer VIP:

    vip_port_id=$(openstack loadbalancer show test-lb -c vip_port_id \
    -f value)
    fip_id=$openstack floating ip create public -c floating_ip_address \
    -f value)
    openstack floating ip set --port $vip_port_id $fip_id
    
  8. All load balancer ports from the Tungsten Fabric (TF) side have secuirty_port_enabled to restrict access to the load balancer from outside. Disable secuirty_port_enabled:

    1. In the TF web UI, navigate to Configure > Networking > Ports.

    2. Find the load balancer ports and click the gear icon next to a load balancer that does not have neutron:LOADBALANCER in the Device column.

    3. Disable Security Groups and click Save.

    4. Repeat the steps 8.2 and 8.3 for the remaining load balancers that do not have neutron:LOADBALANCER in the Device column.

  9. Access the VIP floating IP address and verify that requests are distributed between the two servers. For example:

    curl http://10.11.12.103:80
    Welcome to addr:10.10.10.4
    
    curl http://10.11.12.103:80
    Welcome to addr:10.10.10.3
    

    In the example above, an HTTP application that runs on the back-end servers returns an IP address of the host on which it runs.