[Openstack] Load balancer questions

Robert van Leeuwen Robert.vanLeeuwen at spilgames.com
Mon Sep 29 06:50:27 UTC 2014


> 1. Assuming layer 7 is what would be used for openstack services like
> keystone and Swift, not layer 4? I saw a layer 4 in front of a layer 7
> in one of the diagrams, didnt really understand why that was needed.
Did not make that drawing ;) 
I see no reason why it would be mandatory.

> 2. Do typical installations use SSL termination within the load
> balancer and then normal http sessions beyond that to, say the proxy
> for Swift or keystone?
Not sure about typical, but we do ;)
There are lots of upsides to terminating SSL at a Loadbalancer.
Make sure the network after the Loadbalancer is secure though.
Since Keystone traffic contains passwords you might consider doing SSL between the LB and Keystone.

> 3. Is round robin at layer 7 is what is used?
We do.

> 4. This might be another stupid question, minus Horizon, you dont
> really need the load balancer to do cookies or sessions or any
> stickiness? For all else, it would just be load balancing round robin?
Indeed.

> With horizon, for the specific session, it would need to go to the
> same endpoint in the back end?
Yes, we insert cookies for Horizon to make sure people keep ending up at the same horizon instance.

> 5. Is anyone using geo-DNS or a global load balancer for Swift multi site?
We do not have Swift multi site but use CDNs for getting good global performance.
Depending on the setup and access paterns you might want to consider adding a caching layer or CDN so fewer gets go to Swift.
We run a varnish cluster in front of Swift...

Cheers,
Robert



More information about the Openstack mailing list