OpenStack Load Balancing Use Cases and Requirements
1. LBaaS Use Cases and
Requirements
What do you mean we
have to make this work now?
OpenStack Design Summit – Fall 2012 – Tuesday October 16th j.gruber@f5.com
2. Background and Thoughts
Please Read the Wiki: http://wiki.openstack.org/Quantum/LBaaS
Primer on Network Load Balancing:
http://wiki.openstack.org/NetworkLoadBalancingIntegrationsWithQuantum
Decided to Standardize Two L3 Routed Use Cases for Now:
“Routed Mode”- LB device is the default L3 route path (maybe)
“One-Arm Mode”- LB device uses SNAT to force a L3 route path
3. Quick Look At Routed Mode
Ramifications:
- L2 adjacency to 'Nodes'
- L3 routing works to everything
the 'Nodes' need to get to
- No LB for the Local Segment VIP: 10.10.10.10
NLB: 20.20.20.1
Node: 20.20.20.10
Node: 20.20.20.8
Gateway: 20.20.20.1
Gateway: 20.20.20.1 Node: 20.20.20.9
Gateway: 20.20.20.1
4. Quick Look At One-Arm Mode
Ramifications:
- L3 client address abstracted to 'Nodes'
- Additional L3 addressing for SNAT
- 64k connections per IP
- Defined as pools before deployed
Router: 20.20.20.1
VIP: 20.20.20.5
SNAT Pool
20.20.20.50-52
Node: 20.20.20.8 Node: 20.20.20.9 Node: 20.20.20.10
Gateway: 20.20.20.1 Gateway: 20.20.20.1 Gateway: 20.20.20.1
5. LB Devices Should Be HA
MAC A Virtual IP bound
to MAC C Dynamic MAC address generation
Dynamic MAC address generation
MAC Masq C
L2 HA GARP or ICMPv6 for failover
GARP or ICMPv6 for failover
MAC B
1 IP per HA + 1 IP per device + 1 VIP
1 IP per IP per device + 1 VIP
broadcast
domain
Virtual IP
Dynamic routing protocol with
routing protocol with
forwarding on separate L3 network
forwarding on separate L3 network
Virtual IP
L3 HA Anycast or RHI Virtual IPs
Anycast or RHI Virtual IPs
1 IP per device + 1 VIP
IP per device + 1 VIP
route
domain
6. Use Case 1: Multi-Tenant
Devices with Routed Shared Networks
One-Arm mode only – Edge LB Service
HA Virtual IP Network (Public)
Management Network
OOB Management Port
OOB Typically
is a physical
……….
interface
100% Routed L3 Topology for LB
100% Routed L3 Topology LB
All Virtual IPs are from shared network pools
All Virtual IPs are from shared pools HA Shared Network (Private)
There are no tenant specific networks
There are no tenant specific networks n = number of LB devices
at L2 or tenant provided L3 addressing
L2 or tenant L3 d = number of HA domains
p = number of concurrent SNAT addresses
1 IP Address per Device + 1 IP HA Cluster Management ( n + 1 )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP Address per Virtual Service ( n + d + v )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP per 64k connections ( n + d + p )
7. Use Case 1: Multi-Tenant
Devices with Routed Shared Networks
One-Arm Mode Only
HA Virtual IP Network (Public)
PROVIDER REQUIREMENTS TENANT REQUIREMENTS
This looks like AtlasLB today
This looks like AtlasLB today Management Network
This looks like AtlasLB today
like AtlasLB today
LB Device Management and HA networking
LB Management HA Defines Members
Members
OOB Management Port
Defines LB Method
LB Method
Predefined network pools
Predefined network pools Defines Monitoring Requirements
Defines Monitoring Requirements
for PUBLIC and PRIVATE routed networks
for PUBLIC and PRIVATE routed networks Defines Persistence Requirements
Defines Persistence Requirements
Overload Virtual IPs with Different Ports
Overload Virtual IPs with Different Ports
Predefined SNAT pool addresses
Predefined SNAT pool addresses OOB Typically
is a physical
L3 filtering on PRIVATE virtual IPs
L3 filtering virtual ……….
