Red Hat SummitChapter 8. Creating non-secure HTTP load balancers
You can create the following load balancers for non-secure HTTP network traffic:
8.1. Creating an HTTP load balancer with a health monitor
For networks that are not compatible with Red Hat OpenStack Platform Networking service (neutron) floating IPs, create a load balancer to manage network traffic for non-secure HTTP applications. Create a health monitor to ensure that your back-end members remain available.
Prerequisites
- A private subnet that contains back-end servers that host non-secure HTTP applications on TCP port 80.
-
The back-end servers on the private subnet are configured with a health check at the URL path
/. - A shared external (public) subnet that you can reach from the internet.
Procedure
Source your credentials file.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow source ~/overcloudrc
$ source ~/overcloudrcCreate a load balancer (
lb1) on a public subnet (public_subnet).NoteValues inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer create --name lb1 --vip-subnet-id public_subnet
$ openstack loadbalancer create --name lb1 --vip-subnet-id public_subnetVerify the state of the load balancer.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer show lb1
$ openstack loadbalancer show lb1-
Before going to the next step, ensure that the
provisioning_statusisACTIVE. Create a listener (
listener1) on a port (80).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1
$ openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1Verify the state of the listener.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer listener show listener1
$ openstack loadbalancer listener show listener1Before going to the next step, ensure that the status is
ACTIVE.Create the listener default pool (
pool1).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP
$ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTPCreate a health monitor on the pool (
pool1) that connects to the back-end servers and tests the path (/).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
$ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1Add load balancer members (
192.0.2.10and192.0.2.11) on the private subnet (private_subnet) to the default pool.Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1 openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1 $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
Verification
View and verify the load balancer (lb1) settings:
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer show lb1
$ openstack loadbalancer show lb1Sample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2022-01-15T11:11:09 | | description | | | flavor | | | id | 788fe121-3dec-4e1b-8360-4020642238b0 | | listeners | 09f28053-fde8-4c78-88b9-0f191d84120e | | name | lb1 | | operating_status | ONLINE | | pools | 627842b3-eed8-4f5f-9f4a-01a738e64d6a | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | provider | amphora | | provisioning_status | ACTIVE | | updated_at | 2022-01-15T11:12:13 | | vip_address | 198.51.100.12 | | vip_network_id | 9bca13be-f18d-49a5-a83d-9d487827fd16 | | vip_port_id | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 | | vip_qos_policy_id | None | | vip_subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | +---------------------+--------------------------------------+
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2022-01-15T11:11:09 | | description | | | flavor | | | id | 788fe121-3dec-4e1b-8360-4020642238b0 | | listeners | 09f28053-fde8-4c78-88b9-0f191d84120e | | name | lb1 | | operating_status | ONLINE | | pools | 627842b3-eed8-4f5f-9f4a-01a738e64d6a | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | provider | amphora | | provisioning_status | ACTIVE | | updated_at | 2022-01-15T11:12:13 | | vip_address | 198.51.100.12 | | vip_network_id | 9bca13be-f18d-49a5-a83d-9d487827fd16 | | vip_port_id | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 | | vip_qos_policy_id | None | | vip_subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | +---------------------+--------------------------------------+When a health monitor is present and functioning properly, you can check the status of each member.
A working member (
b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has anONLINEvalue for itsoperating_status.Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
$ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2Sample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 192.0.2.10 | | admin_state_up | True | | created_at | 2022-01-15T11:16:23 | | id | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 | | name | | | operating_status | ONLINE | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | | updated_at | 2022-01-15T11:20:45 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | +---------------------+--------------------------------------+
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 192.0.2.10 | | admin_state_up | True | | created_at | 2022-01-15T11:16:23 | | id | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 | | name | | | operating_status | ONLINE | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | | updated_at | 2022-01-15T11:20:45 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | +---------------------+--------------------------------------+
Additional resources
- loadbalancer in the Command Line Interface Reference
8.2. Creating an HTTP load balancer that uses a floating IP
To manage network traffic for non-secure HTTP applications, create a load balancer with a virtual IP (VIP) that depends on a floating IP. The advantage of using a floating IP is that you retain control of the assigned IP, which is necessary if you need to move, destroy, or recreate your load balancer. It is a best practice to also create a health monitor to ensure that your back-end members remain available.
