[openstack-dev] [Neutron] [LBaaS] Packet flow between instances using a load balancer
Maish Saidel-Keesing
maishsk+openstack at maishsk.com
Thu Sep 11 10:33:04 UTC 2014
I am trying to find out how traffic currently flows went sent to an
instance through a LB.
Say I have the following scenario:
RHA1 -------- LB_A ----------> >-> LB_B ----------- RHB1
| |
RHA2 ---| |--------- RHB2
A packet is sent from RHA1 to LB_B (with a final destination of course
being either RHB1 or RHB2)
I have a few questions about the flow.
1. When the packet is received by RHB1 - what is the source and
destination address?
Is the source RHA1 or LB_B?
Is the destination LB_B or RHB_1?
2. When is the packet modified (if it is)? And how?
3. Traffic in the opposite direction. RHB1 -> RHA1. What is the path
that will be taken?
The catalyst of this question was how to control traffic that is coming
into instances through a LoadBalancer with security groups. At the
moment you can either define a source IP/range or a security group.
There is no way to add a LB to a security group (at least not that I
know of).
If the source IP that the packet is identified with - is the Load
balancer (and I suspect it is) then there is no way to enforce the
traffic flow.
How would you all deal with this scenario and controlling the traffic flow?
Any help / thoughts is appreciated!
--
Maish Saidel-Keesing
More information about the OpenStack-dev
mailing list