allowing only tenant network addresses
interface
allowing only tenant network addresses
to connect to the virtual service
to connect the service
Security groups must allow connections
Security groups must allow connections
from SNAT pool addresses
from SNAT pool addresses HA Shared Network (Private)
n = number of LB devices
d = number of HA domains
p = number of concurrent SNAT addresses
1 IP Address per Device + 1 IP HA Cluster Management ( n + 1 )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP Address per Virtual Service ( n + d + v )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP per 64k connections ( n + d + p )
8. Use Case 2: Multi-Tenant
Devices with Shared and Quantum Networks
One-Arm mode only? HA Virtual IP Network (Public)
Management Network
OOB Management Port
OOB Typically
is a physical
………. interface
Public HA Virtual IPs are
Public HA Virtual IPs are
from shared network pools
from shared network pools
Tenant supplies network ids
Tenant supplies network ids Tenant Networks
HA Tenant Network
and required L3 addressing
and required L3 addressing
HA Tenant Network
Quantum IP Addresses
1 IP Address per Device + 1 IP HA Cluster Management ( n + 1 )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP Address per Virtual Service ( n + d + v )
Dynamic MAC Addresses + Tenant Managed IP Addresses
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP per 64k connections ( n + d + p )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP per 64k connections ( n + d + p )
9. Use Case 2: Multi-Tenant
Devices with Shared and Quantum Networks
One-Arm mode only? HA Virtual IP Network (Public)
PROVIDER REQUIREMENTS TENANT REQUIREMENTS
Management Network
LB devices Management and shared
LB devices Management and shared Tenant network id(s)
Tenant network id(s)
network HA requirements
network HA requirements OOB Management Port
LB devices tenant network(s)
LB devices tenant network(s)
Predefined network pools
Predefined network pools HA requirements
HA requirements
for shared network virtual IPs
for shared network virtual IPs OOB Typically
IP for virtual IPs on tenant network(s)
IP for virtual IPs on tenant
is a physical
………. Predefined network interface
Predefined network addresses
addresses
for SNAT pools on tenant network(s)
for SNAT pools on tenant network(s)
Defines Members
Members
Defines LB Method
LB Method
HA Tenant Network Tenant Networks
Defines Monitoring Requirements
Defines Monitoring Requirements
Defines Persistence Requirements
Defines Persistence Requirements
Overload Virtual IPs with Different Ports
Overload Virtual IPs with Different Ports
HA Tenant Network
Quantum IP Addresses
1 IP Address per Device + 1 IP HA Cluster Management ( n + 1 )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP Address per Virtual Service ( n + d + v )
Dynamic MAC Addresses + Tenant Managed IP Addresses
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP per 64k connections ( n + d + p )
1 IP Address per Device + 1 IP Address per HA Domain + 1 IP per 64k connections ( n + d + p )
10. Use Case 3: Single-Tenant
Load Balancing
One-Arm Mode Only
Quantum IP Addresses Public Network Address is not HA
1 IP Address per Device optional LB device is 'owned' by a
LB device is 'owned' by a
single quantum tenant
single quantum
LB device is not the only
LB is not only
route between tenant networks
route between tenant networks
Tenant controls LB HA devices
Tenant controls LB HA devices
Tenant Networks
Possibly HA Tenant Network
Possibly HA Tenant Network
11. Use Case 3: Single-Tenant
Load Balancing
One-Arm Mode Only
PROVIDER REQUIREMENTS TENANT REQUIREMENTS
Quantum IP Addresses Public Network Address is not HA
Tenant network id(s) (L2 on device)
Tenant network id(s) (L2 on device)
LB devices Management requirements
LB devices Management requirements
1 IP Address per Device optional
LB devices tenant network(s)
LB devices tenant network(s)
Predefined network pools
Predefined network pools HA requirements
HA requirements
for shared network virtual IPs
for shared network virtual IPs
LB device L3 filtering control
LB device L3 control
IP for virtual IPs on tenant network(s)
IP for virtual IPs on tenant
Predefined network addresses
Predefined network addresses
for SNAT pools on tenant network(s)
for SNAT pools on tenant network(s)
Tenant Networks
Defines Members
Members
Defines LB Method
LB Method
Defines Monitoring Requirements
Defines Monitoring Requirements
Defines Persistence Requirements
Defines Persistence Requirements
Overload Virtual IPs with Different Ports
Possibly HA Tenantwith Different Ports
Overload Virtual IPs Network
Possibly HA Tenant Network
12. Use Case 4: Single-Tenant
LB Devices as Gateway
Do we even need this use case?
Quantum IP Addresses Public Network Address is not HA
1 IP per Device
1 IP per 64k connections
LB device is 'owned' by a
LB device is 'owned' by a
single quantum tenant
single quantum
LB device is the only
LB device is the only
route between tenant networks
route between tenant networks
Tenant Networks
Possibly HA Tenant Network
Possibly HA Tenant Network
13. Use Case 4: Single-Tenant
Devices as Gateway
Do we even need this use case?
TENANT REQUIREMENTS
PROVIDER REQUIREMENTS Tenant network id(s) (L2 on device)
Tenant network id(s) (L2 on device)
Quantum IP Addressesrequirements
LB devices Management requirements
LB devices Management Public Network Address is not network(s)
LB devices tenant network(s)
LB devices tenant HA
1 IP per Device HA requirements
HA requirements
1 IP per 64k connections pools
Predefined network pools
Predefined network
for shared network virtual IPs
for shared network virtual IPs LB device L3 filtering control
LB device L3 control
LB device route table control
LB device route table control
LB device DHCP relay // service
LB device DHCP relay service
IP for virtual IPs on tenant network(s)
IP for virtual IPs on tenant
Predefined network addresses
Predefined network addresses
for SNAT poolsTenant Networks
for SNAT pools on tenant network(s)
on tenant network(s)
Possibly HA Tenant Network
Defines Members
Members
Defines LB Method
LB Method
Possibly HA Tenant Network Requirements
Defines Monitoring Requirements
Defines Monitoring
Defines Persistence Requirements
Defines Persistence Requirements
Overload Virtual IPs with Different Ports
Overload Virtual IPs with Different Ports