[openstack-dev] [Neutron] [LBaaS] Packet flow between instances using a load balancer

Maish Saidel-Keesing maishsk+openstack at maishsk.com
Thu Sep 11 10:33:04 UTC 2014


I am trying to find out how traffic currently flows went sent to an
instance through a LB.

Say I have the following scenario:


RHA1 --------  LB_A ----------> >-> LB_B -----------  RHB1
               |                                                  |
RHA2 ---|                                                  |---------   RHB2


A packet is sent from RHA1 to LB_B (with a final destination of course
being either RHB1 or RHB2)

I have a few questions about the flow.

1. When the packet is received by RHB1 - what is the source and
destination address?
     Is the source RHA1 or LB_B?
     Is the destination LB_B or RHB_1?
2. When is the packet modified (if it is)? And how?
3. Traffic in the opposite direction. RHB1 -> RHA1. What is the path
that will be taken?

The catalyst of this question was how to control traffic that is coming
into instances through a LoadBalancer with security groups. At the
moment you can either define a source IP/range or a security group.
There is no way to add a LB to a security group (at least not that I
know of).

If the source IP that the packet is identified with - is the Load
balancer (and I suspect it is) then there is no way to enforce the
traffic flow.

How would you all deal with this scenario and controlling the traffic flow?

Any help / thoughts is appreciated!

-- 
Maish Saidel-Keesing




More information about the OpenStack-dev mailing list