Create a load balancer
The Control Panel
OpenStack CLI
Terraform
1. Select configuration and network
-
In the control panel go to the section Cloud Platform → Load Balancers.
-
Open the Load Balancers tab.
-
Click Create a load balancer.
-
Select the region and pool in which the load balancer will be created.
-
Select configuration depending on the load on the project.
-
Enter the name of the load balancer.
-
Optional: enter a comment — any additional information about the load balancer, it will be displayed only in the control panel.
-
Select a subnet:
- private — traffic balancing will be performed only within the subnet. You can connect a public IP address to a private address — the load balancer will be accessible from the Internet via NAT;
- or public — the load balancer will be accessible from the Internet and will be able to proxy requests from the public subnet to cloud servers in the private subnet. If you will be hosting cloud servers on the same subnet, then select a network with a size of /28 or make sure that it has a free IP address for load balancer port.
-
Specify the IP address in the subnet — the free address that will be assigned to the load balancer.
-
Optional: Connect a public IP address. If there is no available public IP address, create a new IP address. The private subnet where you are creating the load balancer must be connected to a cloud router with access to an external network.
-
Click Next.
2. Create a target group
-
Open the Servers tab.
-
Optional: To change the name of the target group, click , enter the name and click .
-
Select the traffic destination protocol that the load balancer will use to transfer traffic to the target group. The following protocol combinations are available for receiving traffic on the load balancer and assigning traffic to the target group:
- TCP–TCP — classic L4 balancing;
- TCP PROXY — client information is not lost and is transmitted in a separate connection header;
- UDP–UDP — UDP protocol is faster than TCP, but less reliable;
- HTTP–HTTP — L7-balancing;
- HTTPS–HTTP — L7-balancing with encryption and termination of the SSL certificate on the load balancer.
-
The standard port will be automatically selected for the selected protocol — change it if necessary. The port value will be shared by all servers in the group.
-
Select the servers that will be added to the target group.
-
Specify the settings for each marked server:
6.1. Select the IP address.
6.2. Optional: Change the port.
6.3. Specify the weight of the server — this is a proportional measure, it indicates the proportion of requests that the server processes. If the weights are the same, then the servers serve an equal number of requests. If, for example, there is one server with a weight of "2" and two servers with a weight of "1" in the group, then the first server will receive 50% of all requests, and the other two will receive 25% each. The maximum weight value is 256.
6.4. Optional: to direct traffic to the server only when the other servers in the group are unavailable, check the Backup checkbox.
-
Open the Algorithm tab.
-
Select request distribution algorithm — Round Robin or Least connections.
-
Optional: To enable the [Sticky Sessions] method(/cloud/servers/load-balancers/about-load-balancers.mdx#sticky-sessions), check the Sticky sessions checkbox and select the session ID. For the APP cookie ID, enter the cookie name.
-
Open the tab Availability checks.
-
Select the type of availability check. After the group is created, the verification type cannot be changed.
-
If the HTTP verification type is selected, specify the request parameters — method, path, and expected response codes.
-
Specify the interval between checks — the interval in seconds with which the load balancer sends checking requests to the servers.
-
Specify the connection timeout — the response waiting time in seconds, should be less than the interval between checks.
-
Specify the success threshold — the number of successful requests in a row, after which the server is put into operation.
-
Specify the failure threshold — the number of unsuccessful requests in a row, after which the server operation is suspended.
-
Optional: To add another target group, click Add Target Group and configure it.
-
Click Next.
3. Configure rules and HTTP policies
- Select protocol for receiving traffic on the load balancer:
TCP or UDP traffic
HTTP or HTTPS traffic
-
For the selected protocol, the standard port on which the load balancer will listen to traffic will be automatically selected — change it if necessary.
-
Select the target group. Groups are available for which traffic can be balanced according to the selected protocol for receiving traffic.
-
Optional: Expand the Advanced Rule Settings block and specify connection settings:
- for incoming requests to the load balancer, specify the connection timeout and maximum connections;
- for requests from the load balancer to servers, specify the connection timeout, inactivity timeout, and TCP packet timeout.
-
Optional: To add another rule, click Add Rule and go to step 1. The number of rules is unlimited.
-
Check the total cost of the load balancer.
-
Click Create a load balancer.
-
For the selected protocol, the standard port on which the load balancer will listen to traffic will be automatically selected — change it if necessary.
-
If you have selected the HTTPS protocol, select the certificate for terminating HTTPS traffic on the load balancer — select the certificate from the secret manager or upload a new one. For more information, see the instructions TLS(SSL)-load balancer certificates.
-
Optional: Mark the HTTP request headers that will be sent to the servers.
-
Select the default target group — traffic that does not fall under the [HTTP policy] will be sent there(/cloud/servers/load-balancers/about-load-balancers.mdx#http-policies).
-
Create HTTP policies.
-
Optional: Open the Advanced Rule Settings block and specify connection settings:
- for incoming requests to the load balancer, specify the connection timeout and maximum connections;
- for requests from the load balancer to servers, specify the connection timeout, inactivity timeout, and TCP packet timeout.
-
Optional: To add another rule, click Add Rule and go to step 1. The number of rules is unlimited.
-
Check the price of the load balancer.
-
Click Create a load balancer.
