Neutron offers a number of commands that can be used to create and manage virtual IPs, pools, pool members, and health monitors for load balancing purposes.
In version 1 of the LBaaS API, the pool is the root object to which all other load balancer resources are associated. The workflow to create a functional load balancer starts with creating a pool and then continues with creating and associating pool members, health monitors, and a virtual IP.
The following commands are used to manage pools in the CLI:
lb-pool-create
lb-pool-delete
lb-pool-list
lb-pool-list-on-agent
lb-pool-show
lb-pool-stats
lb-pool-update
A pool is a set of devices, such as web servers, that are grouped together to receive and process traffic. When traffic is sent to a virtual IP, the load balancer sends a request to any of the servers that are members of this pool.
To create a pool, use the Neutron lb-pool-create
command, as follows:
Usage: lb-pool-create [--tenant-id TENANT_ID] [--admin-state-down] [--description DESCRIPTION] --lb-method {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP} --name <pool name> --protocol {HTTP,HTTPS,TCP} --subnet-id <subnet id>
Here, the --tenant-id
flag is optional and allows you to associate the pool with the specified tenant.
The --admin-state-down
attribute, when set, does not have any affect on the state of the pool. This is likely a bug or unimplemented feature.
The --lb-method
attribute is used to specify the load balancing algorithm, which is used to distribute traffic among the pool members. Possible options include ROUND_ROBIN
, LEAST_CONNECTIONS
, or SOURCE_IP
.
The --name
attribute is used to specify a name for the pool.
The --protocol
attribute is used to specify the type of traffic that the pool will balance. The HTTP
and HTTPS
protocols are used to balance nonsecure and secure web traffic, respectively. Use TCP
for all other TCP traffic.
The subnet specified using the --subnet-id
attribute should match the subnet of the pool members to be added to the pool.
To delete a load balancer pool, use the Neutron lb-pool-delete
command, as follows:
Usage: lb-pool-delete POOL
Here, the keyword POOL
represents the ID of the pool. Before a pool can be deleted, any associated virtual IP must be disassociated.
To obtain a list of the configured load balancer pools, use the Neutron lb-pool-list
command, as follows:
Usage: lb-pool-list
In this command, the returned list includes details of the pools in the running tenant, such as the ID, name, load balancing method, protocol, admin state, and status.
To show the details of a pool, use the Neutron lb-pool-show
command, as follows:
Usage: lb-pool-show POOL
Here, the keyword POOL
represents the ID of the pool. Details returned include the admin state, description, ID, load balancing method, members, protocol, provider, status, subnet ID, tenant ID, VIP ID, and health monitors associated with the pool.
To display the statistics of a pool, use the Neutron lb-pool-stats
command, as follows:
Usage: lb-pool-stats POOL
In the preceding command, the keyword POOL
represents the ID of the pool. The statistics returned include the number of active connections, total bytes in, total bytes out, and total connections.
To update the attributes of a pool, use the Neutron lb-pool-update
command, as follows:
Usage: lb-pool-update POOL [--description DESCRIPTION] [--lb-method {ROUND_ROBIN,LEAST_CONNECTIONS,SOURCE_IP}]
The --lb-method
attribute is used to specify the load balancing algorithm used to distribute traffic among pool members. Possible options include ROUND_ROBIN
, LEAST_CONNECTIONS
, or SOURCE_IP
.
When a pool is created, it is scheduled to a load balancer agent. The idea is that multiple LBaaS agents can exist in an environment to provide high availability. To list the pools associated with an agent, use the Neutron lb-pool-list-on-agent
command, as follows:
Usage: lb-pool-list-on-agent <agent id>
To determine the ID or name of the load balancing agents known to Neutron, use the Neutron agent-list
command.
The following commands are used to manage pool members in the CLI:
lb-member-create
lb-member-delete
lb-member-list
lb-member-show
lb-member-update
To create a pool member, use the Neutron lb-member-create
command, as follows:
Usage: lb-member-create [--tenant-id TENANT_ID] [--admin-state-down] [--weight WEIGHT] --address <IP addr of member> --protocol-port <application port number> POOL
Here, the --tenant-id
flag is optional and allows you to associate the pool member with the specified tenant.
The --admin-state-down
attribute is a Boolean that, when set to true
, places the pool member administratively in a down state. In this state, a pool member is not eligible to receive traffic; they, therefore, default to an administrative up state.
