Configure load balancing

This section describes a simple load balancing configuration. As an example, we use a topology for balancing the traffic between two HTTP servers listening on port 80. The example topology includes the following parameters:

  • Back-end servers and in the private-subnet subnet run an HTTP application that listens on the TCP port 80.

  • The public-subnet subnet is a shared external subnet created by the cloud operator and accessible from the Internet.

  • The created load balancer is accessible through an IP address from the public subnet that will distribute web requests between the back-end servers.

To configure load balancing:

  1. Log in to a keystone-client pod.

  2. Create a load balancer:

    openstack loadbalancer create --vip-subnet-id=private-subnet --name test-lb
  3. Create an HTTP listener:

    openstack loadbalancer listener create --name test-listener \
    --protocol HTTP --protocol-port 80 test-lb
  4. Create a LBaaS pool that will be used by default for test-listener:

    openstack loadbalancer pool create  --protocol HTTP \
    --lb-algorithm ROUND_ROBIN --name test-pool --listener test-listener
  5. Create a health monitor that ensures health of the pool members:

    openstack loadbalancer healthmonitor create --delay 5 --name test-hm \
    --timeout 3 --max-retries 3 --type HTTP test-pool
  6. Add back-end servers to the pool. The following example adds the and back-end servers:

    openstack loadbalancer member create --address --protocol-port 80 test-pool
    openstack loadbalancer member create --address --protocol-port 80 test-pool
  7. Create a floating IP address in a public network and associate it with a port of the load balancer VIP:

    vip_port_id=$(openstack loadbalancer show test-lb -c vip_port_id \
    -f value)
    fip_id=$openstack floating ip create public -c floating_ip_address \
    -f value)
    openstack floating ip set --port $vip_port_id $fip_id
  8. All load balancer ports from the Tungsten Fabric (TF) side have secuirty_port_enabled to restrict access to the load balancer from outside. To allow access, select from the following options:

    • Add the required rules to the default security group.

    • Disable secuirty_port_enabled:

      1. In the TF web UI, navigate to Configure > Networking > Ports.

      2. Find the load balancer ports.

      3. Using the gear icon menu of each port, disable Security Groups for all ports, including the VIP one. The VIP port has neutron:LOADBALANCER in the Device column.

  9. Access the VIP floating IP address and verify that requests are distributed between the two servers. For example:

    Welcome to addr:
    Welcome to addr:

    In the example above, an HTTP application that runs on the back-end servers returns an IP address of the host on which it runs.