Configure load balancing

This section describes a simple load balancing configuration. As an example, we use a topology for balancing the traffic between two HTTP servers listening on port 80. The example topology includes the following parameters:

• Back-end servers 10.10.0.4 and 10.10.0.3 in the private-subnet subnet run an HTTP application that listens on the TCP port 80.

• The public-subnet subnet is a shared external subnet created by the cloud operator and accessible from the Internet.

• The created load balancer is accessible through an IP address from the public subnet that will distribute web requests between the back-end servers.

To configure load balancing:

1. Log in to a keystone-client pod.

2. Create a load balancer:

   openstack loadbalancer create --vip-subnet-id=private-subnet --name test-lb
   

3. Create an HTTP listener:

   openstack loadbalancer listener create --name test-listener \
   --protocol HTTP --protocol-port 80 test-lb
   

4. Create a LBaaS pool that will be used by default for test-listener:

   openstack loadbalancer pool create  --protocol HTTP \
   --lb-algorithm ROUND_ROBIN --name test-pool --listener test-listener
   

5. Create a health monitor that ensures health of the pool members:

   openstack loadbalancer healthmonitor create --delay 5 --name test-hm \
   --timeout 3 --max-retries 3 --type HTTP test-pool
   

6. Add back-end servers to the pool. The following example adds the 10.10.0.3 and 10.10.0.4 back-end servers:

   openstack loadbalancer member create --address 10.10.0.3 --protocol-port 80 test-pool
   openstack loadbalancer member create --address 10.10.0.4 --protocol-port 80 test-pool
   

7. Create a floating IP address in a public network and associate it with a port of the load balancer VIP:

   vip_port_id=$(openstack loadbalancer show test-lb -c vip_port_id \
   -f value)
   fip_id=$openstack floating ip create public -c floating_ip_address \
   -f value)
   openstack floating ip set --port $vip_port_id $fip_id
   

8. Select from the following options:

   • Since MOSK 22.3, optionally enable security groups using the Tungsten Fabric (TF) web UI:

     1. Navigate to Configure > Networking > Ports.

     2. Find the load balancer ports.

     3. In the Device column, find the VIP port.

     4. Using the gear icon menu of the VIP port, enable Security Groups.

   • Before MOSK 22.3, all load balancer ports from the TF side have secuirty_port_enabled to restrict access to the load balancer from outside. To allow access, select from the following options:

     • Add the required rules to the default security group.

     • Disable secuirty_port_enabled using the TF web UI:

       1. Navigate to Configure > Networking > Ports.

       2. Find the load balancer ports.

       3. Using the gear icon menu of each port, disable Security Groups for all ports, including the VIP one. The VIP port has neutron:LOADBALANCER in the Device column.

     • Create a new security group with required rules and assign it to the load balancer port using the TF web UI:

       1. Navigate to Configure > Networking > Ports.

       2. In the gear icon menu of the required load balancer port, select the Security Groups option.

       3. Select the newly created security group from the drop-down list and click Save.

9. Access the VIP floating IP address and verify that requests are distributed between the two servers. For example:

   curl http://10.11.12.103:80
   Welcome to addr:10.10.10.4
   
   curl http://10.11.12.103:80
   Welcome to addr:10.10.10.3
   

   In the example above, an HTTP application that runs on the back-end servers returns an IP address of the host on which it runs.