Floating IPs do not work with IPv6 networks.
Prerequisites
- A private subnet that contains back-end servers that host non-secure HTTP applications on TCP port 80.
-
The back-end servers are configured with a health check at the URL path
/. - A floating IP to use with a load balancer VIP.
- A Red Hat OpenStack Platform Networking service (neutron) shared external (public) subnet that you can reach from the internet to use for the floating IP.
Procedure
Source your credentials file.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow source ~/overcloudrc
$ source ~/overcloudrcCreate a load balancer (
lb1) on a private subnet (private_subnet).NoteValues inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer create --name lb1 --vip-subnet-id private_subnet
$ openstack loadbalancer create --name lb1 --vip-subnet-id private_subnet-
Note the value of
load_balancer_vip_port_id, because you must provide it in a later step. Verify the state of the load balancer.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer show lb1
$ openstack loadbalancer show lb1-
Before going to the next step, ensure that the
provisioning_statusisACTIVE. Create a listener (
listener1) on a port (80).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1
$ openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1Create the listener default pool (
pool1).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP
$ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTPCreate a health monitor on the pool (
pool1) that connects to the back-end servers and tests the path (/).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
$ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1Add load balancer members (
192.0.2.10and192.0.2.11) on the private subnet to the default pool.Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1 openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1 $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1Create a floating IP address on the shared external subnet (
public).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack floating ip create public
$ openstack floating ip create public-
Note the value of
floating_ip_address, because you must provide it in a later step. Associate this floating IP (
203.0.113.0) with the load balancervip_port_id(69a85edd-5b1c-458f-96f2-b4552b15b8e6).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack floating ip set --port 69a85edd-5b1c-458f-96f2-b4552b15b8e6 203.0.113.0
$ openstack floating ip set --port 69a85edd-5b1c-458f-96f2-b4552b15b8e6 203.0.113.0
Verification
Verify HTTP traffic flows across the load balancer by using the floating IP (
203.0.113.0).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow curl -v http://203.0.113.0 --insecure
$ curl -v http://203.0.113.0 --insecureSample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow * About to connect() to 203.0.113.0 port 80 (#0) * Trying 203.0.113.0... * Connected to 203.0.113.0 (203.0.113.0) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: 203.0.113.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Length: 30 < * Connection #0 to host 203.0.113.0 left intact
* About to connect() to 203.0.113.0 port 80 (#0) * Trying 203.0.113.0... * Connected to 203.0.113.0 (203.0.113.0) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: 203.0.113.0 > Accept: */* > < HTTP/1.1 200 OK < Content-Length: 30 < * Connection #0 to host 203.0.113.0 left intactWhen a health monitor is present and functioning properly, you can check the status of each member.
A working member (
b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has anONLINEvalue for itsoperating_status.Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
$ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2Sample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 192.0.02.10 | | admin_state_up | True | | created_at | 2022-01-15T11:11:23 | | id | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 | | name | | | operating_status | ONLINE | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | | updated_at | 2022-01-15T11:28:42 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | +---------------------+--------------------------------------+
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 192.0.02.10 | | admin_state_up | True | | created_at | 2022-01-15T11:11:23 | | id | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 | | name | | | operating_status | ONLINE | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | | updated_at | 2022-01-15T11:28:42 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | +---------------------+--------------------------------------+
Additional resources
- loadbalancer in the Command Line Interface Reference
- floating in the Command Line Interface Reference
8.3. Creating an HTTP load balancer with session persistence
To manage network traffic for non-secure HTTP applications, you can create load balancers that track session persistence. Doing so ensures that when a request comes in, the load balancer directs subsequent requests from the same client to the same back-end server. Session persistence optimizes load balancing by saving time and memory.
Prerequisites
- A private subnet that contains back-end servers that host non-secure HTTP applications on TCP port 80.
-
The back-end servers are configured with a health check at the URL path
/. - A shared external (public) subnet that you can reach from the internet.
- The non-secure web applications whose network traffic you are load balancing have cookies enabled.
