Difference between revisions of "Neutron/LBaaS/LBaaS reuse option"
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
= Resource Model = | = Resource Model = | ||
+ | |||
+ | == Top Objects == | ||
+ | |||
Top objects in the resource model focused around config re-use and enterprise-targeted feature set: | Top objects in the resource model focused around config re-use and enterprise-targeted feature set: | ||
Line 13: | Line 16: | ||
5. '''Monitor''': A health monitor can monitor the health or performance of either pool members or servers. | 5. '''Monitor''': A health monitor can monitor the health or performance of either pool members or servers. | ||
− | + | {{lb_resource_model.JPG}} | |
+ | |||
+ | == [[ApplicationProfile]] Properties == | ||
+ | This table illustrates the settings as part of [[ApplicationProfile]]. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it. | ||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | '''Categories''' | ||
+ | |- | ||
+ | | Global | ||
+ | |- | ||
+ | |rowspan="6" | Persistence | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |rowspan="3" | Application | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | | Protocol | ||
+ | |- | ||
+ | |rowspan="6" | SSL | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |- | ||
+ | |} | ||
= Object Definition = | = Object Definition = | ||
Line 23: | Line 54: | ||
3. 3x Monitors with different types | 3. 3x Monitors with different types | ||
+ | |||
+ | '''Note:''' | ||
+ | As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In [[LoadBalancer]] configuration, user can specify SSL settings as part of [[ApplicationProfile]] by using the references to those objects. | ||
Line 202: | Line 236: | ||
} | } | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | |||
+ | |||
+ | '''How F5 BIG does''' | ||
+ | |||
+ | To translate new model to F5, user will: | ||
+ | |||
+ | 1. Create a set of profiles, which define the persitence, ssl, http configurations. | ||
+ | |||
+ | 2. Create two virtualServers: | ||
+ | |||
+ | * '''a)''' VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver. | ||
+ | |||
+ | b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver. | ||
+ | |||
+ | 3. Create two pools: | ||
+ | |||
+ | * '''a)''' Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool | ||
+ | |||
+ | b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103 | ||
+ | |||
+ | 4. Configure default pool for each [[VirtualServer]]: | ||
+ | |||
+ | * '''a)''' VS_http use Pool_http as the default pool | ||
+ | |||
+ | b. VS_https uses Pool_https as the default pool | ||
+ | |||
+ | = Loadbalancer API = | ||
+ | This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs: | ||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | |colspan="4" |'''Loadbalancer API''' | ||
+ | | '''eBay LBMS API''' | ||
+ | |- | ||
+ | | ''Category'' | ||
+ | | ''URL'' | ||
+ | | ''API'' | ||
+ | | ''Details'' | ||
+ | | ''API'' | ||
+ | |- | ||
+ | |rowspan="2" |[[VirtualServer]] | ||
+ | | /loadbalancer/virtualservers | ||
+ | |rowspan="2" |CRUD | ||
+ | |rowspan="2" |Manage loadbalancer Virtual-Servers | ||
+ | |rowspan="2" |VIP APIs | ||
+ | |- | ||
+ | |- | ||
+ | |rowspan="2" |Pool | ||
+ | | /loadbalancer/pools | ||
+ | |rowspan="2" |CRUD | ||
+ | |rowspan="2" |Manage loadbalancer Pools | ||
+ | |rowspan="2" |Pool APIs | ||
+ | |- | ||
+ | |- | ||
+ | |rowspan="2" |Member | ||
+ | | /loadbalancer/pools/:poolid/members | ||
+ | |rowspan="2" |CRUD | ||
+ | |rowspan="2" |Manage the members under a Pool | ||
+ | |rowspan="2" |Service APIs | ||
+ | |- | ||
+ | |- | ||
+ | |rowspan="2" |[[ApplicationProfile]] | ||
+ | | /loadbalancer/applicationprofiles | ||
+ | |rowspan="2" |CRUD | ||
+ | |rowspan="2" |Manage loadbalancer applicationProfiles | ||
+ | |rowspan="2" |VIP+Policy APIs | ||
+ | |- | ||
+ | |- | ||
+ | |rowspan="2" |Monitor | ||
+ | | /loadbalancer/monitors | ||
+ | |rowspan="2" |CRUD | ||
+ | |rowspan="2" |Manage health monitors | ||
+ | |rowspan="2" |Monitor APIs | ||
+ | |- | ||
+ | |- | ||
+ | | Statistics | ||
+ | | /loadbalancer/statistics | ||
+ | | GET | ||
+ | | Get statistics and status | ||
+ | | Metric APIs | ||
+ | |- | ||
+ | |rowspan="2" |Configuration | ||
+ | | /loadbalancer/protocols | ||
+ | |rowspan="2" |GET | ||
+ | |rowspan="2" |Get supported protocols and algorithms | ||
+ | |- |
Revision as of 02:41, 12 October 2012
Resource Model
Top Objects
Top objects in the resource model focused around config re-use and enterprise-targeted feature set:
1. Virtual-server: A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions.
2. Application-profile: An application profile contains the configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.
3. Pool: A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic.
4. Member: A pool member represents the application running on backend server.
5. Monitor: A health monitor can monitor the health or performance of either pool members or servers.
Template:Lb resource model.JPG
ApplicationProfile Properties
This table illustrates the settings as part of ApplicationProfile. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.
