Neutron/LBaaS/LBaaS reuse option
资源模型
顶级对象
资源模型中的核心对象围绕配置重用和面向企业的特性集
1. VIP:虚拟服务器是一个流量管理对象,由一组 IP 地址和服务表示。客户端将应用程序流量发送到虚拟服务器,然后虚拟服务器根据您的配置指令将流量定向到目标服务器。
2. Pool:负载均衡池是设备(例如 Web 服务器)的逻辑集合,您将它们组合在一起以接收和处理流量。
3. Member:池成员表示在后端服务器上运行的应用程序。
4. Monitor:健康监视器可以监视池成员或服务器的运行状况或性能。
5. stats:stats 对象指示指定池的流量统计信息
扩展:核心资源模型可以通过将其他对象(例如 applicationProfile)关联到核心资源来扩展。
1. Application-profile:应用程序配置文件包含用于以各种方式管理特定于应用程序的网络流量的高级配置,具体取决于所使用的协议和服务。例如,您可以在将请求传递到目标服务器之前配置 SSL 客户端证书。配置配置文件后,您可以将配置文件与虚拟服务器关联。然后,虚拟服务器将根据配置文件中指定的值处理流量。
{{https://wiki.openstack.org/LBaaS/CoreResourceModel/proposal?action=AttachFile&do=get&target=loadbalancer_resource_model_openstack_v2.JPG}}
ApplicationProfile 属性
此表说明了 ApplicationProfile 的一部分设置。我们可以预定义一组配置文件,用户可以通过从其继承来创建自定义配置文件。
| 分类 |
| 全局 |
| 3>|Application |
| 协议 |
| 6>|SSL |
对象定义
本节通过使用示例配置以 JSON 格式说明对象方案
1. 5x VirtualServers 用于 HTTP、HTTPS、SSL_passthrough、TCP 和 HTTP 重定向
2. 2x 池,每个池包含 2x 成员
3. 3x 具有不同类型的监视器
注意:作为全局配置的一部分,用户需要导入证书/密钥、信任客户端 CA 和 CRL。在 LoadBalancer 配置中,用户可以通过使用对这些对象的引用,在 ApplicationProfile 的一部分中指定 SSL 设置。
{
"loadBalancer": {
"vip": [
{
"id": "1",
"name": "http_lb",
"description": "VIP for http traffic",
"networkID": "pubnwk-1",
"address": "192.168.1.101",
"protocol": "HTTP",
"port": "80",
"sessionPersistence": {
"method": "COOKIE",
"cookieName": "JSESSIONID",
"cookieMode": "INSERT"
},
"connectionLimit": "1000",
"applicationProfileId": "1",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1"
},
{
"id": "2",
"name": "https_lb",
"description": "virtualServerforhttpstraffic",
"address": "192.168.1.101",
"networkID": "pubnwk-1",
"protocol": "HTTPS",
"port": "443",
"sessionPersistence": {
"method": "COOKIE",
"cookieName": "JSESSIONID",
"cookieMode": "PREFIX"
},
"connectionLimit": "1000",
"applicationProfileId": "2",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1",
},
{
"id": "3",
"name": "https_passthrough_lb",
"description": "virtualServerforhttpspassthroughtraffic",
"address": "192.168.1.102",
"networkID": "pubnwk-1",
"protocol": "HTTPS",
"port": "443",
"sessionPersistence": {
"method": "SSL_SESSION_ID"
},
"connectionLimit": "1000",
"applicationProfileId": "3",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "2"
},
{
"id": "4",
"name": "tcp_lb",
"description": "virtualServerfortcptraffic",
"address": "192.168.1.101",
"networkID": "pubnwk-1",
"protocol": "TCP",
"port": "8080",
"sessionPersistence": {
"method": "SSL_SESSION_ID"
},
"connectionLimit": "1000",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1"
},
{
"5",
"name": "http_redirect_lb",
"description": "virtualServerforhttpredirection",
"address": "192.168.1.101",
"protocol": "HTTP",
"port": "800",
"connectionLimit": "1000",
"applicationProfileId": "4",
"adminState": "ENABLED",
"status": "ENABLED",
"poolId": "1"
}
],
"pool": [
{
"id": "1",
"name": "http-pool",
"description": "poolforhttpandhttpstraffic",
"lbMethod": "ROUND_ROBIN",
"healthMonitorIds": [
"1"
],
"adminState": "ENABLED",
"status": "ENABLED",
"member": [
{
"id": "1",
"ipAddress": "192.168.4.103",
"weight": "10",
"port": "80",
"healthMonitorIds": [
"3"
],
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "UP"
},
{
"id": "2",
"ipAddress": "192.168.4.104",
