Configure load balancing¶
This section describes a simple load balancing configuration. As an example, we use a topology for balancing the traffic between two HTTP servers listening on port 80. The example topology includes the following parameters:
Back-end servers
10.10.0.4
and10.10.0.3
in theprivate-subnet
subnet run an HTTP application that listens on the TCP port 80.The
public-subnet
subnet is a shared external subnet created by the cloud operator and accessible from the Internet.The created load balancer is accessible through an IP address from the public subnet that will distribute web requests between the back-end servers.
To configure load balancing:
Log in to a
keystone-client
pod.Create a load balancer:
openstack loadbalancer create --vip-subnet-id=private-subnet --name test-lb
Create an HTTP listener:
openstack loadbalancer listener create --name test-listener \ --protocol HTTP --protocol-port 80 test-lb
Create a LBaaS pool that will be used by default for
test-listener
:openstack loadbalancer pool create --protocol HTTP \ --lb-algorithm ROUND_ROBIN --name test-pool --listener test-listener
Create a health monitor that ensures health of the pool members:
openstack loadbalancer healthmonitor create --delay 5 --name test-hm \ --timeout 3 --max-retries 3 --type HTTP test-pool
Add back-end servers to the pool. The following example adds the
10.10.0.3
and10.10.0.4
back-end servers:openstack loadbalancer member create --address 10.10.0.3 --protocol-port 80 test-pool openstack loadbalancer member create --address 10.10.0.4 --protocol-port 80 test-pool
Create a floating IP address in a public network and associate it with a port of the load balancer VIP:
vip_port_id=$(openstack loadbalancer show test-lb -c vip_port_id \ -f value) fip_id=$openstack floating ip create public -c floating_ip_address \ -f value) openstack floating ip set --port $vip_port_id $fip_id
Select from the following options:
Since MOSK 22.3, optionally enable security groups using the Tungsten Fabric (TF) web UI:
Navigate to Configure > Networking > Ports.
Find the load balancer ports.
In the Device column, find the VIP port.
Using the gear icon menu of the VIP port, enable Security Groups.
Before MOSK 22.3, all load balancer ports from the TF side have
secuirty_port_enabled
to restrict access to the load balancer from outside. To allow access, select from the following options:Add the required rules to the default security group.
Disable
secuirty_port_enabled
using the TF web UI:Navigate to Configure > Networking > Ports.
Find the load balancer ports.
Using the gear icon menu of each port, disable Security Groups for all ports, including the VIP one. The VIP port has
neutron:LOADBALANCER
in the Device column.
Create a new security group with required rules and assign it to the load balancer port using the TF web UI:
Navigate to Configure > Networking > Ports.
In the gear icon menu of the required load balancer port, select the Security Groups option.
Select the newly created security group from the drop-down list and click Save.
Access the VIP floating IP address and verify that requests are distributed between the two servers. For example:
curl http://10.11.12.103:80 Welcome to addr:10.10.10.4 curl http://10.11.12.103:80 Welcome to addr:10.10.10.3
In the example above, an HTTP application that runs on the back-end servers returns an IP address of the host on which it runs.