Jump to: navigation, search

Difference between revisions of "Neutron/LBaaS/LBaaS reuse option"

< Neutron‎ | LBaaS
 
 
(18 intermediate revisions by 3 users not shown)
Line 1: Line 1:
__NOTOC__
 
== Resource Model ==
 
A number of objects defined for loadbalancer resource model: ([https://wiki.eng.vmware.com/wiki/images/b/b9/VShield_Edge_Loadbalancer_Object_Model_in_Trinity.pptx PPT])
 
  
1. '''[[VirtualServer]]''': A virtual server is a traffic-management  object represented by a set of IP address and a service. Clients send  application traffic to a virtual server, which then directs the  traffic according to your configuration instructions.
+
= Resource Model =
 +
== Top Objects ==
 +
Core objects in the resource model focused around config re-use and enterprise-targeted feature set:
  
2. '''[[ApplicationProfile]]''': An application profile contains the configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing  requests on to a target server. After configuring a profile, you  associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.
+
1. '''VIP''': A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the  traffic according to your configuration instructions.
  
3. '''Pool''': A load balancing pool is a logical set of  devices, such as web servers, that you group together to receive and  process traffic.
+
2. '''Pool''': A load balancing pool is a logical set of  devices, such as web servers, that you group together to receive and  process traffic.
  
4. '''Member''': A pool member represents the application running on backend server.
+
3. '''Member''': A pool member represents the application running on backend server.
  
5. '''Monitor''': A health monitor can monitor the health or performance of either pool members or servers.
+
4. '''Monitor''': A health monitor can monitor the health or performance of either pool members or servers.
  
{{/wiki/images/d/d6/Lb_resource_model_trinity.JPG}}
+
5. '''stats''': A stats object indicates the traffic statistics for a specified pool
 +
 
 +
Extensions: The core resource model is extensible by associating other objects such as applicationProfile to the core resources.
 +
 
 +
1. '''Application-profile''': An application profile contains the advanced configuration to manage application-specific network traffic in a  variety of ways, depending on the protocols and services being used. For  example, you can configure SSL client certificates before passing  requests on to a target server. After configuring a profile, you  associate the profile with a virtual server. The virtual server then  processes traffic according to the values specified in the profile.
 +
 
 +
{{http://wiki.openstack.org/LBaaS/CoreResourceModel/proposal?action=[[AttachFile]]&do=get&target=loadbalancer_resource_model_openstack_v2.JPG}}
 +
 
 +
== [[ApplicationProfile]] Properties ==
 +
This table illustrates some settings as part of [[ApplicationProfile]]. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.
 +
{| border="1" cellpadding="2" cellspacing="0"
 +
| '''Categories'''
 +
|-
 +
| Global
 +
|-
 +
|<style="text-align:center" |3>|Application
 +
|-
 +
|-
 +
|-
 +
| Protocol
 +
|-
 +
|<style="text-align:center" |6>|SSL
 +
|-
 +
|-
 +
|-
 +
|-
 +
|-
 +
|}
 +
 
 +
= Object Definition =
 +
This section illustrates the object scheme in JSON format by usng an example configuration:
 +
 
 +
1. 5x [[VirtualServers]] for HTTP, HTTPS, SSL_passthrough, TCP and HTTP Redirection
 +
 
 +
2. 2x Pools, each has 2x members
 +
 
 +
3. 3x Monitors with different types
 +
 
 +
'''Note:''' As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In [[LoadBalancer]] configuration, user can specify SSL settings as part of [[ApplicationProfile]] by using the references to those objects.
 +
 
 +
 
 +
<pre><nowiki>
 +
{
 +
  "loadBalancer": {
 +
    "vip": [
 +
      {
 +
        "id": "1",
 +
        "name": "http_lb",
 +
        "description": "VIP for http traffic",
 +
        "networkID": "pubnwk-1",
 +
        "address": "192.168.1.101",
 +
        "protocol": "HTTP",
 +
        "port": "80",
 +
        "sessionPersistence": {
 +
          "method": "COOKIE",
 +
          "cookieName": "JSESSIONID",
 +
          "cookieMode": "INSERT"
 +
        },
 +
        "connectionLimit": "1000",
 +
        "applicationProfileId": "1",
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "poolId": "1"
 +
      },
 +
      {
 +
        "id": "2",
 +
        "name": "https_lb",
 +
        "description": "virtualServerforhttpstraffic",
 +
        "address": "192.168.1.101",
 +
        "networkID": "pubnwk-1",
 +
        "protocol": "HTTPS",
 +
        "port": "443",
 +
        "sessionPersistence": {
 +
          "method": "COOKIE",
 +
          "cookieName": "JSESSIONID",
 +
          "cookieMode": "PREFIX"
 +
        },
 +
        "connectionLimit": "1000",
 +
        "applicationProfileId": "2",
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "poolId": "1",
 +
 
 +
      },
 +
      {
 +
        "id": "3",
 +
        "name": "https_passthrough_lb",
 +
        "description": "virtualServerforhttpspassthroughtraffic",
 +
        "address": "192.168.1.102",
 +
        "networkID": "pubnwk-1",
 +
        "protocol": "HTTPS",
 +
        "port": "443",
 +
        "sessionPersistence": {
 +
          "method": "SSL_SESSION_ID"
 +
        },
 +
        "connectionLimit": "1000",
 +
        "applicationProfileId": "3",
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "poolId": "2"
 +
      },
 +
      {
 +
        "id": "4",
 +
        "name": "tcp_lb",
 +
        "description": "virtualServerfortcptraffic",
 +
        "address": "192.168.1.101",
 +
        "networkID": "pubnwk-1",
 +
        "protocol": "TCP",
 +
        "port": "8080",
 +
        "sessionPersistence": {
 +
          "method": "SSL_SESSION_ID"
 +
        },
 +
        "connectionLimit": "1000",
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "poolId": "1"
 +
      },
 +
      {
 +
        "5",
 +
        "name": "http_redirect_lb",
 +
        "description": "virtualServerforhttpredirection",
 +
        "address": "192.168.1.101",
 +
        "protocol": "HTTP",
 +
        "port": "800",
 +
        "connectionLimit": "1000",
 +
        "applicationProfileId": "4",
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "poolId": "1"
 +
      }
 +
    ],
 +
    "pool": [
 +
      {
 +
        "id": "1",
 +
        "name": "http-pool",
 +
        "description": "poolforhttpandhttpstraffic",
 +
        "lbMethod": "ROUND_ROBIN",
 +
        "healthMonitorIds": [
 +
          "1"
 +
        ],
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "member": [
 +
          {
 +
            "id": "1",
 +
            "ipAddress": "192.168.4.103",
 +
            "weight": "10",
 +
            "port": "80",
 +
            "healthMonitorIds": [
 +
              "3"
 +
            ],
 +
            "connectionLimit": "100000",
 +
            "adminState": "ENABLED",
 +
            "status": "UP"
 +
          },
 +
          {
 +
            "id": "2",
 +
            "ipAddress": "192.168.4.104",
 +
            "weight": "20",
 +
            "port": "80",
 +
            "connectionLimit": "100000",
 +
            "adminState": "ENABLED",
 +
            "status": "DOWN"
 +
          }
 +
        ]
 +
      },
 +
      {
 +
        "id": "2",
 +
        "name": "https-pool",
 +
        "description": "poolforhttpandhttpstraffic",
 +
        "lbMethod": "IP_HASH",
 +
        "healthMonitorIds": [
 +
          "2"
 +
        ],
 +
        "adminState": "ENABLED",
 +
        "status": "ENABLED",
 +
        "member": [
 +
          {
 +
            "id": "1",
 +
            "ipAddress": "192.168.4.103",
 +
            "weight": "10",
 +
            "port": "443",
 +
            "connectionLimit": "100000",
 +
            "adminState": "ENABLED",
 +
            "status": "UP"
 +
          },
 +
          {
 +
            "id": "2",
 +
            "ipAddress": "192.168.4.104",
 +
            "weight": "20",
 +
            "port": "443",
 +
            "connectionLimit": "100000",
 +
            "adminState": "ENABLED",
 +
            "status": "UP"
 +
          }
 +
        ]
 +
      }
 +
    ],
 +
    "applicationProfiles": {
 +
      "applicationProfile": [
 +
        {
 +
          "id": "1",
 +
          "name": "http_profile",
 +
          "insertXForwardedFor": "true",
 +
 
