How to configure network load balancers¶
Note
Network load balancers are currently available for the OVN network.
Network load balancers are similar to forwards in that they allow specific ports on an IP address (external or internal) to be forwarded to specific ports on internal IP addresses in the same network as the load balancer.
The difference between load balancers and forwards is that load balancers can be used to share ingress traffic between multiple internal backend addresses. This feature can be useful if you have limited external IP addresses or want to share a single external address and ports over multiple instances.
A load balancer is made up of:
A single listen IP address (external or internal).
One or more named backends consisting of an internal IP and optional port ranges.
One or more listen ports or port ranges that are configured to forward to one or more named backends.
One or more listen ports that are configured to forward to one or more pools of instances.
A pool of instances allows a more simplified definition of backends as it doesn’t require additional configuration of the internal IP. Furthermore a pool uses health checks to identify offline backends to which the load balancer should not forward any traffic.
Create a network load balancer¶
Use the following command to create a network load balancer:
lxc network load-balancer create <network_name> [<listen_address>] [--allocate=ipv{4,6}] [configuration_options...]
Example with a specified listen address:
lxc network load-balancer create my-ovn-network 192.0.2.178
Example with an allocated listen address:
lxc network load-balancer create my-ovn-network --allocate=ipv4
Each load balancer is assigned to a network.
Listen addresses are subject to restrictions. If a listen address is not specified, the --allocate flag must be provided. See Requirements for listen addresses for more information about which addresses can be load-balanced, as well as how to use the --allocate flag.
Load balancer properties¶
Network load balancers have the following properties:
| Key: | backends |
| Type: | backend list |
| Required: | no |
See Configure backends.
| Key: | config |
| Type: | string set |
| Required: | no |
The only supported keys are user.* custom keys.
| Key: | ports |
| Type: | port list |
| Required: | no |
See Configure ports.
Requirements for listen addresses¶
The following requirements must be met for valid listen addresses:
For external listen IP addresses:
Allowed listen addresses must be defined in the uplink network’s
ipv{n}.routessettings or the project’srestricted.networks.subnetssetting.If you specify a listen address when creating a load balancer, it must be within the range of allowed addresses.
If you do not specify a listen address, you must use either
--allocate ipv4or--allocate ipv6. This will allocate a listen address from the range of allowed addresses.
The listen address must not overlap with a subnet that is in use with another network or entity in that network.
For internal listen IP addresses:
Allowed listen addresses must not be used by the associated network’s gateway, other existing load balancers and network forwards, or instance NICs.
Configure backends¶
You can add backend specifications to the network load balancer to define target addresses (and optionally ports). The backend target address must be within the same subnet as the network associated with the load balancer.
Use the following command to add a backend specification:
lxc network load-balancer backend add <network_name> <listen_address> <backend_name> <target_address> [<target_ports>]
Example:
lxc network load-balancer backend add my-ovn-network 192.0.2.178 test-backend 10.41.211.5
If no target ports are specified when adding the backend:
The load balancer uses the listen ports defined in the port specification associated with that backend, if any.
If no such listen ports are defined, the backend has no target ports and is inactive. You must either add a port specification or edit the load balancer configuration to include a
target_portvalue in the backend specification or alisten_portvalue in the ports specification.
If you want to forward the traffic to different ports, you have two options:
Specify a single target port to forward traffic from all listen ports to this target port.
Specify a set of target ports with the same number of ports as the listen ports to forward traffic from the first listen port to the first target port, the second listen port to the second target port, and so on.
Backend properties¶
Network load balancer backends have the following properties:
| Key: | target_port |
| Type: | string |
| Default: | same as |
| Required: | no |
For example: 70,80-90 or 90
Configure pools¶
Pools are not directly attached to a load balancer. Instead they are configured on the network and can therefore be referenced by one or many load balancers inside this network.
Use the following command to add a pool:
lxc network load-balancer pool create <network_name> <pool_name> <key>=<value>...
Example:
lxc network load-balancer pool create my-ovn-network https target_port=443
This creates a new pool and sets 443 as the target port for all instances inside the pool.
If necessary the port can be overwritten for each instance.
