Jump to: navigation, search

Difference between revisions of "Neutron/LBaaS/Usecases"

< Neutron‎ | LBaaS
(Feature Requests)
Line 85: Line 85:
 
* Anycast route injection based on overall VIP health
 
* Anycast route injection based on overall VIP health
 
* Source IP address transparent to real servers
 
* Source IP address transparent to real servers
 +
* Ability to pass any vendor specific data for l2 and l3 dsr

Revision as of 14:27, 3 April 2014

This page is dedicated to track operator's data on how users utilize load balancing. What their deployments/configurations look like.

Uses cases

SSL Termination

This has already been proposed and in the process of being accepted. Neutron/LBaaS/SSL.

Ability to upload and apply the SSL certificates to VIP.

L7 Scriptability

Define a flexible API which allows for L7 Scripting.

  • Ability to insert Certificate Information into HTTP Headers.
  • SSL client authentication with OCSP (Online Certificate Status Protocol).

High Availability

Ability to define an active/active or active/standby cluster of load balancers. This will be realized differently depending on the backend driver. For example Citrix implements this with a middlewear API server [| Netscaler Control Center].

Ability to find whether Loadbalancer is configured as HA Pair, If HA, need a way to find Active LB and apply changes only on it first and on successful completion, sync configuration to Stand-by LB

Service VMs

Would it make sense to take advantage of these blueprints as it relates to LBaaS?

Health Monitor

Health Monitor for DNS (Current requirement page lists only HTTP/HTTPS/TCP/ICMP etc)

Stats

Stats for each pool associated with the VIP as well as aggregated stats.

Ability to list vip, service groups and servers with their status (UP/Down etc)

Pool Members

Service Down Page / Backup Server(s)

The ability to mark a member or members as backups to be used only when all other pool members are down. (https://bugs.launchpad.net/neutron/+bug/1241759) This lets you setup an "apology" server.

Note: If the need is for an "apology" message where all servers are down, than this should be the requirement. A backup server is one way to implement it This should also be a "tenant" requirement.

kfox1111 - For our use case, the apology server would be too complicated to be just an apology feature of the load balancer I think. Differnet parts of the server need different pages. But I can see for simple use cases, being able to load a couple of files (css,html,image) into lbaas and have it deal with apology itself might be nice. Another use case is apology ssh servers. I want to set up a ssh server with a banner saying things are down and not permitting login. Probably a feature that should not be provided by the load balancer then?

Connection Rate Limiting

Ability to define and apply connection rate-limit per vip, vip port, individual server/server-port with option to set actions like drop, log etc.

Ability to define and apply maximum allowed connection to a vip or server (eg: conn-limit in A10)

Vendor Passthrough

Will there always be a standardized API no matter which backend driver is used? How do we account for functionality in Netscaler that may not exist in HAProxy (contrived example)?

User priorities

  • kfox1111 - Most useful to us: High Availability, Backup Servers. Least useful Service VM's for load balancing (Our setup has 10gig network nodes and 1 gig compute nodes. haproxy on network nodes therefore greatly pereferable)

Integration with Metering

Usage metering collection

Monitoring

Loadbalancer are monitored to make sure they work


Feature Requests

  • Ability to define Source NAT (define nat-pool etc.) and to apply nat-pool to VIP
  • TCP and UDP session idle-timeout options and ability to apply this to VIP or Server
  • Ability to upload and apply the SSL certificates to VIP
  • Support for other load balancer algorithms (eg: service-least-connection in A10)
  • LB statistics and notification to be available for ceilometer
  • Option to pass proprietory LB commands to the driver
  • Anycast route injection based on overall VIP health
  • Source IP address transparent to real servers
  • Ability to pass any vendor specific data for l2 and l3 dsr