Difference between revisions of "Neutron/LBaaS/LBaaS reuse option"
m (ThierryCarrez moved page Quantum/LBaaS/LBaaS reuse option to Neutron/LBaaS/LBaaS reuse option) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | ||
= Resource Model = | = Resource Model = | ||
| − | |||
== Top Objects == | == Top Objects == | ||
| − | |||
Core objects in the resource model focused around config re-use and enterprise-targeted feature set: | Core objects in the resource model focused around config re-use and enterprise-targeted feature set: | ||
| − | 1. ''' | + | 1. '''VIP''': A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions. |
2. '''Pool''': A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic. | 2. '''Pool''': A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic. | ||
| Line 25: | Line 23: | ||
This table illustrates some settings as part of [[ApplicationProfile]]. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it. | This table illustrates some settings as part of [[ApplicationProfile]]. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it. | ||
{| border="1" cellpadding="2" cellspacing="0" | {| border="1" cellpadding="2" cellspacing="0" | ||
| − | | '''Categories''' | + | | '''Categories''' |
|- | |- | ||
| Global | | Global | ||
|- | |- | ||
| − | | | + | |<style="text-align:center" |3>|Application |
|- | |- | ||
|- | |- | ||
| Line 35: | Line 33: | ||
| Protocol | | Protocol | ||
|- | |- | ||
| − | | | + | |<style="text-align:center" |6>|SSL |
|- | |- | ||
|- | |- | ||
| Line 52: | Line 50: | ||
3. 3x Monitors with different types | 3. 3x Monitors with different types | ||
| − | '''Note:''' | + | '''Note:''' As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In [[LoadBalancer]] configuration, user can specify SSL settings as part of [[ApplicationProfile]] by using the references to those objects. |
| − | As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In [[LoadBalancer]] configuration, user can specify SSL settings as part of [[ApplicationProfile]] by using the references to those objects. | ||
| Line 97: | Line 94: | ||
"status": "ENABLED", | "status": "ENABLED", | ||
"poolId": "1", | "poolId": "1", | ||
| − | + | ||
}, | }, | ||
{ | { | ||
| Line 219: | Line 216: | ||
"name": "http_profile", | "name": "http_profile", | ||
"insertXForwardedFor": "true", | "insertXForwardedFor": "true", | ||
| − | + | ||
}, | }, | ||
{ | { | ||
| Line 290: | Line 287: | ||
} | } | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
'''How F5 BIG-IP gets configured''' | '''How F5 BIG-IP gets configured''' | ||
| Line 317: | Line 313: | ||
= API = | = API = | ||
| − | |||
This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs: | This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs: | ||
| − | |||
{| border="1" cellpadding="2" cellspacing="0" | {| border="1" cellpadding="2" cellspacing="0" | ||
| − | |colspan="4" |'''Loadbalancer API''' | + | |colspan="4" <style="text-align:center">|'''Loadbalancer API''' |
| − | | '''eBay LBMS API''' | + | | '''eBay LBMS API''' |
|- | |- | ||
| − | | ''Category'' | + | | ''Category'' |
| − | | ''URL'' | + | | ''URL'' |
| − | | ''API'' | + | | ''API'' |
| − | | ''Details'' | + | | ''Details'' |
| − | | ''API'' | + | | ''API'' |
|- | |- | ||
| − | | | + | |<style="text-align:center" |2>|VIP |
| − | | /loadbalancer/vips | + | | /loadbalancer/vips |
| − | | | + | |<style="text-align:center" |2>|CRUD |
| − | | | + | |<style="text-align:center" |2>|Manage loadbalancer VIPs |
| − | | | + | |<style="text-align:center" |2>|VIP APIs |
|- | |- | ||
|- | |- | ||
| − | | | + | |<style="text-align:center" |2>|Pool |
| − | | /loadbalancer/pools | + | | /loadbalancer/pools |
| − | | | + | |<style="text-align:center" |2>|CRUD |
| − | | | + | |<style="text-align:center" |2>|Manage loadbalancer Pools |
| − | | | + | |<style="text-align:center" |2>|Pool APIs |
|- | |- | ||
|- | |- | ||
| − | | | + | |<style="text-align:center" |2>|Member |
| − | | /loadbalancer/pools/:poolid/members | + | | /loadbalancer/pools/:poolid/members |
| − | | | + | |<style="text-align:center" |2>|CRUD |
| − | | | + | |<style="text-align:center" |2>|Manage the members under a Pool |