-
Install the Octavia component to work with cloud load balancers — version 3.4.0 is required for compatibility with the Yoga release version:
pip3 install python-octaviaclient===3.4.0
-
Create a load balancer:
openstack loadbalancer create \
--vip-subnet-id <subnet_uuid> \
--vip-address <loadbalancer_ip_address> \
--flavor <flavor> \
--name <loadbalancer_name>Specify:
<subnet_uuid>
is the ID of a private or public subnet, you can view it using theopenstack subnet list
<loadbalancer_ip_address>
— the IP address that will be allocated to the load balancer is one of the free ones in the subnet;<flavor>
— the flavor ID or name. Flavors correspond to load balancer types and determine the number of vCPUs, RAM, and the number of instances of the load balancer. For example,ac18763b-1fc5-457d-9fa7-b0d339ffb336
is the ID for creating an Advanced load balancer with redundancy in the ru-9 pool. The list of flavors can be viewed using theopenstack loadbalancer flavor list -c id -c name
or in the table List of flavors of the load balancer in all pools;<loadbalancer_name>
is the name of the load balancer.
-
Check that the load balancer is in statuses
ONLINE' (parameter
operating_statusin the output of the command) and
ACTIVE' (`provisioning_status'):openstack loadbalancer show <loadbalancer>
Specify the
<loadbalancer>
— ID or name of the load balancer, the list can be viewed using theopenstack loadbalancer list
-
Optional: Connect the public IP address to the load balancer:
openstack floating ip set --port <loadbalancer_port_uuid> <floating_ip>
Specify:
<loadbalancer_port_uuid>
is the port ID of the load balancer, you can view it usingopenstack loadbalancer show <loadbalancer>
, the value isvip_port_id
;<floating_ip>
is a public IP address.
-
Create a target group:
openstack loadbalancer pool create \
--name <pool_name> \
--lb-algorithm <algorithm> \
--listener <listener_name> \
--protocol <protocol>Specify:
-
Add the server to the target group:
openstack loadbalancer member create \
--subnet-id <subnet_uuid> \
--address <server_ip_address> \
--protocol-port <port> \
<pool_name>Specify:
<subnet_uuid>
— ID of the private or public subnet of the server, you can view it using theopenstack subnet list
<server_ip_address>
— the IP address of the server from the specified subnet;<port>
— port number;<pool_name>
is the name of the target group that you set in step 6.
-
Optional: Create availability check for the target group:
openstack loadbalancer healthmonitor create \
--delay <delay> \
--timeout <timeout> \
--max-retries <max_retries> \
--max-retries-down <max_retries_down> \
--type <type> \
--http-method <http_method> \
--url-path <url_path> \
--expected-codes <codes> \
<pool_name>Specify:
-
<delay>
— interval between checks in seconds; -
<timeout>
— response waiting time in seconds; -
<max_retries>
— the number of successful requests in a row, after which the server is put into operation; -
<max_retries_down>
— the number of unsuccessful requests in a row, after which the server operation is suspended; -
<type>
— verification type:HTTP
,PING
,TCP
,TLS_HELLO
,UDP_CONNECT
; -
HTTP request parameters, if the
HTTP
verification type is selected:--http-method <http_method>
— verification method:GET
,POST
,DELETE
,PUT
,HEAD
,OPTIONS
,PATCH
,CONNECT
,TRACE
;--url-path <url_path>
— request path without domain name;--expected-codes <codes>
— expected response codes separated by commas;
-
<pool_name>
is the name of the target group that you specified in step 6.
-
-
Create a rule, specify in it the protocol and the port for the load balancer:
openstack loadbalancer listener create \
--name <listener_name> \
--protocol <protocol> \
--protocol-port <port> \
<loadbalancer>Specify:
<listener_name>
is the name of the rule;<protocol>
— protocol name:TCP
,UDP
,HTTP
,TERMINATED_HTTPS
;<port>
is the port number.
-
If you specified HTTP or HTTPS protocol for the rule in step 9, create an HTTP policy in the rule:
openstack loadbalancer l7policy create \
--action <action> \
[--redirect-url <url> | --redirect-prefix <prefix_url> | --redirect-pool <pool> ]
--position <position> \
--name <policy_name> \
<listener>Specify:
-
<action>
— an action for balancing traffic:- `REDIRECT_TO_URL' — completely replace the request URL, including protocol, domain name, path and parameters;
REDIRECT_PREFIX
— replace the protocol and domain name in the request URL;- `REDIRECT_TO_POOL' — direct to the target group,
REJECT
— reject;
-
<policy_name>
is the name of the L7 policy; -
where to direct traffic:
--redirect-url <url>
— the full URL for redirection. Specify if theREDIRECT_TO_URL
action is selected;--redirect-prefix <prefix_url>
is the prefix of the URL to replace the protocol and domain in the request, for examplehttps://example.com
. Specify if theREDIRECT_PREFIX
action is selected;--redirect-pool <pool>
is the ID or name of the target group. Specify if theREDIRECT_TO_POOL
action is selected. The list can be viewed using the `openstack loadbalancer pool list'. If you don't have a target group yet, create one;
-
--position <position>
— the position of the policy in the rule. Specify if there are several policies with the same action in the rule, the policy with the position1
will be applied first of them; -
<listener>
is the ID or name of the rule. The list can be viewed using theopenstack loadbalancer listener list
-
-
Create a condition in the HTTP policy:
openstack loadbalancer l7rule create \
--compare-type <compare_type> \
--type <type> \
--value <value> \
<policy>Specify:
-
<compare_type>
— the type of match with the control value:EQUAL TO
— matches;STARTS WITH
— starts with;- `ENDS WITH' — ends with;
CONTAINS
— contains;REGEX
is a regular expression;
-
<type>
— parameter in the verification request:HOST_NAME
,PATH
,COOKIE
,FILE_TYPE
,HEADER
; -
<value>
— control value; -
<policy>
is the ID or name of the L7 policy that was created in step 2.
-
Use the instructions in the Terraform documentation: