Configure load balancing

This section describes a simple load balancing configuration. As an example, we use a topology for balancing the traffic between two HTTP servers listening on port 80. The example topology includes the following parameters:

  • Back-end servers 10.10.0.4 and 10.10.0.3 in the private-subnet subnet run an HTTP application that listens on the TCP port 80.

  • The public-subnet subnet is a shared external subnet created by the cloud operator and accessible from the Internet.

  • The created load balancer is accessible through an IP address from the public subnet that will distribute web requests between the back-end servers.

To configure load balancing:

  1. Log in to a keystone-client pod.

  2. Create a load balancer:

    openstack loadbalancer create --vip-subnet-id=private-subnet --name test-lb
    
  3. Create an HTTP listener:

    openstack loadbalancer listener create --name test-listener \
    --protocol HTTP --protocol-port 80 test-lb
    
  4. Create a LBaaS pool that will be used by default for test-listener:

    openstack loadbalancer pool create  --protocol HTTP \
    --lb-algorithm ROUND_ROBIN --name test-pool --listener test-listener
    
  5. Create a health monitor that ensures health of the pool members:

    openstack loadbalancer healthmonitor create --delay 5 --name test-hm \
    --timeout 3 --max-retries 3 --type HTTP test-pool
    
  6. Add back-end servers to the pool. The following example adds the 10.10.0.3 and 10.10.0.4 back-end servers:

    openstack loadbalancer member create --address 10.10.0.3 --protocol-port 80 test-pool
    openstack loadbalancer member create --address 10.10.0.4 --protocol-port 80 test-pool
    
  7. Create a floating IP address in a public network and associate it with a port of the load balancer VIP:

    vip_port_id=$(openstack loadbalancer show test-lb -c vip_port_id \
    -f value)
    fip_id=$openstack floating ip create public -c floating_ip_address \
    -f value)
    openstack floating ip set --port $vip_port_id $fip_id
    
  8. Select from the following options:

    • Since MOSK 22.3, optionally enable security groups using the Tungsten Fabric (TF) web UI:

      1. Navigate to Configure > Networking > Ports.

      2. Find the load balancer ports.

      3. In the Device column, find the VIP port.

      4. Using the gear icon menu of the VIP port, enable Security Groups.

    • Before MOSK 22.3, all load balancer ports from the TF side have secuirty_port_enabled to restrict access to the load balancer from outside. To allow access, select from the following options:

      • Add the required rules to the default security group.

      • Disable secuirty_port_enabled using the TF web UI:

        1. Navigate to Configure > Networking > Ports.

        2. Find the load balancer ports.

        3. Using the gear icon menu of each port, disable Security Groups for all ports, including the VIP one. The VIP port has neutron:LOADBALANCER in the Device column.

      • Create a new security group with required rules and assign it to the load balancer port using the TF web UI:

        1. Navigate to Configure > Networking > Ports.

        2. In the gear icon menu of the required load balancer port, select the Security Groups option.

        3. Select the newly created security group from the drop-down list and click Save.

  9. Access the VIP floating IP address and verify that requests are distributed between the two servers. For example:

    curl http://10.11.12.103:80
    Welcome to addr:10.10.10.4
    
    curl http://10.11.12.103:80
    Welcome to addr:10.10.10.3
    

    In the example above, an HTTP application that runs on the back-end servers returns an IP address of the host on which it runs.