Neutron offers a number of commands that can be used to create and manage virtual IPs, pools, pool members, and health monitors for load balancing purposes.
In version 1 of the LBaaS API, the pool is the root object to which all other load balancer resources are associated. The workflow to create a functional load balancer starts with creating a pool and then continues with creating and associating pool members, health monitors, and a virtual IP.
The following commands are used to manage pools in the CLI:
lb-pool-createlb-pool-deletelb-pool-listlb-pool-list-on-agentlb-pool-showlb-pool-statslb-pool-update
A pool is a set of devices, such as web servers, that are grouped together to receive and process traffic. When traffic is sent to a virtual IP, the load balancer sends a request to any of the servers that are members of this pool.
To create a pool, use the Neutron lb-pool-create command, as follows:
Usage: lb-pool-create [--tenant-id TENANT_ID] [--admin-state-down] [--description DESCRIPTION] --lb-method {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} --name <pool name> --protocol {HTTP,HTTPS,TCP} --subnet-id <subnet id>
Here, the --tenant-id flag is optional and allows you to associate the pool with the specified tenant.
The --admin-state-down attribute, when set, does not have any affect on the state of the pool. This is likely a bug or unimplemented feature.
The --lb-method attribute is used to specify the load balancing algorithm, which is used to distribute traffic among the pool members. Possible options include ROUND_ROBIN, LEAST_CONNECTIONS, or SOURCE_IP.
The --name attribute is used to specify a name for the pool.
The --protocol attribute is used to specify the type of traffic that the pool will balance. The HTTP and HTTPS protocols are used to balance nonsecure and secure web traffic, respectively. Use TCP for all other TCP traffic.
The subnet specified using the --subnet-id attribute should match the subnet of the pool members to be added to the pool.
To delete a load balancer pool, use the Neutron lb-pool-delete command, as follows:
Usage: lb-pool-delete POOL
Here, the keyword POOL represents the ID of the pool. Before a pool can be deleted, any associated virtual IP must be disassociated.
To obtain a list of the configured load balancer pools, use the Neutron lb-pool-list command, as follows:
Usage: lb-pool-list
In this command, the returned list includes details of the pools in the running tenant, such as the ID, name, load balancing method, protocol, admin state, and status.
To show the details of a pool, use the Neutron lb-pool-show command, as follows:
Usage: lb-pool-show POOL
Here, the keyword POOL represents the ID of the pool. Details returned include the admin state, description, ID, load balancing method, members, protocol, provider, status, subnet ID, tenant ID, VIP ID, and health monitors associated with the pool.
To display the statistics of a pool, use the Neutron lb-pool-stats command, as follows:
Usage: lb-pool-stats POOL
In the preceding command, the keyword POOL represents the ID of the pool. The statistics returned include the number of active connections, total bytes in, total bytes out, and total connections.
To update the attributes of a pool, use the Neutron lb-pool-update command, as follows:
Usage: lb-pool-update POOL [--description DESCRIPTION] [--lb-method {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP}]
The --lb-method attribute is used to specify the load balancing algorithm used to distribute traffic among pool members. Possible options include ROUND_ROBIN, LEAST_CONNECTIONS, or SOURCE_IP.
When a pool is created, it is scheduled to a load balancer agent. The idea is that multiple LBaaS agents can exist in an environment to provide high availability. To list the pools associated with an agent, use the Neutron lb-pool-list-on-agent command, as follows:
Usage: lb-pool-list-on-agent <agent id>
To determine the ID or name of the load balancing agents known to Neutron, use the Neutron agent-list command.
The following commands are used to manage pool members in the CLI:
lb-member-createlb-member-deletelb-member-listlb-member-showlb-member-update
To create a pool member, use the Neutron lb-member-create command, as follows:
Usage: lb-member-create [--tenant-id TENANT_ID] [--admin-state-down] [--weight WEIGHT] --address <IP addr of member> --protocol-port <application port number> POOL
Here, the --tenant-id flag is optional and allows you to associate the pool member with the specified tenant.
The --admin-state-down attribute is a Boolean that, when set to true, places the pool member administratively in a down state. In this state, a pool member is not eligible to receive traffic; they, therefore, default to an administrative up state.
The --weight attribute allows you to associate a weight with the pool member. When set, a pool member may receive more or less traffic than other members in the same pool. For example, a pool member with a weight of 2 will receive twice the traffic as a pool member with the weight of 1, a pool member with a weight of 3 will receive three times the traffic, and so on.
