Difference between revisions of "Neutron/LBaaS/LBaaS reuse option"
| Line 238: | Line 238: | ||
| − | '''How F5 BIG | + | '''How F5 BIG-IP gets configured''' |
| − | To translate | + | To translate this resource model to F5 Big-IP, user will: |
1. Create a set of profiles, which define the persitence, ssl, http configurations. | 1. Create a set of profiles, which define the persitence, ssl, http configurations. | ||
Revision as of 02:51, 12 October 2012
Resource Model
Top Objects
Top objects in the resource model focused around config re-use and enterprise-targeted feature set:
1. Virtual-server: A virtual server is a traffic-management object represented by a set of IP address and a service. Clients send application traffic to a virtual server, which then directs the traffic according to your configuration instructions.
2. Application-profile: An application profile contains the configuration to manage application-specific network traffic in a variety of ways, depending on the protocols and services being used. For example, you can configure SSL client certificates before passing requests on to a target server. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile.
3. Pool: A load balancing pool is a logical set of devices, such as web servers, that you group together to receive and process traffic.
4. Member: A pool member represents the application running on backend server.
5. Monitor: A health monitor can monitor the health or performance of either pool members or servers.
{{http://wiki.openstack.org/Quantum/LBaaS/LBaaS_reuse_option?action=AttachFile&do=get&target=lb_resource_model.JPG}}
ApplicationProfile Properties
This table illustrates the settings as part of ApplicationProfile. We can pre-define a set of profiles and user is able to create custom profile by inheriting from it.
| Categories |
| Global |
| Persistence |
| Application |
| Protocol |
| SSL |
Object Definition
This section illustrates the object scheme in JSON format by usng an example configuration:
1. 4x VirtualServers for HTTP, HTTPS, TCP and HTTP Redirection
2. 2x Pools, each has 2x members
3. 3x Monitors with different types
Note: As part of global configuration, user need to import the Certificates/Keys, Trust Client CAs and CRLs. In LoadBalancer configuration, user can specify SSL settings as part of ApplicationProfile by using the references to those objects.
{
"loadBalancer": {
"virtualServer": [
{
"id": "1",
"name": "http_lb",
"description": "virtualServer for http traffic",
"VirtualIps": { "ipAddress": "192.168.1.101" },
"protocol": "HTTP",
"port": "80",
"connectionLimit": "1000",
"rateLimit": "100",
"enabled": "true",
"applicationProfile": { "id": "1" },
"pool": { "id": "1" }
},
{
"name": "https_lb",
"description": "virtualServer for https traffic",
"VirtualIps": { "ipAddress": "192.168.1.101" },
"protocol": "HTTPS",
"port": "443",
"enabled": "true",
"applicationProfile": { "id": "2" },
"pool": { "id": "2" }
},
{
"name": "https_passthrough_lb",
"description": "virtualServer for https passthrough traffic",
"VirtualIps": { "ipAddress": "192.168.1.101" },
"protocol": "HTTPS",
"port": "443",
"enabled": "true",
"applicationProfile": { "id": "3" },
"pool": { "id": "2" }
},
{
"name": "tcp_lb",
"description": "virtualServer for tcp traffic",
"VirtualIps": { "ipAddress": "192.168.1.101" },
"protocol": "TCP",
"port": "8080",
"enabled": "true",
"applicationProfile": { "id": "3" },
"pool": { "id": "1" }
},
{
"name": "http_redirect_lb",
"description": "virtualServer for http redirection ",
"VirtualIps": { "ipAddress": "192.168.1.101" },