The --weight
attribute allows you to associate a weight with the pool member. When set, a pool member may receive more or less traffic than other members in the same pool. For example, a pool member with a weight of 2 will receive twice the traffic as a pool member with the weight of 1, a pool member with a weight of 3 will receive three times the traffic, and so on.
The --address
attribute is required and used to specify the IP address of the pool member.
The --protocol-port
attribute is required and used to specify the listening port of the application being balanced. For example, if you are balancing HTTP traffic, the listening port specified would be 80
. For SSL traffic, the port specified would be 443
. In most cases, the VIP associated with the pool utilizes the same application port number.
To delete a pool member, use the Neutron lb-member-delete
command, as follows:
Usage: lb-member-delete MEMBER
Here, the keyword MEMBER
represents the ID of the pool member to be deleted.
To obtain a list of pool members, use the Neutron lb-member-list
command, as follows:
Usage: lb-member-list [--pool-id=<POOL ID>]
The returned list of pool members includes member details, such as the ID, address, protocol port, admin state, and status. Use --pool-id
to return pool members in the specified pool only.
To show the details of a pool member, use the Neutron lb-member-show
command, as follows:
Usage: lb-member-show MEMBER
In the preceding command, the keyword MEMBER
represents the ID of the member to be shown. The returned details include the address, admin state, ID, pool ID, protocol port, status, description, tenant ID, and weight of the member.
LBaaS in Neutron provides the ability to monitor the health of pool members as a method of ensuring the availability of an application. If a pool member is not in a healthy state, Neutron can pull it out of rotation, limiting the impact of the issues between the client and application.
The following commands are used to manage health monitors in the CLI:
lb-healthmonitor-create
lb-healthmonitor-delete
lb-healthmonitor-associate
lb-healthmonitor-disassociate
lb-healthmonitor-list
lb-healthmonitor-show
lb-healthmonitor-update
To create a health monitor, use the Neutron lb-healthmonitor-create
command, as follows:
Usage: lb-healthmonitor-create [--tenant-id TENANT_ID] [--admin-state-down] [--expected-codes EXPECTED_CODES] [--http-method HTTP_METHOD] [--url-path URL_PATH] --delay DELAY --max-retries MAX_RETRIES --timeout TIMEOUT --type {PING,TCP,HTTP,HTTPS}
In the preceding command, the --tenant-id
flag is optional and allows you to associate the monitor with the specified tenant.
The --expected-codes
attribute is optional, and allows you to specify the HTTP status code(s) that indicate a pool member is working as expected when the monitor sends an HTTP request to the pool member for the specified URL. For example, if a GET
request for a URL is sent to a pool member, the server is expected to return a 200 OK
status upon the successful retrieval of the page. If 200
is listed as an expected code, the monitor will mark the pool member as UP
. As a result, the pool member will be eligible to receive connections. If a 500
status code were returned, it could indicate that the server is not properly processing connections. The health monitor would mark the pool member as DOWN
and temporarily remove it from the pool. The default value is 200
.
The --http-method
attribute is optional and used in conjunction with --expected-codes
and --url-path
. It is used to specify the type of HTTP request being made. Common types include GET
and POST
. There is no validation of this attribute, which may allow users to create monitors that don't work as expected. The default value is GET
.
The --url-path
attribute is optional and used in conjunction with --expected-codes
and --http-method
. When specified, the system performs an HTTP request defined by --http-method
for the URL against the pool member. The default value is root or /
.
The --delay
attribute is required and used to specify the period between each health check (in seconds). A common starting value is 5 seconds.
The --max-retries
attribute is required and used to specify the maximum number of consecutive failures before a pool member is marked as DOWN
. A common starting value is 3 retries.
The --timeout
attribute is required and used to specify the number of seconds for a monitor to wait for a connection to be established. The value must be less than the delay value.
The --type
attribute is required and used to specify the type of monitor being configured. The four types include:
expected_codes
, url_path
, and http_method
attributes described here.expected_codes
, url_path
and http_method
attributes described here.To delete a health monitor, use the Neutron lb-healthmonitor-delete
command, as follows:
Usage: lb-healthmonitor-delete HEALTH_MONITOR
In the preceding command, the keyword HEALTH_MONITOR
represents the ID of the health monitor to be deleted.
