Difference between revisions of "Neutron/LBaaS/LBaaS reuse option"
m (ThierryCarrez moved page Quantum/LBaaS/LBaaS reuse option to Neutron/LBaaS/LBaaS reuse option) |
|||
(17 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | + | ||
= Resource Model = | = Resource Model = | ||
− | A | + | == Top Objects == |
+ | Core objects in the resource model focused around config re-use and enterprise-targeted feature set: | ||
+ | |||
+ | 1. '''VIP''': A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions. | ||
+ | |||
+ | 2. '''Pool''': A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic. | ||
+ | |||
+ | 3. '''Member''': A pool member represents the application running on backend server. | ||
+ | |||
+ | 4. '''Monitor''': A health monitor can monitor the health or performance of either pool members or servers. | ||
+ | |||
+ | 5. '''stats''': A stats object indicates the traffic statistics for a specified pool | ||
+ | |||
+ | Extensions: The core resource model is extensible by associating other objects such as applicationProfile to the core resources. | ||
+ | |||
+ | 1. '''Application-profile''': An application profile contains the advanced configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile. | ||
+ | |||
+ | {{http://wiki.openstack.org/LBaaS/CoreResourceModel/proposal?action=[[AttachFile]]&do=get&target=loadbalancer_resource_model_openstack_v2.JPG}} | ||
+ | |||
+ | == [[ApplicationProfile]] Properties == | ||
+ | This table illustrates some settings as part of [[ApplicationProfile]]. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it. | ||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | '''Categories''' | ||
+ | |- | ||
+ | | Global | ||
+ | |- | ||
+ | |<style="text-align:center" |3>|Application | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | | Protocol | ||
+ | |- | ||
+ | |<style="text-align:center" |6>|SSL | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | = Object Definition = | ||
+ | This section illustrates the object scheme in JSON format by usng an example configuration: | ||
+ | |||
+ | 1. 5x [[VirtualServers]] for HTTP, HTTPS, SSL_passthrough, TCP and HTTP Redirection | ||
+ | |||
+ | 2. 2x Pools, each has 2x members | ||
+ | |||
+ | 3. 3x Monitors with different types | ||
+ | |||
+ | '''Note:''' As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In [[LoadBalancer]] configuration, user can specify SSL settings as part of [[ApplicationProfile]] by using the references to those objects. | ||
+ | |||
+ | |||
+ | <pre><nowiki> | ||
+ | { | ||
+ | "loadBalancer": { | ||
+ | "vip": [ | ||
+ | { | ||
+ | "id": "1", | ||
+ | "name": "http_lb", | ||
+ | "description": "VIP for http traffic", | ||
+ | "networkID": "pubnwk-1", | ||
+ | "address": "192.168.1.101", | ||
+ | "protocol": "HTTP", | ||
+ | "port": "80", | ||
+ | "sessionPersistence": { | ||
+ | "method": "COOKIE", | ||
+ | "cookieName": "JSESSIONID", | ||
+ | "cookieMode": "INSERT" | ||
+ | }, | ||
+ | "connectionLimit": "1000", | ||
+ | "applicationProfileId": "1", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "poolId": "1" | ||
+ | }, | ||
+ | { | ||
+ | "id": "2", | ||
+ | "name": "https_lb", | ||
+ | "description": "virtualServerforhttpstraffic", | ||
+ | "address": "192.168.1.101", | ||
+ | "networkID": "pubnwk-1", | ||
+ | "protocol": "HTTPS", | ||
+ | "port": "443", | ||
+ | "sessionPersistence": { | ||
+ | "method": "COOKIE", | ||
+ | "cookieName": "JSESSIONID", | ||
+ | "cookieMode": "PREFIX" | ||
+ | }, | ||
+ | "connectionLimit": "1000", | ||
+ | "applicationProfileId": "2", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "poolId": "1", | ||
+ | |||
+ | }, | ||
+ | { | ||