Categories |
Global |
Persistence |
Application |
Protocol |
SSL |
Object Definition
This section illustrates the object scheme in JSON format by usng an example configuration:
1. 4x VirtualServers for HTTP, HTTPS, TCP and HTTP Redirection
2. 2x Pools, each has 2x members
3. 3x Monitors with different types
Note: As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In LoadBalancer configuration, user can specify SSL settings as part of ApplicationProfile by using the references to those objects.
{ "loadBalancer": { "virtualServer": [ { "id": "1", "name": "http_lb", "description": "virtualServer for http traffic", "VirtualIps": { "ipAddress": "192.168.1.101" }, "protocol": "HTTP", "port": "80", "connectionLimit": "1000", "rateLimit": "100", "enabled": "true", "applicationProfile": { "id": "1" }, "pool": { "id": "1" } }, { "name": "https_lb", "description": "virtualServer for https traffic", "VirtualIps": { "ipAddress": "192.168.1.101" }, "protocol": "HTTPS", "port": "443", "enabled": "true", "applicationProfile": { "id": "2" }, "pool": { "id": "2" } }, { "name": "https_passthrough_lb", "description": "virtualServer for https passthrough traffic", "VirtualIps": { "ipAddress": "192.168.1.101" }, "protocol": "HTTPS", "port": "443", "enabled": "true", "applicationProfile": { "id": "3" }, "pool": { "id": "2" } }, { "name": "tcp_lb", "description": "virtualServer for tcp traffic", "VirtualIps": { "ipAddress": "192.168.1.101" }, "protocol": "TCP", "port": "8080", "enabled": "true", "applicationProfile": { "id": "3" }, "pool": { "id": "1" } }, { "name": "http_redirect_lb", "description": "virtualServer for http redirection ", "VirtualIps": { "ipAddress": "192.168.1.101" }, "protocol": "HTTP", "port": "800", "enabled": "true", "applicationProfile": { "id": "4" } } ], "pool": [ { "id": "1", "name": "http-pool", "description": "pool for http and https traffic", "algorithm": "ROUND_ROBIN", "healthMonitors": { "healthMonitor": "1" }, "member": [ { "ipAddress": "192.168.4.103", "weight": "10", "port": "80", "healthMonitors": { "healthMonitor": { "id": "3" } }, "connectionLimit": "100000", "condition": "enabled" }, { "ipAddress": "192.168.4.104", "weight": "11", "port": "80" } ] }, { "id": "2", "name": "https-pool", "description": "pool for http and https traffic", "algorithm": "IP_HASH", "healthMonitors": { "healthMonitor": { "id": "2" } }, "member": [ { "ipAddress": "192.168.4.103", "weight": "10", "port": "80" }, { "ipAddress": "192.168.4.104", "weight": "11", "port": "80" } ] } ], "applicationProfiles": { "applicationProfile": [ { "id": "1", "name": "http_profile", "insertXForwardedFor": "true", "sessionPersistence": { "method": "COOKIE", "cookieName": "JSESSIONID", "cookieMode": "INSERT" } }, { "id": "2", "name": "https_profile", "persistence": { "method": "COOKIE", "cookieName": "JSESSIONID" }, "sslPassthrough": "false", "clientSsl": { "verifyRequired": "false", "serverCertificate": "server-cert-1", "caCertificates": { "caCertificate": "ca-cert-1" }, "crlCertificates": { "crlCertificate": "crl" }, "ciphers": "AES256" } }, { "id": "3", "name": "ssl_profile", "persistence": { "method": "SSL_SESSION_ID" }, "sslPassthrough": "true" }, { "id": "4", "name": "http_redirection_profile", "httpRedirect": { "destUrl": "https://www.company.com/login" } } ] }, "monitorService": { "checkTimeout": "60", "monitors": { "monitor": [ { "id": "1", "type": "HTTP", "interval": "10", "timeout": "20", "method": "GET", "path": "/", "expected": "\"200-204\"" }, { "id": "2", "type": "HTTPS", "interval": "10", "timeout": "20", "method": "SSL" }, { "id": "3", "type": "TCP", "interval": "10", "timeout": "30" } ] } } } }
How F5 BIG does
To translate new model to F5, user will:
1. Create a set of profiles, which define the persitence, ssl, http configurations.
2. Create two virtualServers:
- a) VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.
3. Create two pools:
- a) Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103
4. Configure default pool for each VirtualServer:
- a) VS_http use Pool_http as the default pool
b. VS_https uses Pool_https as the default pool
Loadbalancer API
This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs:
Loadbalancer API | eBay LBMS API | |||
Category | URL | API | Details | API |
VirtualServer | /loadbalancer/virtualservers | CRUD | Manage loadbalancer Virtual-Servers | VIP APIs |
Pool | /loadbalancer/pools | CRUD | Manage loadbalancer Pools | Pool APIs |
Member | /loadbalancer/pools/:poolid/members | CRUD | Manage the members under a Pool | Service APIs |
ApplicationProfile | /loadbalancer/applicationprofiles | CRUD | Manage loadbalancer applicationProfiles | VIP+Policy APIs |
Monitor | /loadbalancer/monitors | CRUD | Manage health monitors | Monitor APIs |
Statistics | /loadbalancer/statistics | GET | Get statistics and status | Metric APIs |
Configuration | /loadbalancer/protocols | GET | Get supported protocols and algorithms |