 +
        },
 +
        {
 +
          "id": "2",
 +
          "name": "https_profile",
 +
          "sslPassthrough": "false",
 +
          "clientSsl": {
 +
            "verifyRequired": "false",
 +
            "serverCertificate": "server-cert-1",
 +
            "caCertificates": {
 +
              "caCertificate": "ca-cert-1"
 +
            },
 +
            "crlCertificates": {
 +
              "crlCertificate": "crl"
 +
            },
 +
            "ciphers": "AES256"
 +
          }
 +
        },
 +
        {
 +
          "id": "3",
 +
          "name": "ssl_profile",
 +
          "sslPassthrough": "true"
 +
        },
 +
        {
 +
          "id": "4",
 +
          "name": "http_redirection_profile",
 +
          "httpRedirect": {
 +
            "destUrl": "https: //www.company.com/login"
 +
          }
 +
        }
 +
      ]
 +
    },
 +
    "monitorService": {
 +
      "checkTimeout": "60",
 +
      "monitors": [
 +
        {
 +
          "id": "1",
 +
          "name": "http-monitor",
 +
          "type": "HTTP",
 +
          "delay": "1",
 +
          "interval": "10",
 +
          "timeout": "20",
 +
          "maxRetryAttempts": "3",
 +
          "method": "GET",
 +
          "path": "/",
 +
          "expected": "\"200-204\""
 +
        },
 +
        {
 +
          "id": "2",
 +
          "name": "https-monitor",
 +
          "type": "HTTPS",
 +
          "delay": "2",
 +
          "interval": "10",
 +
          "timeout": "20",
 +
          "maxRetryAttempts": "3",
 +
          "method": "SSL"
 +
        },
 +
        {
 +
          "id": "3",
 +
          "name": "tcp-monitor",
 +
          "type": "TCP",
 +
          "delay": "5",
 +
          "interval": "10",
 +
          "timeout": "30",
 +
          "maxRetryAttempts": "2"
 +
        }
 +
      ]
 +
    }
 +
  }
 +
}
 +
</nowiki></pre>
 +
 
 +
'''How F5 BIG-IP gets configured'''
 +
 
 +
To translate this resource model to F5 Big-IP, user will:
 +
 
 +
1. Create a set of profiles, which define the persitence, ssl, http configurations.
 +
 
 +
2. Create two virtualServers:
 +
 
 +
* '''a)''' VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.
 +
 
 +
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.
 +
 
 +
3. Create two pools:
 +
 
 +
* '''a)''' Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool
 +
 
 +
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103
 +
 
 +
4. Configure default pool for each [[VirtualServer]]:
 +
 
 +
* '''a)''' VS_http use Pool_http as the default pool
 +
 
 +
b. VS_https uses Pool_https as the default pool
 +
 
 +
= API =
 +
This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs:
 +
{| border="1" cellpadding="2" cellspacing="0"
 +
|colspan="4" <style="text-align:center">|'''Loadbalancer API'''
 +
| '''eBay LBMS API'''
 +
|-
 +
| ''Category''
 +
| ''URL''
 +
| ''API''
 +
| ''Details''
 +
| ''API''
 +
|-
 +
|<style="text-align:center" |2>|VIP
 +
| /loadbalancer/vips
 +
|<style="text-align:center" |2>|CRUD
 +
|<style="text-align:center" |2>|Manage loadbalancer VIPs
 +
|<style="text-align:center" |2>|VIP APIs
 +
|-
 +
|-
 +
|<style="text-align:center" |2>|Pool
 +
| /loadbalancer/pools
 +
|<style="text-align:center" |2>|CRUD
 +
|<style="text-align:center" |2>|Manage loadbalancer Pools
 +
|<style="text-align:center" |2>|Pool APIs
 +
|-
 +
|-
 +
|<style="text-align:center" |2>|Member
 +
| /loadbalancer/pools/:poolid/members
 +
|<style="text-align:center" |2>|CRUD
 +
|<style="text-align:center" |2>|Manage the members under a Pool
 +
|<style="text-align:center" |2>|Service APIs
 +
|-
 +
|-
 +
|<style="text-align:center" |2>|[[HealthMonitor]]
 +
| /loadbalancer/healthmonitors
 +
|<style="text-align:center" |2>|CRUD
 +
|<style="text-align:center" |2>|Manage health monitors
 +
|<style="text-align:center" |2>|Monitor APIs
 +
|-
 +
|-
 +
| Statistics
 +
| /loadbalancer/pools/statistics
 +
| GET
 +
| Get statistics and status
 +
| Metric APIs
 +
|-
 +
|<style="text-align:center" |2>|Configuration
 +
| /loadbalancer/protocols
 +
|<style="text-align:center" |2>|GET
 +
|<style="text-align:center" |2>|Get supported protocols and algorithms
 +
|-
 +
|-
 +
|colspan="4" <style="text-align:center">|'''Extension API'''
 +
| unsupported
 +
|-
 +
|<style="text-align:center" |2>|[[ApplicationProfile]]
 +
| /loadbalancer/extensions/applicationprofiles
 +
|<style="text-align:center" |2>|CRUD
 +
|<style="text-align:center" |2>|Manage loadbalancer applicationProfiles
 +
|<style="text-align:center" |2>|VIP+Policy APIs
 +
|-
 +
|}