+ | "id": "3", | ||
+ | "name": "https_passthrough_lb", | ||
+ | "description": "virtualServerforhttpspassthroughtraffic", | ||
+ | "address": "192.168.1.102", | ||
+ | "networkID": "pubnwk-1", | ||
+ | "protocol": "HTTPS", | ||
+ | "port": "443", | ||
+ | "sessionPersistence": { | ||
+ | "method": "SSL_SESSION_ID" | ||
+ | }, | ||
+ | "connectionLimit": "1000", | ||
+ | "applicationProfileId": "3", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "poolId": "2" | ||
+ | }, | ||
+ | { | ||
+ | "id": "4", | ||
+ | "name": "tcp_lb", | ||
+ | "description": "virtualServerfortcptraffic", | ||
+ | "address": "192.168.1.101", | ||
+ | "networkID": "pubnwk-1", | ||
+ | "protocol": "TCP", | ||
+ | "port": "8080", | ||
+ | "sessionPersistence": { | ||
+ | "method": "SSL_SESSION_ID" | ||
+ | }, | ||
+ | "connectionLimit": "1000", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "poolId": "1" | ||
+ | }, | ||
+ | { | ||
+ | "5", | ||
+ | "name": "http_redirect_lb", | ||
+ | "description": "virtualServerforhttpredirection", | ||
+ | "address": "192.168.1.101", | ||
+ | "protocol": "HTTP", | ||
+ | "port": "800", | ||
+ | "connectionLimit": "1000", | ||
+ | "applicationProfileId": "4", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "poolId": "1" | ||
+ | } | ||
+ | ], | ||
+ | "pool": [ | ||
+ | { | ||
+ | "id": "1", | ||
+ | "name": "http-pool", | ||
+ | "description": "poolforhttpandhttpstraffic", | ||
+ | "lbMethod": "ROUND_ROBIN", | ||
+ | "healthMonitorIds": [ | ||
+ | "1" | ||
+ | ], | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "member": [ | ||
+ | { | ||
+ | "id": "1", | ||
+ | "ipAddress": "192.168.4.103", | ||
+ | "weight": "10", | ||
+ | "port": "80", | ||
+ | "healthMonitorIds": [ | ||
+ | "3" | ||
+ | ], | ||
+ | "connectionLimit": "100000", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "UP" | ||
+ | }, | ||
+ | { | ||
+ | "id": "2", | ||
+ | "ipAddress": "192.168.4.104", | ||
+ | "weight": "20", | ||
+ | "port": "80", | ||
+ | "connectionLimit": "100000", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "DOWN" | ||
+ | } | ||
+ | ] | ||
+ | }, | ||
+ | { | ||
+ | "id": "2", | ||
+ | "name": "https-pool", | ||
+ | "description": "poolforhttpandhttpstraffic", | ||
+ | "lbMethod": "IP_HASH", | ||
+ | "healthMonitorIds": [ | ||
+ | "2" | ||
+ | ], | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "ENABLED", | ||
+ | "member": [ | ||
+ | { | ||
+ | "id": "1", | ||
+ | "ipAddress": "192.168.4.103", | ||
+ | "weight": "10", | ||
+ | "port": "443", | ||
+ | "connectionLimit": "100000", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "UP" | ||
+ | }, | ||
+ | { | ||
+ | "id": "2", | ||
+ | "ipAddress": "192.168.4.104", | ||
+ | "weight": "20", | ||
+ | "port": "443", | ||
+ | "connectionLimit": "100000", | ||
+ | "adminState": "ENABLED", | ||
+ | "status": "UP" | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | ], | ||
+ | "applicationProfiles": { | ||
+ | "applicationProfile": [ | ||
+ | { | ||
+ | "id": "1", | ||
+ | "name": "http_profile", | ||
+ | "insertXForwardedFor": "true", | ||
+ | |||
+ | }, | ||
+ | { | ||
+ | "id": "2", | ||
+ | "name": "https_profile", | ||
+ | "sslPassthrough": "false", | ||
+ | "clientSsl": { | ||
+ | "verifyRequired": "false", | ||
+ | "serverCertificate": "server-cert-1", | ||
+ | "caCertificates": { | ||
+ | "caCertificate": "ca-cert-1" | ||
+ | }, | ||
+ | "crlCertificates": { | ||
+ | "crlCertificate": "crl" | ||
+ | }, | ||
+ | "ciphers": "AES256" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "id": "3", | ||
+ | "name": "ssl_profile", | ||
+ | "sslPassthrough": "true" | ||
+ | }, | ||
+ | { | ||
+ | "id": "4", | ||
