Creating a Load Balancer
Please note that when creating load balancers of any type, the total project quota for load balancers is consumed.
Creating a Load Balancer in the Control Panel
Follow these steps to create a load balancer in an existing project in the Control panel:
-
Go to the Load balancers section in the project.
-
Click Create load balancer.
-
Enter the load balancer name. You can leave the automatically generated name.
-
Select the required pool.
-
Select the load balancer type depending on the load on the project – the Basic HA type will be selected by default.
-
Specify the load balancer IP address by selecting a subnet. The load balancer IP field will be filled with one of the available subnet addresses. Connect a public IP.
-
Add rule configurations for the load balancer. Learn more about basic rule configurations.
Please note that to create a load balancer, you just need to select the protocol and the port of the balancer and servers in a rule. All other rule configurations are filled in by default. You can change them after creating the balancer.
-
On the Servers tab in the rule block, select the servers that the rule traffic will be sent to.
-
If necessary, add other rules for the load balancer by clicking Add rule.
-
Check the cost and click Create load balancer.
Basic Rule Configurations
The main rule configurations that you can add in the Control panel are described below.
Protocol and Port
You can change the entered protocol and port for both the balancer and the server in each rule. The following are available:
- HTTP, HTTPS, UDP, TCP protocols for the load balancer;
- HTTP, HTTPS, UDP, TCP, PROXY protocols for servers.
Not all protocols are compatible with each other, and this is taken into consideration in the interface — it is impossible to select inappropriate protocols.
Standard ports are automatically assigned for the selected protocol. The set port value is shared by all servers.
Please note that you cannot change the protocols and ports of a rule in an operating load balancer; you can only recreate a rule with the necessary configurations.
SSL Certificate
To balance HTTPS traffic, it is recommended to add an SSL certificate to the rule so that the traffic is correctly recognized and distributed to the servers.
Adding an SSL certificate is required to configure the HTTPS → HTTP stream.
If HTTPS → HTTPS stream is selected and the SSL certificate is not uploaded, the data will be transmitted using PROXY protocol without decryption.
Please note that you can only add the SSL certificate when creating a rule. If the load balancer is deleted, the SSL certificate will be deleted together with it.
Servers
When creating a balancer, select the servers that you want to add to the rule. Specify the required IP if the server has several ports, and set server weight.
After creating a balancer, you can:
- assign the server a backup role — the server will not receive connections until all other rule servers fail;
- suspend — the server will not receive connections until it is returned to work manually;
- delete from the rule — the server will no longer participate in balancing, but will continue to work.
You can add new servers to the rule of an already working balancer by clicking Add server.
Balancing Algorithm
You can choose one of the two algorithms for distributing requests:
- Round Robin — a cyclical scheduling function: the first request is sent to one server, the second to another, and so on. Once the last server has been sent a request, the cycle starts anew;
- Least connections — this algorithm takes into consideration the number of active connections. Each subsequent request is sent to the server with the least number of active connections.
You can enable Sticky Sessions — an algorithm for distributing incoming requests whereby connections are forwarded to a same server. The session can be identified by:
-
APP-cookie — an already existing cookie that is set in the application code;
-
HTTP-cookie — a cookie that the balancer creates and attaches to the session;
-
Source IP — the client’s IP address is hashed and divided by the weight of each server in the rule to determine the server that will process requests.
Requests from the same client will always be passed to the same server. If the designated server is unavailable, the request will be forwarded to another one.
Availability Checks
You can set the configurations to check the connection to balanced servers.
Availability checks help the balancer to understand if one of the servers is out of order and cannot be used. If one server is unavailable, connections will be redirected to a working server.
Availability checks are enabled by default, but you can disable them on the Check tab. Please note that if checks are disabled, the server status will be NO MONITOR.
