Overview of the VPC Inline LB VM network service provider
4.9.0
CloudStack supports a default VPC Virtual Router provider for offering Public Load Balancing within Virtual Private Clouds (VPC’s).
In such deployments, the VPC Virtual Router is provisioned to actively load-balance public LB rules towards private real-server-VM’s deployed inside the Public Tier using the HA Proxy implementation of the VPC Virtual Router.
In SDN backed CloudStack deployments, this may not be the desired deployment, mostly because in SDN backed CloudStack deployments, the Virtual Router may not be present at all.
When deploying CloudStack with a SDN platform (e.g. Nuage Networks Virtualized Services Platform), all routing, DHCP/DNS services and security features may be realized by the SDN platform, typically realized in a distributed manner, without further relying on the Virtual Router VM (which is a centralized solution).
In order to generically support Public Load Balancing within SDN backed CloudStack deployments, a new Load Balancer Provider/Plugin is proposed : VPC Inline LB Provider. When this provider is selected for Public Load Balancing, the Load Balancing functionality is realized by an appliance VM (VPC Inline LB VM) which is deployed in the VPC Public Tier guest network itself (i.e. as a guest VM). This appliance by default is based on a VR appliance but which could be generalized to any type of appliance, which could be more lightweight than System VR template or reversely could be a commercial appliance. This flexibility is not implemented today but could be easily added when this plugin feature gets wider traction. The VPC Inline LB Provider provider takes care of orchestrating the deployment of the appliance and its provisioning upon the first public load balancer rule being configured with server vms, and similarly takes care of the resource clean-up upon the last public load balancer rule being unconfigured. As mentioned, unlike the VPC Virtual Router implementation case, in this case Load Balancer appliance is a guest VM inside the VPC Public tier, and no longer has a NIC in every single VPC tier.
The design and implementation of this new type of Public Load Balancing solution is generic and can be deployed with any VPC Network provider.
This is the functional specification for a new network plugin called ‘VPC Inline LB VM’
| Author | Description | Date |
|---|---|---|
| Nick Livens | Uploaded design document to CWiki | |
| Kris Sterckx | Added introduction | |
| Nick Livens | Initial draft of design document |
Create a VPC selecting a VPC offering with LB support
Add a Tier to the VPC, selecting a Network offering with Public LB support
Acquire a new Public IP for the VPC
Configure LB Rules on the public IP to load balance servers in the public tier.
We will introduce a new CloudStack network plugin “VpcInlineLbVm” which is based on the Internal LoadBalancer plugin and will implement Load Balancing by creating appliances based on the Router VM template (which defaults to the System VM template). Each appliance will have 2 nics, one for management, and one in the guest network. For each Public IP assigned to the VPC, an additional guest IP is allocated, and set as VIP (= secondary IP) on the appliance guest nic. We will further on refer to this plugin as VpcInlineLb.
LB appliance for each Public LB tier:
Apply LB rules:
Check if a LB Appliance exists
If not, deploy a new one.
During VM orchestrate start, VM Guru is called to finalize the VM profile, and the deployment, where it will setup the required nics. (link-local + guest).
Group rules by public IP, ignoring rules without destination VM’s
For each public IP:
Check if the Public IP-Guest VIP mapping exists for the LB Appliance.
This mapping will be defined as follows:
VpcInlineLoadBalancerMapping
Guest Nic will have secondary IP’s
Public IP will hold the exact Guest VIP in the vmIp field.
If not
allocate a (secondary) Guest IP (VIP) and save mapping
Configure appliance to listen on new VIP
Enable Static NAT (delegate to Network Plugin), passing the secondary IP as destination
Translate rules to use Guest VIP
Send the translated rules to the LB Agent, which will configure HAProxy.
Restart Network of LB Tier:
Shutdown (only in case of cleanup=True)
Destroy the LB Appliance in the network
Implement
If LB rules exist in the network:
Check if a LB Appliance exists for the public IP
| API | Parameters | Description |
|---|---|---|
| listVpcInlineLoadBalancerVMs | / | Lists all the VPC Inline LB VMs |
| startVpcInlineLoadBalancerVM | id : The UUID of the VPC Inline LB VM | Start a VPC Inline LB VM |
| stopVpcInlineLoadBalancerVM | id : The UUID of the VPC Inline LB VM | Stop a VPC Inline LB VM |
| configureVpcInlineLoadBalancerElement | id : The UUID of the VPC Inline LB element nspid : The UUID of the network service provider enabled : True to enable, false to disable | Configure the VPC Inline LB element |
| createVpcInlineLoadBalancerElement | nspid : The UUID of the network service provider | Create a VPC Inline LB element |
| listVpcInlineLoadBalancerElements | id : The UUID of the VPC Inline LB element nspid : The UUID of the network service provider enabled : True to list enabled, false to list disabled | List the configured VPC Inline LB elements |
Overview of the VPC Inline LB VM network service provider