+ | "name": "http_redirection_profile", | ||
+ | "httpRedirect": { | ||
+ | "destUrl": "https: //www.company.com/login" | ||
+ | } | ||
+ | } | ||
+ | ] | ||
+ | }, | ||
+ | "monitorService": { | ||
+ | "checkTimeout": "60", | ||
+ | "monitors": [ | ||
+ | { | ||
+ | "id": "1", | ||
+ | "name": "http-monitor", | ||
+ | "type": "HTTP", | ||
+ | "delay": "1", | ||
+ | "interval": "10", | ||
+ | "timeout": "20", | ||
+ | "maxRetryAttempts": "3", | ||
+ | "method": "GET", | ||
+ | "path": "/", | ||
+ | "expected": "\"200-204\"" | ||
+ | }, | ||
+ | { | ||
+ | "id": "2", | ||
+ | "name": "https-monitor", | ||
+ | "type": "HTTPS", | ||
+ | "delay": "2", | ||
+ | "interval": "10", | ||
+ | "timeout": "20", | ||
+ | "maxRetryAttempts": "3", | ||
+ | "method": "SSL" | ||
+ | }, | ||
+ | { | ||
+ | "id": "3", | ||
+ | "name": "tcp-monitor", | ||
+ | "type": "TCP", | ||
+ | "delay": "5", | ||
+ | "interval": "10", | ||
+ | "timeout": "30", | ||
+ | "maxRetryAttempts": "2" | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </nowiki></pre> | ||
+ | |||
+ | '''How F5 BIG-IP gets configured''' | ||
+ | |||
+ | To translate this resource model to F5 Big-IP, user will: | ||
+ | |||
+ | 1. Create a set of profiles, which define the persitence, ssl, http configurations. | ||
+ | |||
+ | 2. Create two virtualServers: | ||
+ | |||
+ | * '''a)''' VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver. | ||
+ | |||
+ | b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver. | ||
+ | |||
+ | 3. Create two pools: | ||
− | + | * '''a)''' Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool | |
− | + | b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103 | |
− | + | 4. Configure default pool for each [[VirtualServer]]: | |
− | + | * '''a)''' VS_http use Pool_http as the default pool | |
− | + | b. VS_https uses Pool_https as the default pool | |
− | { | + | = API = |
+ | This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs: | ||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | |colspan="4" <style="text-align:center">|'''Loadbalancer API''' | ||
+ | | '''eBay LBMS API''' | ||
+ | |- | ||
+ | | ''Category'' | ||
+ | | ''URL'' | ||
+ | | ''API'' | ||
+ | | ''Details'' | ||
+ | | ''API'' | ||
+ | |- | ||
+ | |<style="text-align:center" |2>|VIP | ||
+ | | /loadbalancer/vips | ||
+ | |<style="text-align:center" |2>|CRUD | ||
+ | |<style="text-align:center" |2>|Manage loadbalancer VIPs | ||
+ | |<style="text-align:center" |2>|VIP APIs | ||
+ | |- | ||
+ | |- | ||
+ | |<style="text-align:center" |2>|Pool | ||
+ | | /loadbalancer/pools | ||
+ | |<style="text-align:center" |2>|CRUD | ||
+ | |<style="text-align:center" |2>|Manage loadbalancer Pools | ||
+ | |<style="text-align:center" |2>|Pool APIs | ||
+ | |- | ||
+ | |- | ||
+ | |<style="text-align:center" |2>|Member | ||
+ | | /loadbalancer/pools/:poolid/members | ||
+ | |<style="text-align:center" |2>|CRUD | ||
+ | |<style="text-align:center" |2>|Manage the members under a Pool | ||
+ | |<style="text-align:center" |2>|Service APIs | ||
+ | |- | ||
+ | |- | ||
+ | |<style="text-align:center" |2>|[[HealthMonitor]] | ||
+ | | /loadbalancer/healthmonitors | ||
+ | |<style="text-align:center" |2>|CRUD | ||
+ | |<style="text-align:center" |2>|Manage health monitors | ||
+ | |<style="text-align:center" |2>|Monitor APIs | ||
+ | |- | ||
+ | |- | ||
+ | | Statistics | ||
+ | | /loadbalancer/pools/statistics | ||
+ | | GET | ||
+ | | Get statistics and status | ||
+ | | Metric APIs | ||
+ | |- | ||
+ | |<style="text-align:center" |2>|Configuration | ||
+ | | /loadbalancer/protocols | ||
+ | |<style="text-align:center" |2>|GET | ||
+ | |<style="text-align:center" |2>|Get supported protocols and algorithms | ||