| − | | | + | |<style="text-align:center" |2>|Service APIs |
|- | |- | ||
|- | |- | ||
| − | | | + | |<style="text-align:center" |2>|[[HealthMonitor]] |
| − | | /loadbalancer/healthmonitors | + | | /loadbalancer/healthmonitors |
| − | | | + | |<style="text-align:center" |2>|CRUD |
| − | | | + | |<style="text-align:center" |2>|Manage health monitors |
| − | | | + | |<style="text-align:center" |2>|Monitor APIs |
|- | |- | ||
|- | |- | ||
| − | | Statistics | + | | Statistics |
| − | | /loadbalancer/pools/statistics | + | | /loadbalancer/pools/statistics |
| − | | GET | + | | GET |
| Get statistics and status | | Get statistics and status | ||
| Metric APIs | | Metric APIs | ||
|- | |- | ||
| − | | | + | |<style="text-align:center" |2>|Configuration |
| − | | /loadbalancer/protocols | + | | /loadbalancer/protocols |
| − | | | + | |<style="text-align:center" |2>|GET |
| − | | | + | |<style="text-align:center" |2>|Get supported protocols and algorithms |
|- | |- | ||
|- | |- | ||
| − | |colspan="4" |'''Extension API''' | + | |colspan="4" <style="text-align:center">|'''Extension API''' |
| − | | unsupported | + | | unsupported |
|- | |- | ||
| − | | | + | |<style="text-align:center" |2>|[[ApplicationProfile]] |
| − | | /loadbalancer/extensions/applicationprofiles | + | | /loadbalancer/extensions/applicationprofiles |
| − | | | + | |<style="text-align:center" |2>|CRUD |
| − | | | + | |<style="text-align:center" |2>|Manage loadbalancer applicationProfiles |
| − | | | + | |<style="text-align:center" |2>|VIP+Policy APIs |
|- | |- | ||
| + | |} | ||
Latest revision as of 15:54, 21 June 2013
Contents
Resource Model
Top Objects
Core objects in the resource model focused around config re-use and enterprise-targeted feature set:
1. VIP: A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions.
2. Pool: A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic.
3. Member: A pool member represents the application running on backend server.
4. Monitor: A health monitor can monitor the health or performance of either pool members or servers.
5. stats: A stats object indicates the traffic statistics for a specified pool
Extensions: The core resource model is extensible by associating other objects such as applicationProfile to the core resources.
1. Application-profile: An application profile contains the advanced configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.
{{http://wiki.openstack.org/LBaaS/CoreResourceModel/proposal?action=AttachFile&do=get&target=loadbalancer_resource_model_openstack_v2.JPG}}
ApplicationProfile Properties
This table illustrates some settings as part of ApplicationProfile. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.
| Categories |
| Global |
| 3>|Application |
| Protocol |
| 6>|SSL |
Object Definition
This section illustrates the object scheme in JSON format by usng an example configuration:
1. 5x VirtualServers for HTTP, HTTPS, SSL_passthrough, TCP and HTTP Redirection
2. 2x Pools, each has 2x members
3. 3x Monitors with different types
Note: As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In LoadBalancer configuration, user can specify SSL settings as part of ApplicationProfile by using the references to those objects.
{
"loadBalancer": {
"vip": [
{
"id": "1",
"name": "http_lb",
"description": "VIP for http traffic",
"networkID": "pubnwk-1",
"address": "192.168.1.101",
"protocol": "HTTP",
"port": "80",
"sessionPersistence": {
"method": "COOKIE",
"cookieName": "JSESSIONID",
"cookieMode": "INSERT"
},
"connectionLimit": "1000",
"applicationProfileId": "1",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1"
},
{
"id": "2",
"name": "https_lb",
"description": "virtualServerforhttpstraffic",
"address": "192.168.1.101",
"networkID": "pubnwk-1",
"protocol": "HTTPS",
"port": "443",
"sessionPersistence": {
"method": "COOKIE",
"cookieName": "JSESSIONID",
"cookieMode": "PREFIX"
},
"connectionLimit": "1000",
"applicationProfileId": "2",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1",
},
{
"id": "3",
"name": "https_passthrough_lb",
"description": "virtualServerforhttpspassthroughtraffic",
"address": "192.168.1.102",
"networkID": "pubnwk-1",
"protocol": "HTTPS",
"port": "443",
"sessionPersistence": {