Latest revision as of 15:54, 21 June 2013

Resource Model

Top Objects

Core objects in the resource model focused around config re-use and enterprise-targeted feature set:

1. VIP: A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions.

2. Pool: A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic.

3. Member: A pool member represents the application running on backend server.

4. Monitor: A health monitor can monitor the health or performance of either pool members or servers.

5. stats: A stats object indicates the traffic statistics for a specified pool

Extensions: The core resource model is extensible by associating other objects such as applicationProfile to the core resources.

1. Application-profile: An application profile contains the advanced configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.

{{http://wiki.openstack.org/LBaaS/CoreResourceModel/proposal?action=AttachFile&do=get&target=loadbalancer_resource_model_openstack_v2.JPG}}

ApplicationProfile Properties

This table illustrates some settings as part of ApplicationProfile. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.

Categories
Global
3>|Application
Protocol
6>|SSL

Object Definition

This section illustrates the object scheme in JSON format by usng an example configuration:

1. 5x VirtualServers for HTTP, HTTPS, SSL_passthrough, TCP and HTTP Redirection

2. 2x Pools, each has 2x members

3. 3x Monitors with different types

Note: As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In LoadBalancer configuration, user can specify SSL settings as part of ApplicationProfile by using the references to those objects. 


{
  "loadBalancer": {
    "vip": [
      {
        "id": "1",
        "name": "http_lb",
        "description": "VIP for http traffic",
        "networkID": "pubnwk-1",
        "address": "192.168.1.101",
        "protocol": "HTTP",
        "port": "80",
        "sessionPersistence": {
          "method": "COOKIE",
          "cookieName": "JSESSIONID",
          "cookieMode": "INSERT"
        },
        "connectionLimit": "1000",
        "applicationProfileId": "1",
        "adminState": "ENABLED",
        "status": "ENABLED",
        "poolId": "1"
      },
      {
        "id": "2",
        "name": "https_lb",
        "description": "virtualServerforhttpstraffic",
        "address": "192.168.1.101",
        "networkID": "pubnwk-1",
        "protocol": "HTTPS",
        "port": "443",
        "sessionPersistence": {
          "method": "COOKIE",
          "cookieName": "JSESSIONID",
          "cookieMode": "PREFIX"
        },
        "connectionLimit": "1000",
        "applicationProfileId": "2",
        "adminState": "ENABLED",
        "status": "ENABLED",
        "poolId": "1",

      },
      {
        "id": "3",
        "name": "https_passthrough_lb",
        "description": "virtualServerforhttpspassthroughtraffic",
        "address": "192.168.1.102",
        "networkID": "pubnwk-1",
        "protocol": "HTTPS",
        "port": "443",
        "sessionPersistence": {
          "method": "SSL_SESSION_ID"
        },
        "connectionLimit": "1000",
        "applicationProfileId": "3",
        "adminState": "ENABLED",
        "status": "ENABLED",
        "poolId": "2"
      },
      {
        "id": "4",
        "name": "tcp_lb",
        "description": "virtualServerfortcptraffic",
        "address": "192.168.1.101",
        "networkID": "pubnwk-1",
        "protocol": "TCP",
        "port": "8080",
        "sessionPersistence": {
          "method": "SSL_SESSION_ID"
        },
        "connectionLimit": "1000",
        "adminState": "ENABLED",
        "status": "ENABLED",
        "poolId": "1"
      },
      {
        "5",
        "name": "http_redirect_lb",
        "description": "virtualServerforhttpredirection",
        "address": "192.168.1.101",
        "protocol": "HTTP",
        "port": "800",
        "connectionLimit": "1000",
        "applicationProfileId": "4",
        "adminState": "ENABLED",
        "status": "ENABLED",
        "poolId": "1"
      }
    ],
    "pool": [
      {
        "id": "1",
        "name": "http-pool",
        "description": "poolforhttpandhttpstraffic",
        "lbMethod": "ROUND_ROBIN",
        "healthMonitorIds": [
          "1"
        ],
        "adminState": "ENABLED",
        "status": "ENABLED",
        "member": [
          {
            "id": "1",
            "ipAddress": "192.168.4.103",
            "weight": "10",
            "port": "80",
            "healthMonitorIds": [
              "3"
            ],
            "connectionLimit": "100000",
            "adminState": "ENABLED",
            "status": "UP"
          },
          {
            "id": "2",
            "ipAddress": "192.168.4.104",
            "weight": "20",
            "port": "80",
            "connectionLimit": "100000",
            "adminState": "ENABLED",
            "status": "DOWN"
          }
        ]
      },
      {
        "id": "2",
        "name": "https-pool",
        "description": "poolforhttpandhttpstraffic",
        "lbMethod": "IP_HASH",
        "healthMonitorIds": [
          "2"
        ],
        "adminState": "ENABLED",
        "status": "ENABLED",
        "member": [
          {
            "id": "1",
            "ipAddress": "192.168.4.103",
            "weight": "10",
            "port": "443",
            "connectionLimit": "100000",
            "adminState": "ENABLED",
            "status": "UP"
          },
          {
            "id": "2",
            "ipAddress": "192.168.4.104",
            "weight": "20",
            "port": "443",
            "connectionLimit": "100000",
            "adminState": "ENABLED",
            "status": "UP"
          }
        ]
      }
    ],
    "applicationProfiles": {
      "applicationProfile": [
        {
          "id": "1",
          "name": "http_profile",
          "insertXForwardedFor": "true",

        },
        {
          "id": "2",
          "name": "https_profile",
          "sslPassthrough": "false",
          "clientSsl": {
            "verifyRequired": "false",
            "serverCertificate": "server-cert-1",
            "caCertificates": {
              "caCertificate": "ca-cert-1"
            },
            "crlCertificates": {
              "crlCertificate": "crl"
            },
            "ciphers": "AES256"
          }
        },
        {
          "id": "3",
          "name": "ssl_profile",
          "sslPassthrough": "true"
        },
        {
          "id": "4",
          "name": "http_redirection_profile",
          "httpRedirect": {
            "destUrl": "https: //www.company.com/login"
          }
        }
      ]
    },
    "monitorService": {
      "checkTimeout": "60",
      "monitors": [
        {
          "id": "1",
          "name": "http-monitor",
          "type": "HTTP",
          "delay": "1",
          "interval": "10",
          "timeout": "20",
          "maxRetryAttempts": "3",
          "method": "GET",
          "path": "/",
          "expected": "\"200-204\""
        },
        {
          "id": "2",
          "name": "https-monitor",
          "type": "HTTPS",
          "delay": "2",
          "interval": "10",
          "timeout": "20",
          "maxRetryAttempts": "3",
          "method": "SSL"
        },
        {
          "id": "3",
          "name": "tcp-monitor",
          "type": "TCP",
          "delay": "5",
          "interval": "10",
          "timeout": "30",
          "maxRetryAttempts": "2"
        }
      ]
    }
  }
}

How F5 BIG-IP gets configured

To translate this resource model to F5 Big-IP, user will:

1. Create a set of profiles, which define the persitence, ssl, http configurations.

2. Create two virtualServers:

  • a) VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.

3. Create two pools:

  • a) Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103

4. Configure default pool for each VirtualServer:

  • a) VS_http use Pool_http as the default pool
b. VS_https uses Pool_https as the default pool

API

This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs:

Loadbalancer API eBay LBMS API
Category URL API Details API
2>|VIP /loadbalancer/vips 2>|CRUD 2>|Manage loadbalancer VIPs 2>|VIP APIs
2>|Pool /loadbalancer/pools 2>|CRUD 2>|Manage loadbalancer Pools 2>|Pool APIs
2>|Member /loadbalancer/pools/:poolid/members 2>|CRUD 2>|Manage the members under a Pool 2>|Service APIs
2>|HealthMonitor /loadbalancer/healthmonitors 2>|CRUD 2>|Manage health monitors 2>|Monitor APIs
Statistics /loadbalancer/pools/statistics GET Get statistics and status Metric APIs
2>|Configuration /loadbalancer/protocols 2>|GET 2>|Get supported protocols and algorithms
Extension API unsupported
2>|ApplicationProfile /loadbalancer/extensions/applicationprofiles 2>|CRUD 2>|Manage loadbalancer applicationProfiles 2>|VIP+Policy APIs
Retrieved from "https://wiki.openstack.org/w/index.php?title=Neutron/LBaaS/LBaaS_reuse_option&oldid=24663"