+ | |- | ||
+ | |- | ||
+ | |colspan="4" <style="text-align:center">|'''Extension API''' | ||
+ | | unsupported | ||
+ | |- | ||
+ | |<style="text-align:center" |2>|[[ApplicationProfile]] | ||
+ | | /loadbalancer/extensions/applicationprofiles | ||
+ | |<style="text-align:center" |2>|CRUD | ||
+ | |<style="text-align:center" |2>|Manage loadbalancer applicationProfiles | ||
+ | |<style="text-align:center" |2>|VIP+Policy APIs | ||
+ | |- | ||
+ | |} |
Latest revision as of 15:54, 21 June 2013
Contents
Resource Model
Top Objects
Core objects in the resource model focused around config re-use and enterprise-targeted feature set:
1. VIP: A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions.
2. Pool: A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic.
3. Member: A pool member represents the application running on backend server.
4. Monitor: A health monitor can monitor the health or performance of either pool members or servers.
5. stats: A stats object indicates the traffic statistics for a specified pool
Extensions: The core resource model is extensible by associating other objects such as applicationProfile to the core resources.
1. Application-profile: An application profile contains the advanced configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.
{{http://wiki.openstack.org/LBaaS/CoreResourceModel/proposal?action=AttachFile&do=get&target=loadbalancer_resource_model_openstack_v2.JPG}}
ApplicationProfile Properties
This table illustrates some settings as part of ApplicationProfile. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.
Categories |
Global |
3>|Application |
Protocol |
6>|SSL |
Object Definition
This section illustrates the object scheme in JSON format by usng an example configuration:
1. 5x VirtualServers for HTTP, HTTPS, SSL_passthrough, TCP and HTTP Redirection
2. 2x Pools, each has 2x members
3. 3x Monitors with different types
Note: As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In LoadBalancer configuration, user can specify SSL settings as part of ApplicationProfile by using the references to those objects.
{ "loadBalancer": { "vip": [ { "id": "1", "name": "http_lb", "description": "VIP for http traffic", "networkID": "pubnwk-1", "address": "192.168.1.101", "protocol": "HTTP", "port": "80", "sessionPersistence": { "method": "COOKIE", "cookieName": "JSESSIONID", "cookieMode": "INSERT" }, "connectionLimit": "1000", "applicationProfileId": "1", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1" }, { "id": "2", "name": "https_lb", "description": "virtualServerforhttpstraffic", "address": "192.168.1.101", "networkID": "pubnwk-1", "protocol": "HTTPS", "port": "443", "sessionPersistence": { "method": "COOKIE", "cookieName": "JSESSIONID", "cookieMode": "PREFIX" }, "connectionLimit": "1000", "applicationProfileId": "2", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1", }, { "id": "3", "name": "https_passthrough_lb", "description": "virtualServerforhttpspassthroughtraffic", "address": "192.168.1.102", "networkID": "pubnwk-1", "protocol": "HTTPS", "port": "443", "sessionPersistence": { "method": "SSL_SESSION_ID" }, "connectionLimit": "1000", "applicationProfileId": "3", "adminState": "ENABLED", "status": "ENABLED", "poolId": "2" }, { "id": "4", "name": "tcp_lb", "description": "virtualServerfortcptraffic", "address": "192.168.1.101", "networkID": "pubnwk-1", "protocol": "TCP", "port": "8080", "sessionPersistence": { "method": "SSL_SESSION_ID" }, "connectionLimit": "1000", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1" }, { "5", "name": "http_redirect_lb", "description": "virtualServerforhttpredirection", "address": "192.168.1.101", "protocol": "HTTP", "port": "800", "connectionLimit": "1000", "applicationProfileId": "4", "adminState": "ENABLED", "status": "ENABLED", "poolId": "1" } ], "pool": [ { "id": "1", "name": "http-pool", "description": "poolforhttpandhttpstraffic", "lbMethod": "ROUND_ROBIN", "healthMonitorIds": [ "1" ], "adminState": "ENABLED", "status": "ENABLED", "member": [ { "id": "1", "ipAddress": "192.168.4.103", "weight": "10", "port": "80", "healthMonitorIds": [ "3" ], "connectionLimit": "100000", "adminState": "ENABLED", "status": "UP" }, { "id": "2", "ipAddress": "192.168.4.104", "weight": "20", "port": "80", "connectionLimit": "100000", "adminState": "ENABLED", "status": "DOWN" } ] }, { "id": "2", "name": "https-pool", "description": "poolforhttpandhttpstraffic", "lbMethod": "IP_HASH", "healthMonitorIds": [ "2" ], "adminState": "ENABLED", "status": "ENABLED", "member": [ { "id": "1", "ipAddress": "192.168.4.103", "weight": "10", "port": "443", "connectionLimit": "100000", "adminState": "ENABLED", "status": "UP" }, { "id": "2", "ipAddress": "192.168.4.104", "weight": "20", "port": "443", "connectionLimit": "100000", "adminState": "ENABLED", "status": "UP" } ] } ], "applicationProfiles": { "applicationProfile": [ { "id": "1", "name": "http_profile", "insertXForwardedFor": "true", }, { "id": "2", "name": "https_profile", "sslPassthrough": "false", "clientSsl": { "verifyRequired": "false", "serverCertificate": "server-cert-1", "caCertificates": { "caCertificate": "ca-cert-1" }, "crlCertificates": { "crlCertificate": "crl" }, "ciphers": "AES256" } }, { "id": "3", "name": "ssl_profile", "sslPassthrough": "true" }, { "id": "4", "name": "http_redirection_profile", "httpRedirect": { "destUrl": "https: //www.company.com/login" } } ] }, "monitorService": { "checkTimeout": "60", "monitors": [ { "id": "1", "name": "http-monitor", "type": "HTTP", "delay": "1", "interval": "10", "timeout": "20", "maxRetryAttempts": "3", "method": "GET", "path": "/", "expected": "\"200-204\"" }, { "id": "2", "name": "https-monitor", "type": "HTTPS", "delay": "2", "interval": "10", "timeout": "20", "maxRetryAttempts": "3", "method": "SSL" }, { "id": "3", "name": "tcp-monitor", "type": "TCP", "delay": "5", "interval": "10", "timeout": "30", "maxRetryAttempts": "2" } ] } } }
How F5 BIG-IP gets configured
To translate this resource model to F5 Big-IP, user will:
1. Create a set of profiles, which define the persitence, ssl, http configurations.
2. Create two virtualServers:
- a) VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.
3. Create two pools:
- a) Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103
4. Configure default pool for each VirtualServer:
- a) VS_http use Pool_http as the default pool
b. VS_https uses Pool_https as the default pool
API
This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs:
Loadbalancer API | eBay LBMS API | |||
Category | URL | API | Details | API |
2>|VIP | /loadbalancer/vips | 2>|CRUD | 2>|Manage loadbalancer VIPs | 2>|VIP APIs |
2>|Pool | /loadbalancer/pools | 2>|CRUD | 2>|Manage loadbalancer Pools | 2>|Pool APIs |
2>|Member | /loadbalancer/pools/:poolid/members | 2>|CRUD | 2>|Manage the members under a Pool | 2>|Service APIs |
2>|HealthMonitor | /loadbalancer/healthmonitors | 2>|CRUD | 2>|Manage health monitors | 2>|Monitor APIs |
Statistics | /loadbalancer/pools/statistics | GET | Get statistics and status | Metric APIs |
2>|Configuration | /loadbalancer/protocols | 2>|GET | 2>|Get supported protocols and algorithms | |
Extension API | unsupported | |||
2>|ApplicationProfile | /loadbalancer/extensions/applicationprofiles | 2>|CRUD | 2>|Manage loadbalancer applicationProfiles | 2>|VIP+Policy APIs |