"weight": "20",
"port": "80",
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "DOWN"
}
]
},
{
"id": "2",
"name": "https-pool",
"description": "poolforhttpandhttpstraffic",
"lbMethod": "IP_HASH",
"healthMonitorIds": [
"2"
],
"adminState": "ENABLED",
"status": "ENABLED",
"member": [
{
"id": "1",
"ipAddress": "192.168.4.103",
"weight": "10",
"port": "443",
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "UP"
},
{
"id": "2",
"ipAddress": "192.168.4.104",
"weight": "20",
"port": "443",
"connectionLimit": "100000",
"adminState": "ENABLED",
"status": "UP"
}
]
}
],
"applicationProfiles": {
"applicationProfile": [
{
"id": "1",
"name": "http_profile",
"insertXForwardedFor": "true",
},
{
"id": "2",
"name": "https_profile",
"sslPassthrough": "false",
"clientSsl": {
"verifyRequired": "false",
"serverCertificate": "server-cert-1",
"caCertificates": {
"caCertificate": "ca-cert-1"
},
"crlCertificates": {
"crlCertificate": "crl"
},
"ciphers": "AES256"
}
},
{
"id": "3",
"name": "ssl_profile",
"sslPassthrough": "true"
},
{
"id": "4",
"name": "http_redirection_profile",
"httpRedirect": {
"destUrl": "https: //www.company.com/login"
}
}
]
},
"monitorService": {
"checkTimeout": "60",
"monitors": [
{
"id": "1",
"name": "http-monitor",
"type": "HTTP",
"delay": "1",
"interval": "10",
"timeout": "20",
"maxRetryAttempts": "3",
"method": "GET",
"path": "/",
"expected": "\"200-204\""
},
{
"id": "2",
"name": "https-monitor",
"type": "HTTPS",
"delay": "2",
"interval": "10",
"timeout": "20",
"maxRetryAttempts": "3",
"method": "SSL"
},
{
"id": "3",
"name": "tcp-monitor",
"type": "TCP",
"delay": "5",
"interval": "10",
"timeout": "30",
"maxRetryAttempts": "2"
}
]
}
}
}
F5 BIG-IP 的配置方式
要将此资源模型转换为 F5 Big-IP,用户将
1. 创建一组配置文件,这些配置文件定义了持久性、ssl、http 配置。
2. 创建两个虚拟服务器
- a) VS_http:地址 192.168.1.101,端口 80,将默认 http 配置文件附加到此虚拟服务器,将 cookie 持久性配置文件附加到此虚拟服务器。
b. VS_https: address 192.168.1.101, port 443, attach default https profile to this virtualserver, attach ssl session id persistence profile to this virtualserver.
3. 创建两个池
- a) Pool_http:算法 RR,添加两个成员 192.168.4.103:80 + 192.168.4.104:80,将预定义的 HTTP 监视器附加到池
b. Pool_https: algorithm RR, add two memebers 192.168.4.103:8443 + 192.168.4.104:8443, attach predefined HTTPS monitor to the pool, user customized HTTPS_2 monitor to member 192.168.4.103
4. 为每个 VirtualServer 配置默认池
- a) VS_http 使用 Pool_http 作为默认池
b. VS_https uses Pool_https as the default pool
API
此表列出了公开的 API 以及与 eBay LBMS 和 Equilibrium LBaaS API 的比较
| 负载均衡器 API | eBay LBMS API | |||
| 分类 | URL | API | 详情 | API |
| 2>|VIP | /loadbalancer/vips | 2>|CRUD | 2>|管理负载均衡器 VIP | 2>|VIP APIs |
| 2>|Pool | /loadbalancer/pools | 2>|CRUD | 2>|管理负载均衡器池 | 2>|Pool APIs |
| 2>|Member | /loadbalancer/pools/:poolid/members | 2>|CRUD | 2>|管理池下的成员 | 2>|Service APIs |
| 2>|HealthMonitor | /loadbalancer/healthmonitors | 2>|CRUD | 2>|管理健康监视器 | 2>|Monitor APIs |
| 统计信息 | /loadbalancer/pools/statistics | GET | 获取统计信息和状态 | Metric APIs |
| 2>|Configuration | /loadbalancer/protocols | 2>|GET | 2>|获取支持的协议和算法 | |
| Extension API | 不支持 | |||
| 2>|ApplicationProfile | /loadbalancer/extensions/applicationprofiles | 2>|CRUD | 2>|管理负载均衡器 applicationProfiles | 2>|VIP+Policy APIs |