The --address attribute is required and used to specify the IP address of the pool member.
The --protocol-port attribute is required and used to specify the listening port of the application being balanced. For example, if you are balancing HTTP traffic, the listening port specified would be 80. For SSL traffic, the port specified would be 443. In most cases, the VIP associated with the pool utilizes the same application port number.
To delete a pool member, use the Neutron lb-member-delete command, as follows:
Usage: lb-member-delete MEMBER
Here, the keyword MEMBER represents the ID of the pool member to be deleted.
To obtain a list of pool members, use the Neutron lb-member-list command, as follows:
Usage: lb-member-list [--pool-id=<POOL ID>]
The returned list of pool members includes member details, such as the ID, address, protocol port, admin state, and status. Use --pool-id to return pool members in the specified pool only.
To show the details of a pool member, use the Neutron lb-member-show command, as follows:
Usage: lb-member-show MEMBER
In the preceding command, the keyword MEMBER represents the ID of the member to be shown. The returned details include the address, admin state, ID, pool ID, protocol port, status, description, tenant ID, and weight of the member.
LBaaS in Neutron provides the ability to monitor the health of pool members as a method of ensuring the availability of an application. If a pool member is not in a healthy state, Neutron can pull it out of rotation, limiting the impact of the issues between the client and application.
The following commands are used to manage health monitors in the CLI:
lb-healthmonitor-createlb-healthmonitor-deletelb-healthmonitor-associatelb-healthmonitor-disassociatelb-healthmonitor-listlb-healthmonitor-showlb-healthmonitor-update
To create a health monitor, use the Neutron lb-healthmonitor-create command, as follows:
Usage: lb-healthmonitor-create [--tenant-id TENANT_ID] [--admin-state-down] [--expected-codes EXPECTED_CODES] [--http-method HTTP_METHOD] [--url-path URL_PATH] --delay DELAY --max-retries MAX_RETRIES --timeout TIMEOUT --type {PING,TCP,HTTP,HTTPS}
In the preceding command, the --tenant-id flag is optional and allows you to associate the monitor with the specified tenant.
The --expected-codes attribute is optional, and allows you to specify the HTTP status code(s) that indicate a pool member is working as expected when the monitor sends an HTTP request to the pool member for the specified URL. For example, if a GET request for a URL is sent to a pool member, the server is expected to return a 200 OK status upon the successful retrieval of the page. If 200 is listed as an expected code, the monitor will mark the pool member as UP. As a result, the pool member will be eligible to receive connections. If a 500 status code were returned, it could indicate that the server is not properly processing connections. The health monitor would mark the pool member as DOWN and temporarily remove it from the pool. The default value is 200.
The --http-method attribute is optional and used in conjunction with --expected-codes and --url-path. It is used to specify the type of HTTP request being made. Common types include GET and POST. There is no validation of this attribute, which may allow users to create monitors that don't work as expected. The default value is GET.
The --url-path attribute is optional and used in conjunction with --expected-codes and --http-method. When specified, the system performs an HTTP request defined by --http-method for the URL against the pool member. The default value is root or /.
The --delay attribute is required and used to specify the period between each health check (in seconds). A common starting value is 5 seconds.
The --max-retries attribute is required and used to specify the maximum number of consecutive failures before a pool member is marked as DOWN. A common starting value is 3 retries.
The --timeout attribute is required and used to specify the number of seconds for a monitor to wait for a connection to be established. The value must be less than the delay value.
The --type attribute is required and used to specify the type of monitor being configured. The four types include:
- PING: The simplest of all monitor types, PING uses ICMP to confirm connectivity to pool members.
- TCP: This instructs the load balancer to send a TCP SYN packet to the pool member. Upon receiving a SYN ACK back, the load balancer resets the connection. This type of monitor is commonly referred to as a half-open TCP monitor.
- HTTP: This instructs the monitor to initiate an HTTP request to a pool member based on the
expected_codes,url_path, andhttp_methodattributes described here. - HTTPS: This instructs the monitor to initiate an HTTPS request to a pool member based on the
expected_codes,url_pathandhttp_methodattributes described here.
To delete a health monitor, use the Neutron lb-healthmonitor-delete command, as follows:
Usage: lb-healthmonitor-delete HEALTH_MONITOR
In the preceding command, the keyword HEALTH_MONITOR represents the ID of the health monitor to be deleted.