You can configure the following check parameters:
- check type: HTTP, HTTPS, PING, TCP, TLS-HELLO, UDP-CONNECT;
- the interval with which the balancer sends checking requests to the servers;
- connection timeout — how long a response from the destination takes. If there is no answer, the connection is lost as soon as this time has expired;
- you can configure URL and expected response codes for HTTP and HTTPS protocols;
- healthy threshold — the number of successive requests in a row, after which the server is put into operation state;
- unhealthy threshold — the number of unsuccessful requests in a row, after which the server operation is suspended.
Connections
You can set connection time configurations between:
- incoming requests and the balancer – indicate the connection timeout, and whether the number of connections is limited. When the number of connections is limited, you must specify the maximum number of requests.
- the balancer and servers – specify the connection timeout, inactivity timeout, and TCP packet wait timeout.
HTTP Headers
In regular mode, the balancer only transfers the original http request body to the server, replacing the client’s IP address with its own. Include the necessary types of additional headers in the request so that the servers receive this information for correct operation or analysis:
- X-Forwarded-For;
- X-Forwarded-Port;
- X-Forwarded-Proto.
Creating a Load Balancer through CLI
Learn more about getting started with the OpenStack CLI.
You need to install the Octavia client to work with the load balancers in OpenStack:
pip install python-octaviaclient
A basic HTTP load balancer with a public IP must be created on a private subnet.
If a subnet is not created, create a private network and a subnet in it:
openstack network create <network name>
openstack subnet create \
--network <network name> \
--subnet-range <CIDR subnet range> \
<subnet name>
Get the ID of the desired subnet by running the following the command:
openstack subnet list
Create a load balancer in a private subnet:
openstack loadbalancer create --name <loadbalancer name> --vip-subnet-id <subnet id>
Before running the following commands, make sure that the balancer is in the ONLINE and ACTIVE statuses:
openstack loadbalancer show <loadbalancer name>
An output example:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone | |
| created_at | 2021-03-19T10:08:53 |
| description | |
| flavor_id | None |
| id | a100ac36-d049-44ef-1321-1ae83c8961b1 |
| listeners | |
| name | loadbalancer |
| operating_status | ONLINE |
| pools | |
| project_id | 4ba4503045104d11aa9341a723bb01dd |
| provider | amphora |
| provisioning_status | ACTIVE |
| updated_at | 2021-03-19T10:15:16 |
| vip_address | 192.168.0.67 |
| vip_network_id | 300d229a-4ce2-1d7a-bb9e-ae535f7dc2da |
| vip_port_id | d0252a73-5961-4a4f-9338-3da74af34a32 |
| vip_qos_policy_id | None |
| vip_subnet_id | 39322111-5a16-4e1b-92f2-a0077c1bebfc |
| tags | |
+---------------------+--------------------------------------+
Learn more about load balancer components.
Create http_listener:
openstack loadbalancer listener create --name <listener name> --protocol HTTP --protocol-port 80 <loadbalancer name>
Create pool:
openstack loadbalancer pool create --name <pool name> --lb-algorithm ROUND_ROBIN --listener <listener name> --protocol HTTP
Create HTTP health monitor:
openstack loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type HTTP --url-path /healthcheck <pool name>
Add IP addresses from a private subnet to the pool (for example 192.168.0.3
and 192.168.0.4
):
openstack loadbalancer member create --subnet-id <subnet id> --address 192.168.0.3 --protocol-port 80 <pool name>
openstack loadbalancer member create --subnet-id <subnet id> --address 192.168.0.4 --protocol-port 80 <pool name>
View the vip_port_id
value of the load balancer by running:
openstack loadbalancer show <loadbalancer name>
Create a public IP address if it is not created yet:
openstack floating ip create external-network
View the floating_ip_id
value of the required public IP:
openstack floating ip list
Assign the floating_ip_id
public IP to the vip_port_id
load balancer port:
openstack floating ip set --port <loadbalancer vip port id> <floating ip id>
Creating a Load Balancer through Terraform
You can create load balancers through Terraform.
Use the GitHub example to create a project with multiple cloud servers and a load balancer.