Difference between revisions of "Neutron/LBaaS/Usecases"
(→Feature Requests) |
|||
(24 intermediate revisions by 7 users not shown) | |||
Line 6: | Line 6: | ||
This has already been proposed and in the process of being accepted. [[Neutron/LBaaS/SSL]]. | This has already been proposed and in the process of being accepted. [[Neutron/LBaaS/SSL]]. | ||
+ | |||
+ | Ability to upload and apply the SSL certificates to VIP. | ||
== L7 Scriptability == | == L7 Scriptability == | ||
Define a flexible API which allows for L7 Scripting. | Define a flexible API which allows for L7 Scripting. | ||
+ | |||
+ | * Ability to insert [http://support.citrix.com/article/CTX114461|Client Certificate Information] into HTTP Headers. | ||
+ | * SSL client authentication with OCSP (Online Certificate Status Protocol). | ||
== High Availability == | == High Availability == | ||
− | Ability to define an active/active or active/standby cluster of load balancers. This will be realized differently depending on the backend driver. For example Citrix implements this with a middlewear API server [[http://www.vmware.com/files/pdf/products/nsx/vmw-nsx-netscaler-solution-brief.pdf| Netscaler Control Center]]. | + | Ability to define an active/active or active/standby cluster of load balancers. This will be realized differently depending on the backend driver. For example Citrix implements this with a middlewear API server [[http://www.vmware.com/files/pdf/products/nsx/vmw-nsx-netscaler-solution-brief.pdf | Netscaler Control Center]]. |
+ | |||
+ | Ability to find whether Loadbalancer is configured as HA Pair, If HA, need a way to find Active LB and apply changes only on it first and on successful completion, sync configuration to Stand-by LB | ||
== Service VMs == | == Service VMs == | ||
Line 21: | Line 28: | ||
* https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms | * https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms | ||
* https://blueprints.launchpad.net/neutron/+spec/dynamic-network-resource-mgmt | * https://blueprints.launchpad.net/neutron/+spec/dynamic-network-resource-mgmt | ||
+ | |||
+ | == Health Monitor == | ||
+ | |||
+ | Health Monitor for DNS (Current requirement page lists only HTTP/HTTPS/TCP/ICMP etc) | ||
+ | |||
+ | == Stats == | ||
+ | |||
+ | Stats for each pool associated with the VIP as well as aggregated stats. | ||
+ | |||
+ | Ability to list vip, service groups and servers with their status (UP/Down etc) | ||
+ | |||
+ | == Pool Members == | ||
+ | |||
+ | === Service Down Page / Backup Server(s) === | ||
+ | |||
+ | The ability to mark a member or members as backups to be used only when all other pool members are down. (https://bugs.launchpad.net/neutron/+bug/1241759) | ||
+ | This lets you setup an "apology" server. | ||
+ | |||
+ | '''Note:''' If the need is for an "apology" message where all servers are down, than this should be the requirement. A backup server is one way to implement it | ||
+ | This should also be a "tenant" requirement. | ||
+ | |||
+ | kfox1111 - | ||
+ | For our use case, the apology server would be too complicated to be just an apology feature of the load balancer I think. Differnet parts of the server need different pages. | ||
+ | But I can see for simple use cases, being able to load a couple of files (css,html,image) into lbaas and have it deal with apology itself might be nice. | ||
+ | Another use case is apology ssh servers. I want to set up a ssh server with a banner saying things are down and not permitting login. Probably a feature that should not be provided by the load balancer then? | ||
+ | |||
+ | == Connection Rate Limiting == | ||
+ | Ability to define and apply connection rate-limit per vip, vip port, individual server/server-port with option to set actions like drop, log etc. | ||
+ | |||
+ | Ability to define and apply maximum allowed connection to a vip or server (eg: conn-limit in A10) | ||
== Vendor Passthrough == | == Vendor Passthrough == | ||
− | Will there always be a standardized API no matter which backend driver is used? How do we account for functionality | + | Will there always be a standardized API no matter which backend driver is used? How do we account for functionality in Netscaler that may not exist in HAProxy (contrived example)? |
+ | |||
+ | == User priorities == | ||
+ | * kfox1111 - Most useful to us: High Availability, Backup Servers. Least useful Service VM's for load balancing (Our setup has 10gig network nodes and 1 gig compute nodes. haproxy on network nodes therefore greatly pereferable) | ||
+ | |||
+ | == Integration with Metering == | ||
+ | |||
+ | Usage metering collection | ||
+ | |||
+ | == Monitoring == | ||
+ | |||
+ | Loadbalancer are monitored to make sure they work | ||
+ | |||
+ | |||
+ | == Feature Requests == | ||
+ | |||
+ | * Ability to define Source NAT (define nat-pool etc.) and to apply nat-pool to VIP | ||
+ | * TCP and UDP session idle-timeout options and ability to apply this to VIP or Server | ||
+ | * Ability to upload and apply the SSL certificates to VIP | ||
+ | * Support for other load balancer algorithms (eg: service-least-connection in A10) | ||
+ | * LB statistics and notification to be available for ceilometer | ||
+ | * Option to pass proprietory LB commands to the driver | ||
+ | * Anycast route injection to the upstream router based on overall VIP health. Need a way to pass this option to the driver -- (Priority - High) | ||
+ | * Source IP address transparent to real servers | ||
+ | * Ability to pass any vendor specific data for l2 and l3 dsr |
Latest revision as of 15:38, 8 May 2014
This page is dedicated to track operator's data on how users utilize load balancing. What their deployments/configurations look like.