"protocol": "HTTP",
"port": "800",
"enabled": "true",
"applicationProfile": { "id": "4" }
}
],
"pool": [
{
"id": "1",
"name": "http-pool",
"description": "pool for http and https traffic",
"algorithm": "ROUND_ROBIN",
"healthMonitors": { "healthMonitor": "1" },
"member": [
{
"ipAddress": "192.168.4.103",
"weight": "10",
"port": "80",
"healthMonitors": {
"healthMonitor": { "id": "3" }
},
"connectionLimit": "100000",
"condition": "enabled"
},
{
"ipAddress": "192.168.4.104",
"weight": "11",
"port": "80"
}
]
},
{
"id": "2",
"name": "https-pool",
"description": "pool for http and https traffic",
"algorithm": "IP_HASH",
"healthMonitors": {
"healthMonitor": { "id": "2" }
},
"member": [
{
"ipAddress": "192.168.4.103",
"weight": "10",
"port": "80"
},
{
"ipAddress": "192.168.4.104",
"weight": "11",
"port": "80"
}
]
}
],
"applicationProfiles": {
"applicationProfile": [
{
"id": "1",
"name": "http_profile",
"insertXForwardedFor": "true",
"sessionPersistence": {
"method": "COOKIE",
"cookieName": "JSESSIONID",
"cookieMode": "INSERT"
}
},
{
"id": "2",
"name": "https_profile",
"persistence": {
"method": "COOKIE",
"cookieName": "JSESSIONID"
},
"sslPassthrough": "false",
"clientSsl": {
"verifyRequired": "false",
"serverCertificate": "server-cert-1",
"caCertificates": { "caCertificate": "ca-cert-1" },
"crlCertificates": { "crlCertificate": "crl" },
"ciphers": "AES256"
}
},
{
"id": "3",
"name": "ssl_profile",
"persistence": { "method": "SSL_SESSION_ID" },
"sslPassthrough": "true"
},
{
"id": "4",
"name": "http_redirection_profile",
"httpRedirect": { "destUrl": "https://www.company.com/login" }
}
]
},
"monitorService": {
"checkTimeout": "60",
"monitors": {
"monitor": [
{
"id": "1",
"type": "HTTP",
"interval": "10",
"timeout": "20",
"method": "GET",
"path": "/",
"expected": "\"200-204\""
},
{
"id": "2",
"type": "HTTPS",
"interval": "10",
"timeout": "20",
"method": "SSL"
},
{
"id": "3",
"type": "TCP",
"interval": "10",
"timeout": "30"
}
]
}
}
}
}
How F5 BIG-IP gets configured
To translate this resource model to F5 Big-IP, user will:
1. Create a set of profiles, which define the persitence, ssl, http configurations.
2. Create two virtualServers:
- a) VS_http: address 192.168.1.101, port 80, attach default http profile to this virtualserver, attach cookie persistence profile to this virtualserver.
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.
3. Create two pools:
- a) Pool_http: algorithm RR, add two members 192.168.4.103:80 + 192.168.4.104:80, attach predefined HTTP monitor to the pool
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103
4. Configure default pool for each VirtualServer:
- a) VS_http use Pool_http as the default pool
b. VS_https uses Pool_https as the default pool
API
This table lists the API exposed and comparison to eBay LBMS and Equilibrium LBaaS APIs:
| Loadbalancer API | eBay LBMS API | |||
| Category | URL | API | Details | API |
| VirtualServer | /loadbalancer/virtualservers | CRUD | Manage loadbalancer Virtual-Servers | VIP APIs |
| Pool | /loadbalancer/pools | CRUD | Manage loadbalancer Pools | Pool APIs |
| Member | /loadbalancer/pools/:poolid/members | CRUD | Manage the members under a Pool | Service APIs |
| ApplicationProfile | /loadbalancer/applicationprofiles | CRUD | Manage loadbalancer applicationProfiles | VIP+Policy APIs |
| Monitor | /loadbalancer/monitors | CRUD | Manage health monitors | Monitor APIs |
| Statistics | /loadbalancer/statistics | GET | Get statistics and status | Metric APIs |
| Configuration | /loadbalancer/protocols | GET | Get supported protocols and algorithms | |
