Neutron/LBaaS/Usecases

This page is dedicated to track operator's data on how users utilize load balancing. What their deployments/configurations look like.

= Uses cases =

SSL Termination
This has already been proposed and in the process of being accepted. Neutron/LBaaS/SSL.

Ability to upload and apply the SSL certificates to VIP.

L7 Scriptability
Define a flexible API which allows for L7 Scripting.


 * Ability to insert |Client Certificate Information into HTTP Headers.
 * SSL client authentication with OCSP (Online Certificate Status Protocol).

High Availability
Ability to define an active/active or active/standby cluster of load balancers. This will be realized differently depending on the backend driver. For example Citrix implements this with a middlewear API server [| Netscaler Control Center].

Ability to find whether Loadbalancer is configured as HA Pair, If HA, need a way to find Active LB and apply changes only on it first and on successful completion, sync configuration to Stand-by LB

Service VMs
Would it make sense to take advantage of these blueprints as it relates to LBaaS?


 * https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms
 * https://blueprints.launchpad.net/neutron/+spec/dynamic-network-resource-mgmt

Health Monitor
Health Monitor for DNS (Current requirement page lists only HTTP/HTTPS/TCP/ICMP etc)

Stats
Stats for each pool associated with the VIP as well as aggregated stats.

Ability to list vip, service groups and servers with their status (UP/Down etc)

Service Down Page / Backup Server(s)
The ability to mark a member or members as backups to be used only when all other pool members are down. (https://bugs.launchpad.net/neutron/+bug/1241759) This lets you setup an "apology" server.

Note: If the need is for an "apology" message where all servers are down, than this should be the requirement. A backup server is one way to implement it This should also be a "tenant" requirement.

kfox1111 - For our use case, the apology server would be too complicated to be just an apology feature of the load balancer I think. Differnet parts of the server need different pages. But I can see for simple use cases, being able to load a couple of files (css,html,image) into lbaas and have it deal with apology itself might be nice. Another use case is apology ssh servers. I want to set up a ssh server with a banner saying things are down and not permitting login. Probably a feature that should not be provided by the load balancer then?

Connection Rate Limiting
Ability to define and apply connection rate-limit per vip, vip port, individual server/server-port with option to set actions like drop, log etc.

Ability to define and apply maximum allowed connection to a vip or server  (eg: conn-limit in A10)

Vendor Passthrough
Will there always be a standardized API no matter which backend driver is used? How do we account for functionality in Netscaler that may not exist in HAProxy (contrived example)?

User priorities

 * kfox1111 - Most useful to us: High Availability, Backup Servers. Least useful Service VM's for load balancing (Our setup has 10gig network nodes and 1 gig compute nodes. haproxy on network nodes therefore greatly pereferable)

Integration with Metering
Usage metering collection

Monitoring
Loadbalancer are monitored to make sure they work

Feature Requests

 * Ability to define Source NAT (define nat-pool etc.) and to apply nat-pool to VIP
 * TCP and UDP session idle-timeout options and ability to apply this to VIP or Server
 * Ability to upload and apply the SSL certificates to VIP
 * Support for other load balancer algorithms (eg: service-least-connection in A10)
 * LB statistics and notification to be available for ceilometer
 * Option to pass proprietory LB commands to the driver
 * Anycast route injection to the upstream router based on overall VIP health. Need a way to pass this option to the driver -- (Priority - High)
 * Source IP address transparent to real servers
 * Ability to pass any vendor specific data for l2 and l3 dsr