Contents
Uses cases
SSL Termination
This has already been proposed and in the process of being accepted. Neutron/LBaaS/SSL.
Ability to upload and apply the SSL certificates to VIP.
L7 Scriptability
Define a flexible API which allows for L7 Scripting.
- Ability to insert Certificate Information into HTTP Headers.
- SSL client authentication with OCSP (Online Certificate Status Protocol).
High Availability
Ability to define an active/active or active/standby cluster of load balancers. This will be realized differently depending on the backend driver. For example Citrix implements this with a middlewear API server [| Netscaler Control Center].
Ability to find whether Loadbalancer is configured as HA Pair, If HA, need a way to find Active LB and apply changes only on it first and on successful completion, sync configuration to Stand-by LB
Service VMs
Would it make sense to take advantage of these blueprints as it relates to LBaaS?
- https://blueprints.launchpad.net/neutron/+spec/adv-services-in-vms
- https://blueprints.launchpad.net/neutron/+spec/dynamic-network-resource-mgmt
Health Monitor
Health Monitor for DNS (Current requirement page lists only HTTP/HTTPS/TCP/ICMP etc)
Stats
Stats for each pool associated with the VIP as well as aggregated stats.
Ability to list vip, service groups and servers with their status (UP/Down etc)
Pool Members
Service Down Page / Backup Server(s)
The ability to mark a member or members as backups to be used only when all other pool members are down. (https://bugs.launchpad.net/neutron/+bug/1241759) This lets you setup an "apology" server.
Note: If the need is for an "apology" message where all servers are down, than this should be the requirement. A backup server is one way to implement it This should also be a "tenant" requirement.
kfox1111 - For our use case, the apology server would be too complicated to be just an apology feature of the load balancer I think. Differnet parts of the server need different pages. But I can see for simple use cases, being able to load a couple of files (css,html,image) into lbaas and have it deal with apology itself might be nice. Another use case is apology ssh servers. I want to set up a ssh server with a banner saying things are down and not permitting login. Probably a feature that should not be provided by the load balancer then?
Connection Rate Limiting
Ability to define and apply connection rate-limit per vip, vip port, individual server/server-port with option to set actions like drop, log etc.
Ability to define and apply maximum allowed connection to a vip or server (eg: conn-limit in A10)
Vendor Passthrough
Will there always be a standardized API no matter which backend driver is used? How do we account for functionality in Netscaler that may not exist in HAProxy (contrived example)?
User priorities
- kfox1111 - Most useful to us: High Availability, Backup Servers. Least useful Service VM's for load balancing (Our setup has 10gig network nodes and 1 gig compute nodes. haproxy on network nodes therefore greatly pereferable)
Integration with Metering
Usage metering collection
Monitoring
Loadbalancer are monitored to make sure they work
Feature Requests
- Ability to define Source NAT (define nat-pool etc.) and to apply nat-pool to VIP
- TCP and UDP session idle-timeout options and ability to apply this to VIP or Server
- Ability to upload and apply the SSL certificates to VIP
- Support for other load balancer algorithms (eg: service-least-connection in A10)
- LB statistics and notification to be available for ceilometer
- Option to pass proprietory LB commands to the driver
- Anycast route injection to the upstream router based on overall VIP health. Need a way to pass this option to the driver -- (Priority - High)
- Source IP address transparent to real servers
- Ability to pass any vendor specific data for l2 and l3 dsr