Configure Load Balancing-as-a-Service (LBaaS) in OpenStack Networking
Note: The LBaaS content has been moved into the Networking Guide for these releases:
- See the Red Hat OpenStack Platform 10 Networking Guide.
- See the Red Hat OpenStack Platform 9 Networking Guide.
- See the Red Hat OpenStack Platform 8 Networking Guide.
- See the Red Hat Enterprise Linux OpenStack Platform 7 Networking Guide.
Introduced in Red Hat Enterprise Linux OpenStack Platform 5, Load Balancing-as-a-Service (LBaaS) enables OpenStack Networking to distribute incoming requests evenly between designated instances. This ensures the workload is shared predictably among instances, and allows more effective use of system resources. Incoming requests are distributed using one of these load balancing methods:
- Round robin - Rotates requests evenly between multiple instances.
- Source IP - Requests from a unique source IP address are consistently directed to the same instance.
- Least connections - Allocates requests to the instance with the least number of active connections.
Table 1: LBaaS features
| Feature | Description |
|---|---|
| Monitors | LBaaS provides availability monitoring with the ping, TCP, HTTP and HTTPS GET methods. Monitors are implemented to determine whether pool members are available to handle requests. |
| Management | LBaaS is managed using a variety of tool sets. The REST API is available for programmatic administration and scripting. Users perform administrative management of load balancers through either the CLI (neutron) or the OpenStack dashboard. |
| Connection limits | Ingress traffic can be shaped with connection limits. This feature allows workload control and can also assist with mitigating DoS (Denial of Service) attacks. |
| Session persistence | LBaaS supports session persistence by ensuring incoming requests are routed to the same instance within a pool of multiple instances. LBaaS supports routing decisions based on cookies and source IP address. |
Note: LBaaS is currently supported only with IPv4 addressing.
OpenStack Networking and LBaaS Topology
OpenStack Networking (neutron) services can be broadly classified into two categories.
1. - Neutron API server - This service runs the OpenStack Networking API server, which has the main responsibility of providing an API for end users and services to interact with OpenStack Networking. This server also has the responsibility of interacting with underlying database to store and retrieve tenant network, router, loadbalancer, etc details.
2. - Neutron Agents - These are the services that deliver various network functionality for OpenStack Networking.
For example:
- neutron-dhcp-agent - manages dhcp ip addressing for tenant private networks
- neutron-l3-agent - facilitates layer 3 routing between tenant private networks and tenant private network and external network, and others.
- neutron-lbaas-agent - provisions the LBaaS routers created by tenants.
Service Placement
The OpenStack Networking services can either run together on the same physical server, or on separate dedicated servers.
The server that runs API server is usually called the controller node, whereas the server that runs the agents is called the network node. An ideal production environment would separate these components to their own dedicated nodes for performance and scalability reasons, but a testing or PoC deployment may have them all running on the same node.
This article covers both of these scenarios; the section under Controller node configuration need to be performed on the API server, whereas the section on Network node is performed on the server that runs the LBaaS agent.
Note: If both the Controller and Network roles are on the same physical node, then the steps must be performed on that server.
Configure LBaaS
This procedure configures OpenStack Networking to use LBaaS with either the Open vSwitch (OVS) or the Linux Bridge plug-in. The Open vSwitch LBaaS driver is required when enabling LBaaS for OVS-based plug-ins, including BigSwitch, Floodlight, NEC, NSX, and Ryu.
Perform these steps on nodes running the neutron-server service:
On the Controller node (API Server):
1. Enable the HAProxy plug-in using the service_provider parameter in the /etc/neutron/neutron.conf file:
service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
2. Enable the LBaaS plugin by setting the service_plugin value in the /etc/neutron/neutron.conf file:
service_plugins = lbaas
3. Apply the new settings by restarting the _neutron-server services.
# systemctl restart neutron-server.service
Enable LBaaS Integration with Dashboard
Usually Horizon dashboard is run on the same node where neutron API service run. You can enable Load Balancing in the Project section of the Dashboard user interface.
Perform these steps on the node running the Dashboard (horizon) service:
1. Change the enable_lb option to True in the /etc/openstack-dashboard/local_settings file:
OPENSTACK_NEUTRON_NETWORK = {'enable_lb': True,
2. Apply the new settings by restarting the httpd service.
# systemctl restart httpd.service
You can now view the Load Balancer management options in the Network dropdown list in dashboard's Project view.
On the network node (running the LBaaS Agent):
1. Enable the HAProxy load balancer in the /etc/neutron/lbaas_agent.ini file:
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
2. Configure the user_group option in /etc/neutron/lbaas_agent.ini
# The user group
# user_group = nogroup
user_group = haproxy
3. Select the required driver in the /etc/neutron/lbaas_agent.ini file:
- If using the Open vSwitch plug-in:
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
- If using the Linux Bridge plug-in:
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
4. Apply the new settings by restarting the neutron-lbaas-agent service.
# systemctl restart neutron-lbaas-agent.service
Comments