To associate a health monitor with a pool, use the Neutron lb-healthmonitor-associate
command, as follows:
Usage: lb-healthmonitor-associate HEALTH_MONITOR_ID POOL
Here, the keyword POOL
represents the ID of the pool to be associated with the monitor.
To disassociate a health monitor from a pool, use the Neutron lb-healthmonitor-disassociate
command, as follows:
Usage: lb-healthmonitor-disassociate HEALTH_MONITOR_ID POOL
Here, the keyword POOL
represents the ID of the pool to be disassociated from the monitor.
To obtain a list of health monitors, use the Neutron lb-healthmonitor-list
command, as follows:
Usage: lb-healthmonitor-list
In this command, the list returned includes the ID, type, and admin status of all health monitors.
To show the details of a health monitor, use the Neutron lb-healthmonitor-show
command, as shown in the following example:
Usage: lb-healthmonitor-show HEALTH_MONITOR
Here, the details returned include the delay, expected codes, HTTP method, ID, max retries, pools, tenant ID, timeout, type, and URL path.
The following commands are used to manage virtual IPs in the CLI:
lb-vip-create
lb-vip-delete
lb-vip-list
lb-vip-show
lb-vip-update
To create a virtual IP, use the Neutron lb-vip-create
command, as follows:
Usage: lb-vip-create [--tenant-id TENANT_ID] [--address ADDRESS] [--admin-state-down] [--connection-limit CONNECTION_LIMIT] [--description DESCRIPTION] --name NAME --protocol-port PROTOCOL_PORT --protocol {TCP,HTTP,HTTPS} --subnet-id SUBNET POOL [--session-persistence type=TYPE]
Here, the --tenant-id
flag is optional and allows you to associate the monitor with the specified tenant.
The --admin-state-down
attribute, when set, does not have any affect on the state of the load balancer.
The --address
attribute is optional and allows you to specify the IP address of the listener. A Neutron port will be created to reserve the address specified here.
The --connection-limit
attribute is optional and allows you to define a connection limit on the virtual IP. Once the limit is reached, new client traffic will not be balanced.
The --name
attribute is required and used to define the name of the virtual IP.
The --protocol-port
attribute is required and used to specify the listening port of the application being balanced. For example, if you were balancing HTTP traffic, the port specified would be 80
. For SSL traffic, the port specified here would be 443
. In most cases, the pool associated with the virtual IP utilizes the same application port number.
The --protocol
attribute is required and used to specify the type of traffic being load balanced. Options include TCP, HTTP, and HTTPS. This value must match the protocol of the associated pool.
The --subnet-id
attribute is required and used to provide the proper network configuration of the load balancer. Every load balancer exists in its own network namespace, and the subnet specified here is what is used to configure networking within the namespace, including the IP address and default route.
The keyword POOL
represents the pool to be balanced by this virtual IP.
The -–session-persistence
attribute is optional and allows you to specify a method of persistence for clients connecting to the VIP. The placement of -–session-persistence
within the command structure is important and can result in an error if placed before the pool name.
To enable SOURCE_IP
or HTTP_COOKIE
persistence, use the following syntax:
lb-vip-create ... POOL --session-persistence type=dict type=HTTP_COOKIE lb-vip-create ... POOL --session-persistence type=dict type=SOURCE_IP
To enable APP_COOKIE
persistence, use the following syntax:
lb-vip-create ... POOL --session-persistence type=dict type=APP_COOKIE,cookie_name=<application cookie name>
The preceding lb-vip-create
examples should be entered as one line, but they may appear line-wrapped in the text. The persistence of APP_COOKIE
requires the use of a specified cookie name that is unique to your application. A common example is the use of a JSESSIONID
cookie in a JSP application.
To delete a virtual IP, use the Neutron lb-vip-delete
command, as follows:
Usage: lb-vip-delete VIP
In the preceding command, the keyword VIP
represents the ID of the virtual IP to be deleted.
To obtain a list of virtual IPs, use the Neutron lb-vip-list
command, as follows:
Usage: lb-vip-list
The returned output includes a list of virtual IPs and details such as the ID, name, address, protocol, and state.
To show the details of a virtual IP, use the Neutron lb-vip-show
command, as follows:
Usage: lb-vip-show VIP
The keyword VIP
represents the ID of the virtual IP. Returned details include the address, connection limit, description, ID, name, pool ID, port ID, protocol, protocol port, status, subnet ID, and tenant ID.