To associate a health monitor with a pool, use the Neutron lb-healthmonitor-associate command, as follows:
Usage: lb-healthmonitor-associate HEALTH_MONITOR_ID POOL
Here, the keyword POOL represents the ID of the pool to be associated with the monitor.
To disassociate a health monitor from a pool, use the Neutron lb-healthmonitor-disassociate command, as follows:
Usage: lb-healthmonitor-disassociate HEALTH_MONITOR_ID POOL
Here, the keyword POOL represents the ID of the pool to be disassociated from the monitor.
To obtain a list of health monitors, use the Neutron lb-healthmonitor-list command, as follows:
Usage: lb-healthmonitor-list
In this command, the list returned includes the ID, type, and admin status of all health monitors.
To show the details of a health monitor, use the Neutron lb-healthmonitor-show command, as shown in the following example:
Usage: lb-healthmonitor-show HEALTH_MONITOR
Here, the details returned include the delay, expected codes, HTTP method, ID, max retries, pools, tenant ID, timeout, type, and URL path.
The following commands are used to manage virtual IPs in the CLI:
lb-vip-createlb-vip-deletelb-vip-listlb-vip-showlb-vip-update
To create a virtual IP, use the Neutron lb-vip-create command, as follows:
Usage: lb-vip-create [--tenant-id TENANT_ID] [--address ADDRESS] [--admin-state-down] [--connection-limit CONNECTION_LIMIT] [--description DESCRIPTION] --name NAME --protocol-port PROTOCOL_PORT --protocol {TCP,HTTP,HTTPS} --subnet-id SUBNET POOL [--session-persistence type=TYPE]
Here, the --tenant-id flag is optional and allows you to associate the monitor with the specified tenant.
The --admin-state-down attribute, when set, does not have any affect on the state of the load balancer.
The --address attribute is optional and allows you to specify the IP address of the listener. A Neutron port will be created to reserve the address specified here.
The --connection-limit attribute is optional and allows you to define a connection limit on the virtual IP. Once the limit is reached, new client traffic will not be balanced.
The --name attribute is required and used to define the name of the virtual IP.
The --protocol-port attribute is required and used to specify the listening port of the application being balanced. For example, if you were balancing HTTP traffic, the port specified would be 80. For SSL traffic, the port specified here would be 443. In most cases, the pool associated with the virtual IP utilizes the same application port number.
The --protocol attribute is required and used to specify the type of traffic being load balanced. Options include TCP, HTTP, and HTTPS. This value must match the protocol of the associated pool.
The --subnet-id attribute is required and used to provide the proper network configuration of the load balancer. Every load balancer exists in its own network namespace, and the subnet specified here is what is used to configure networking within the namespace, including the IP address and default route.
The keyword POOL represents the pool to be balanced by this virtual IP.
The -–session-persistence attribute is optional and allows you to specify a method of persistence for clients connecting to the VIP. The placement of -–session-persistence within the command structure is important and can result in an error if placed before the pool name.
To enable SOURCE_IP or HTTP_COOKIE persistence, use the following syntax:
lb-vip-create ... POOL --session-persistence type=dict type=HTTP_COOKIE lb-vip-create ... POOL --session-persistence type=dict type=SOURCE_IP
To enable APP_COOKIE persistence, use the following syntax:
lb-vip-create ... POOL --session-persistence type=dict type=APP_COOKIE,cookie_name=<application cookie name>
Note
The preceding lb-vip-create examples should be entered as one line, but they may appear line-wrapped in the text. The persistence of APP_COOKIE requires the use of a specified cookie name that is unique to your application. A common example is the use of a JSESSIONID cookie in a JSP application.
To delete a virtual IP, use the Neutron lb-vip-delete command, as follows:
Usage: lb-vip-delete VIP
In the preceding command, the keyword VIP represents the ID of the virtual IP to be deleted.
To obtain a list of virtual IPs, use the Neutron lb-vip-list command, as follows:
Usage: lb-vip-list
The returned output includes a list of virtual IPs and details such as the ID, name, address, protocol, and state.
To show the details of a virtual IP, use the Neutron lb-vip-show command, as follows:
Usage: lb-vip-show VIP
The keyword VIP represents the ID of the virtual IP. Returned details include the address, connection limit, description, ID, name, pool ID, port ID, protocol, protocol port, status, subnet ID, and tenant ID.