Procedure
Source your credentials file.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow source ~/overcloudrc
$ source ~/overcloudrcCreate a load balancer (
lb1) on a public subnet (public_subnet).NoteValues inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer create --name lb1 --vip-subnet-id public_subnet
$ openstack loadbalancer create --name lb1 --vip-subnet-id public_subnetVerify the state of the load balancer.
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer show lb1
$ openstack loadbalancer show lb1-
Before going to the next step, ensure that the
provisioning_statusisACTIVE. Create a listener (
listener1) on a port (80).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1
$ openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1Create the listener default pool (
pool1) that defines session persistence on a cookie (PHPSESSIONID).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --session-persistence type=APP_COOKIE,cookie_name=PHPSESSIONID
$ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --session-persistence type=APP_COOKIE,cookie_name=PHPSESSIONIDCreate a health monitor on the pool (
pool1) that connects to the back-end servers and tests the path (/).Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
$ openstack loadbalancer healthmonitor create --delay 15 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1Add load balancer members (
192.0.2.10and192.0.2.11) on the private subnet (private_subnet) to the default pool.Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1 openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.10 --protocol-port 80 pool1 $ openstack loadbalancer member create --subnet-id private_subnet --address 192.0.2.11 --protocol-port 80 pool1
Verification
View and verify the load balancer (lb1) settings:
Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer show lb1
$ openstack loadbalancer show lb1Sample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2022-01-15T11:11:58 | | description | | | flavor | | | id | 788fe121-3dec-4e1b-8360-4020642238b0 | | listeners | 09f28053-fde8-4c78-88b9-0f191d84120e | | name | lb1 | | operating_status | ONLINE | | pools | 627842b3-eed8-4f5f-9f4a-01a738e64d6a | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | provider | amphora | | provisioning_status | ACTIVE | | updated_at | 2022-01-15T11:28:42 | | vip_address | 198.51.100.22 | | vip_network_id | 9bca13be-f18d-49a5-a83d-9d487827fd16 | | vip_port_id | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 | | vip_qos_policy_id | None | | vip_subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | +---------------------+--------------------------------------+
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | created_at | 2022-01-15T11:11:58 | | description | | | flavor | | | id | 788fe121-3dec-4e1b-8360-4020642238b0 | | listeners | 09f28053-fde8-4c78-88b9-0f191d84120e | | name | lb1 | | operating_status | ONLINE | | pools | 627842b3-eed8-4f5f-9f4a-01a738e64d6a | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | provider | amphora | | provisioning_status | ACTIVE | | updated_at | 2022-01-15T11:28:42 | | vip_address | 198.51.100.22 | | vip_network_id | 9bca13be-f18d-49a5-a83d-9d487827fd16 | | vip_port_id | 69a85edd-5b1c-458f-96f2-b4552b15b8e6 | | vip_qos_policy_id | None | | vip_subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | +---------------------+--------------------------------------+When a health monitor is present and functioning properly, you can check the status of each member.
A working member (
b85c807e-4d7c-4cbd-b725-5e8afddf80d2) has anONLINEvalue for itsoperating_status.Example
Copy to Clipboard Copied! Toggle word wrap Toggle overflow openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2
$ openstack loadbalancer member show pool1 b85c807e-4d7c-4cbd-b725-5e8afddf80d2Sample output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 192.0.02.10 | | admin_state_up | True | | created_at | 2022-01-15T11:11:23 | | id | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 | | name | | | operating_status | ONLINE | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | | updated_at | 2022-01-15T11:28:42 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | +---------------------+--------------------------------------+
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | address | 192.0.02.10 | | admin_state_up | True | | created_at | 2022-01-15T11:11:23 | | id | b85c807e-4d7c-4cbd-b725-5e8afddf80d2 | | name | | | operating_status | ONLINE | | project_id | dda678ca5b1241e7ad7bf7eb211a2fd7 | | protocol_port | 80 | | provisioning_status | ACTIVE | | subnet_id | 5bd7334b-49b3-4849-b3a2-b0b83852dba1 | | updated_at | 2022-01-15T11:28:42 | | weight | 1 | | monitor_port | None | | monitor_address | None | | backup | False | +---------------------+--------------------------------------+
Additional resources
- loadbalancer in the Command Line Interface Reference
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}