Pool properties¶
Network load balancer pools have the following properties:
| Key: | healthcheck |
| Type: | bool |
| Default: |
|
| Required: | no |
healthcheck.failure_countNumber of failed probe attempts after which an instance is considered unhealthy.
| Key: | healthcheck.failure_count |
| Type: | integer |
| Default: |
|
| Required: | no |
| Key: | healthcheck.interval |
| Type: | integer |
| Default: |
|
| Required: | no |
healthcheck.success_countNumber of successful probe attempts after which an instance is considered healthy.
| Key: | healthcheck.success_count |
| Type: | integer |
| Default: |
|
| Required: | no |
| Key: | healthcheck.timeout |
| Type: | integer |
| Default: |
|
| Required: | no |
| Key: | protocol |
| Type: | string |
| Default: |
|
| Required: | no |
Can be either tcp or udp.
Configure pool instances¶
When a load balancer port references a pool, traffic can only be forwarded to the pool if it contains one or more instances. Use the following command to add instances to the pool:
lxc network load-balancer pool instance add <network> <pool_name> <instance_name> [<target_port>]
Important
When adding an instance to a pool that is already referenced by a load balancer port, be aware that OVN will start to send traffic to this instance immediately as its status isn’t yet known to the load balancer.
Only after the health check returned for the first time, the instance will be removed from the list of eligible targets if there isn’t any service listening on the target port.
Example:
lxc network load-balancer pool instance add my-ovn-network http i1
The target port is optional and allows you to use a custom port for the instance. If you do not provide a target port for the instance, the instance will use the pool’s target port.
Configure ports¶
You can add port specifications to the network load balancer to forward traffic from specific ports on the listen address:
To specific ports on one or more target backends.
To specific ports on all instances inside a target pool
Use the following command to add a port specification for explicit target backends:
lxc network load-balancer port add <network_name> <listen_address> <protocol> <listen_ports> target_backend=<backend_name>[,<backend_name>...]
Example:
lxc network load-balancer port add my-ovn-network 192.0.2.178 tcp 80 target_backend=test-backend
You can specify a single listen port or a set of ports. The backend(s) specified must have target port(s) settings compatible with the port’s listen port(s) setting.
Use the following command to add a port specification for all instances inside a target pool:
lxc network load-balancer port add <network_name> <listen_address> <protocol> <listen_port> target_pool=<pool_name>
Example:
lxc network load-balancer port add my-ovn-network 192.0.2.178 tcp 443 target_pool=https
Port properties¶
Network load balancer ports have the following properties:
| Key: | protocol |
| Type: | string |
| Required: | yes |
Possible values are tcp and udp.
| Key: | target_backend |
| Type: | backend list |
| Required: | no |
If you do not provide a list of backends, then you must provide a pool to target_pool.
Edit a network load balancer¶
Use the following command to edit a network load balancer:
lxc network load-balancer edit <network_name> <listen_address>
This command opens the network load balancer in YAML format for editing. You can edit the general configuration, as well as the backend and port specifications.
Example load balancer configuration YAML file:
listen_address: 192.0.2.178
location: ""
description: ""
config: {}
backends:
- name: test-backend
description: ""
target_port: ""
target_address: 10.41.211.5
ports:
- description: ""
protocol: tcp
listen_port: 70,80-90
target_backend:
- test-backend
- description: ""
protocol: tcp
listen_port: 443
target_pool: https
Edit a network load balancer pool¶
Use the following command to edit a network load balancer pool:
lxc network load-balancer pool edit <network_name> <pool_name>
This command opens the network load balancer pool in YAML format for editing. You can edit the general configuration, as well as the instances and their target port.
Example load balancer pool configuration YAML file:
name: https
description: ""
config:
protocol: tcp
target_port: "443"
healthcheck.interval: 10
instances:
- name: i1
- name: i2
- name: i3
target_port: "8443"
used_by:
- /1.0/networks/default/load-balancers/192.0.2.178
Get the state of a network load balancer pool¶
When a pool is referenced by a network load balancer port and contains instances, the current state of the health check can be observed for all instances in the pool.
Use the following command to get the state of a network load balancer pool:
lxc network load-balancer pool info <network_name> <pool_name>
The status for each of the pool’s instances is reported for each load balancer port that references the pool.
Delete a network load balancer¶
Use the following command to delete a network load balancer:
lxc network load-balancer delete <network_name> <listen_address>
Delete a network load balancer pool¶
Use the following command to delete a network load balancer pool:
lxc network load-balancer pool delete <network_name> <pool_name>
Remove a network load balancer pool instance¶
Use the following command to remove a network load balancer pool instance:
lxc network load-balancer pool instance remove <network_name> <pool_name> <instance_name>
Remove a network load balancer port¶
Use the following command to remove a network load balancer port:
lxc network load-balancer port remove <network_name> <listen_address> <protocol> <listen_ports>