"method": "SSL_SESSION_ID"
},
"connectionLimit": "1000",
"applicationProfileId": "3",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "2"
},
{
"id": "4",
"name": "tcp_lb",
"description": "virtualServerfortcptraffic",
"address": "192.168.1.101",
"networkID": "pubnwk-1",
"protocol": "TCP",
"port": "8080",
"sessionPersistence": {
"method": "SSL_SESSION_ID"
},
"connectionLimit": "1000",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1"
},
{
"5",
"name": "http_redirect_lb",
"description": "virtualServerforhttpredirection",
"address": "192.168.1.101",
"protocol": "HTTP",
"port": "800",
"connectionLimit": "1000",
"applicationProfileId": "4",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1"
}
],
"pool": [
{
"id": "1",
"name": "http-pool",
"description": "poolforhttpandhttpstraffic",
"lbMethod": "ROUND_ROBIN",
"healthMonitorIds": [
"1"
],
"adminState": "ENABLED",
"status": "ENABLED",
"member": [
{
"id": "1",
"ipAddress": "192.168.4.103",
"weight": "10",
"port": "80",
"healthMonitorIds": [
"3"
],
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "UP"
},
{
"id": "2",
"ipAddress": "192.168.4.104",
"weight": "20",
"port": "80",
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "DOWN"
}
]
},
{
"id": "2",
"name": "https-pool",
"description": "poolforhttpandhttpstraffic",
"lbMethod": "IP_HASH",
"healthMonitorIds": [
"2"
],
"adminState": "ENABLED",
"status": "ENABLED",
"member": [
{
"id": "1",
"ipAddress": "192.168.4.103",
"weight": "10",
"port": "443",
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "UP"
},
{
"id": "2",
"ipAddress": "192.168.4.104",
"weight": "20",
"port": "443",
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "UP"
}
]
}
],
"applicationProfiles": {
"applicationProfile": [
{
"id": "1",
"name": "http_profile",
"insertXForwardedFor": "true",
},
{
"id": "2",
"name": "https_profile",
"sslPassthrough": "false",
"clientSsl": {
"verifyRequired": "false",
"serverCertificate": "server-cert-1",
"caCertificates": {
"caCertificate": "ca-cert-1"
},
"crlCertificates": {
"crlCertificate": "crl"
},
"ciphers": "AES256"
}
},
{
"id": "3",
"name": "ssl_profile",
"sslPassthrough": "true"
},
{
"id": "4",
"name": "http_redirection_profile",
"httpRedirect": {
"destUrl": "https: //www.company.com/login"
}
}
]
},
"monitorService": {
"checkTimeout": "60",
"monitors": [
{
"id": "1",
"name": "http-monitor",
"type": "HTTP",
"delay": "1",
"interval": "10",
"timeout": "20",
"maxRetryAttempts": "3",
"method": "GET",
"path": "/",
"expected": "\"200-204\""
},
{
"id": "2",
"name": "https-monitor",
"type": "HTTPS",
"delay": "2",
"interval": "10",
"timeout": "20",
"maxRetryAttempts": "3",
"method": "SSL"
},
{
"id": "3",
"name": "tcp-monitor",
"type": "TCP",
"delay": "5",
"interval": "10",
"timeout": "30",
"maxRetryAttempts": "2"
}
]
}
}
}
How F5 BIG-IP gets configured
To translate this resource model to F5 Big-IP, user will:
1. Create a set of profiles, which define the persitence, ssl, http configurations.
2. Create two virtualServers:
- a) VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.
3. Create two pools:
- a) Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103
4. Configure default pool for each VirtualServer:
- a) VS_http use Pool_http as the default pool
b. VS_https uses Pool_https as the default pool
API
This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs:
| Loadbalancer API | eBay LBMS API | |||
| Category | URL | API | Details | API |
| 2>|VIP | /loadbalancer/vips | 2>|CRUD | 2>|Manage loadbalancer VIPs | 2>|VIP APIs |
| 2>|Pool | /loadbalancer/pools | 2>|CRUD | 2>|Manage loadbalancer Pools | 2>|Pool APIs |
| 2>|Member | /loadbalancer/pools/:poolid/members | 2>|CRUD | 2>|Manage the members under a Pool | 2>|Service APIs |
| 2>|HealthMonitor | /loadbalancer/healthmonitors | 2>|CRUD | 2>|Manage health monitors | 2>|Monitor APIs |
| Statistics | /loadbalancer/pools/statistics | GET | Get statistics and status | Metric APIs |
| 2>|Configuration | /loadbalancer/protocols | 2>|GET | 2>|Get supported protocols and algorithms | |
| Extension API | unsupported | |||
| 2>|ApplicationProfile | /loadbalancer/extensions/applicationprofiles | 2>|CRUD | 2>|Manage loadbalancer applicationProfiles | 2>|VIP+Policy APIs |
