Jump to: navigation, search

Difference between revisions of "Neutron/LBaaS/requirements"

< Neutron‎ | LBaaS
(User Requirements)
(User Requirements)
Line 7: Line 7:
 
|-
 
|-
 
! Requirement !! class="unsortable" | Description !! Priority* !! class="unsortable" | Blueprint Link
 
! Requirement !! class="unsortable" | Description !! Priority* !! class="unsortable" | Blueprint Link
 +
|-
 +
| Multiple Vips per Pool || A load balancer should be able to configure multiple tcp endpoints (Vips) for single IP address that point to the same pool of nodes || High ||
 
|-
 
|-
 
| High Availability || A load balancer shall have the ability to fail-over in the event of a network outage, network degradation or device failure. || High || https://blueprints.launchpad.net/neutron/+spec/lbaas-ha-agent https://blueprints.launchpad.net/neutron/+spec/lbaas-ha-haproxy
 
| High Availability || A load balancer shall have the ability to fail-over in the event of a network outage, network degradation or device failure. || High || https://blueprints.launchpad.net/neutron/+spec/lbaas-ha-agent https://blueprints.launchpad.net/neutron/+spec/lbaas-ha-haproxy

Revision as of 11:54, 24 March 2014

Neutron LBaaS Requirements

Overview

Every cloud operator, vendor, etc. that wants load balancing as a service (LBaaS) has a different view on what load balancing is and how it should work. The goal of this page is to list overall requirements and use cases for the Neutron LBaaS plugin in an effort to concretely understand everyone's view on what load balancing is and how it should work. Furthermore, ranking requirements in terms of priority should also aid in determining the focus of current design and development efforts. This page should also help newcomers to the project understand where current efforts are being placed and why certain areas are not being worked on. If requirements can be created in a prioritized fashion, hopefully all participants in the project can understand expectations and maintain focus in an effort to have a more efficient development experience.

User Requirements

Requirement Description Priority* Blueprint Link
Multiple Vips per Pool A load balancer should be able to configure multiple tcp endpoints (Vips) for single IP address that point to the same pool of nodes High
High Availability A load balancer shall have the ability to fail-over in the event of a network outage, network degradation or device failure. High https://blueprints.launchpad.net/neutron/+spec/lbaas-ha-agent https://blueprints.launchpad.net/neutron/+spec/lbaas-ha-haproxy
IPv4 & IPv6 Address Support A load balancer shall have the ability to simultaneously load balancer both IPv4 and IPv6 traffic. Low
L7 switching A load balancer shall have the ability to steer traffic based on L7 content rules. High https://blueprints.launchpad.net/neutron/+spec/lbaas-l7-rules https://blueprints.launchpad.net/neutron/+spec/lbaas-l7-rules-haproxy
SSL Termination A load balancer shall have the ability to terminate SSL traffic at the load balancer and support versions up to TLS 1.2
  • Private Key Management
  • HTTP to HTTPS Redirection
  • Ability to force HTTPS over HTTP
  • Cipher Support For:
    • ECDH+AESGCM
    • DH+AESGCM
    • ECDH+AES256
    • DH+AES256
    • ECDH+AES128
    • DH+AES
    • ECDH+3DES
    • DH+3DES
    • RSA+AESGCM
    • RSA+AES
    • RSA+3DES
  • Option to force a specific version of SSL (SSLv3, TLS 1.0, TLS 1.1, or TLS 1.2)
High https://blueprints.launchpad.net/neutron/+spec/lbaas-haproxy-ssl https://blueprints.launchpad.net/neutron/+spec/lbaas-ssl-termination https://blueprints.launchpad.net/neutron/+spec/lbaas-ssl-barbican
Server Name Indication (SNI) Support A load balancer shall have the ability to support multiple SSL certificates on a single HTTPS listener per the SNI protocol  ?
HTTP Protocol Support The load balancer shall have the ability to load balance HTTP traffic. Done
HTTPS Protocol Support The load balancer shall have the ability to load balance HTTPS traffic. Done w/o termination
TCP Protocol Support The load balancer shall have the ability to load balance TCP traffic. Done
Static IP Addresses The load balancer shall have the ability to serve traffic over a static IP address.  ?
Round Robin Algorithm The load balancer shall have the ability to serve traffic to back-end nodes in a round robin fashion. Done
URI Algorithm The load balancer shall have the ability to serve traffic to back-end node pools based on specific URIs. L7?
Least Connections Algorithm The load balancer shall have the ability to serve traffic to back-end nodes such that the node with the least number of connections receives traffic first. Done
Active/Passive Failover In the event of node pool failure the load balancer shall have the ability to redirect traffic to a standby node pool.  ?
Health Check Monitoring The load balancer shall have the ability to monitor the health of nodes and automatically remove/add them from/in rotation. Health Checks to consider include:
  • HTTP Checks
  • HTTPS Checks
  • MySql Checks
  • TCP Checks
  • ICMP Checks
Done (exc MySql)
IP Access Control The load balancer shall have the ability to control access to the underlying nodes based on IPv4 and IPv6 addresses. The user shall be able to specify this in a whitelist/blacklist fashion.  ?
Session Persistence The load balancer shall have the ability to direct traffic to the same node by using cookie-based sessions or ip addresses. Done
Connection Logging All connections through the load balancer shall be logged and stored for later retrieval. Low
Logging offload All access and error logs for the load balancer shall be automatically offloaded to a logging service Low
Statistics The Neutron LBaaS API shall expose the following real-time performance statistics:
  • Aggregate & Per-Server Connections Per Second (Current and Max)
  • Aggregate & Per-Server Concurrent Connections (Current, Max, and Total)
  • Aggregate & Per-Server Network Traffic (Bytes In and Bytes Out)
Done (currently - per Pool, will be per VIP)

*Priority is ranked 1 through 10 where 1 is the highest priority.

User Use Cases

  • TODO: Need user use cases

Operator Requirements

Requirement Description Priority* Blueprint Link
Scalability The system shall be able to scale to an indefinite number of load balancers. High
DDoS Mitigation Tools The system shall have tools to address DDoS attacks. Medium
Diagnostic instrumentation The system shall have sufficient instrumentation to troubleshoot typical operational problems (eg. tools are sufficient to pin-point failures in infrastructure, overloading or hot-spots, etc.)  ?

*Priority is ranked 1 through 10 where 1 is the highest priority.

Operator Use Cases

  • TODO: Need operator use cases