Neutron/LBaaS/LBaaS reuse option

= Resource Model =

Top Objects
Core objects in the resource model focused around config re-use and enterprise-targeted feature set:

1. VIP: A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the  traffic according to your configuration instructions.

2. Pool: A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and  process traffic.

3. Member: A pool member represents the application running on backend server.

4. Monitor: A health monitor can monitor the health or performance of either pool members or servers.

5. stats: A stats object indicates the traffic statistics for a specified pool

Extensions: The core resource model is extensible by associating other objects such as applicationProfile to the core resources.

1. Application-profile: An application profile contains the advanced configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing  requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.

ApplicationProfile Properties
This table illustrates some settings as part of ApplicationProfile. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.

= Object Definition = This section illustrates the object scheme in JSON format by usng an example configuration:

1. 5x VirtualServers for HTTP, HTTPS, SSL_passthrough, TCP and HTTP Redirection

2. 2x Pools, each has 2x members

3. 3x Monitors with different types

Note: As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In LoadBalancer configuration, user can specify SSL settings as part of ApplicationProfile by using the references to those objects.

{ "loadBalancer": { "vip": [ {       "id": "1", "name": "http_lb", "description": "VIP for http traffic", "networkID": "pubnwk-1", "address": "192.168.1.101", "protocol": "HTTP", "port": "80", "sessionPersistence": { "method": "COOKIE", "cookieName": "JSESSIONID", "cookieMode": "INSERT" },       "connectionLimit": "1000", "applicationProfileId": "1", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1" },     {        "id": "2", "name": "https_lb", "description": "virtualServerforhttpstraffic", "address": "192.168.1.101", "networkID": "pubnwk-1", "protocol": "HTTPS", "port": "443", "sessionPersistence": { "method": "COOKIE", "cookieName": "JSESSIONID", "cookieMode": "PREFIX" },       "connectionLimit": "1000", "applicationProfileId": "2", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1",

},     {        "id": "3", "name": "https_passthrough_lb", "description": "virtualServerforhttpspassthroughtraffic", "address": "192.168.1.102", "networkID": "pubnwk-1", "protocol": "HTTPS", "port": "443", "sessionPersistence": { "method": "SSL_SESSION_ID" },       "connectionLimit": "1000", "applicationProfileId": "3", "adminState": "ENABLED", "status": "ENABLED", "poolId": "2" },     {        "id": "4", "name": "tcp_lb", "description": "virtualServerfortcptraffic", "address": "192.168.1.101", "networkID": "pubnwk-1", "protocol": "TCP", "port": "8080", "sessionPersistence": { "method": "SSL_SESSION_ID" },       "connectionLimit": "1000", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1" },     {        "5",        "name": "http_redirect_lb", "description": "virtualServerforhttpredirection", "address": "192.168.1.101", "protocol": "HTTP", "port": "800", "connectionLimit": "1000", "applicationProfileId": "4", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1" }   ],    "pool": [ {       "id": "1", "name": "http-pool", "description": "poolforhttpandhttpstraffic", "lbMethod": "ROUND_ROBIN", "healthMonitorIds": [ "1"       ],        "adminState": "ENABLED", "status": "ENABLED", "member": [ {           "id": "1", "ipAddress": "192.168.4.103", "weight": "10", "port": "80", "healthMonitorIds": [ "3"           ],            "connectionLimit": "100000", "adminState": "ENABLED", "status": "UP" },         {            "id": "2", "ipAddress": "192.168.4.104", "weight": "20", "port": "80", "connectionLimit": "100000", "adminState": "ENABLED", "status": "DOWN" }       ]      },      {        "id": "2", "name": "https-pool", "description": "poolforhttpandhttpstraffic", "lbMethod": "IP_HASH", "healthMonitorIds": [ "2"       ],        "adminState": "ENABLED", "status": "ENABLED", "member": [ {           "id": "1", "ipAddress": "192.168.4.103", "weight": "10", "port": "443", "connectionLimit": "100000", "adminState": "ENABLED", "status": "UP" },         {            "id": "2", "ipAddress": "192.168.4.104", "weight": "20", "port": "443", "connectionLimit": "100000", "adminState": "ENABLED", "status": "UP" }       ]      }    ],    "applicationProfiles": { "applicationProfile": [ {         "id": "1", "name": "http_profile", "insertXForwardedFor": "true",

},       {          "id": "2", "name": "https_profile", "sslPassthrough": "false", "clientSsl": { "verifyRequired": "false", "serverCertificate": "server-cert-1", "caCertificates": { "caCertificate": "ca-cert-1" },           "crlCertificates": { "crlCertificate": "crl" },           "ciphers": "AES256" }       },        {          "id": "3", "name": "ssl_profile", "sslPassthrough": "true" },       {          "id": "4", "name": "http_redirection_profile", "httpRedirect": { "destUrl": "https: //www.company.com/login" }       }      ]    },    "monitorService": { "checkTimeout": "60", "monitors": [ {         "id": "1", "name": "http-monitor", "type": "HTTP", "delay": "1", "interval": "10", "timeout": "20", "maxRetryAttempts": "3", "method": "GET", "path": "/", "expected": "\"200-204\"" },       {          "id": "2", "name": "https-monitor", "type": "HTTPS", "delay": "2", "interval": "10", "timeout": "20", "maxRetryAttempts": "3", "method": "SSL" },       {          "id": "3", "name": "tcp-monitor", "type": "TCP", "delay": "5", "interval": "10", "timeout": "30", "maxRetryAttempts": "2" }     ]    }  } }

How F5 BIG-IP gets configured

To translate this resource model to F5 Big-IP, user will:

1. Create a set of profiles, which define the persitence, ssl, http configurations.

2. Create two virtualServers:


 * a) VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.

b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.

3. Create two pools:


 * a) Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool

b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103

4. Configure default pool for each VirtualServer:


 * a) VS_http use Pool_http as the default pool

b. VS_https uses Pool_https as the default pool

= API = This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs: