You can configure LBaaS using the Create a Load Balancer wizard on the VMware Integrated OpenStack dashboard.

LBaaS listeners can use HTTP, TCP, or terminated HTTPS. Terminated HTTPS listeners terminate TLS for incoming connections, and the TLS certificates and keys for these listeners are stored in Barbican. If you want to create terminated HTTPS listeners, contact your cloud administrator to determine whether you must configure the ACL to grant the barbican user access to the secrets for your project.


  • Create a public subnet and router on your network. For an NSX Data Center for vSphere deployment, the router type must be exclusive.
    Note: You can create the load balancer on a tenant subnet, but you must assign it a floating IP address.
  • Configure at least one client and at least two server instances.


  1. If you want to create terminated HTTPS listeners and need to configure the ACL, grant the barbican user access to your certificates, keys, and TLS containers.
    1. Log in to the OpenStack Management Server as viouser.
    2. Load the credentials file for your user account.
      source user-credentials.rc
    3. Configure the ACL.
      openstack acl user add -u barbican-uuid object-name

      Run this command one time for each certificate, key, and container in your project.

      You can run the openstack user list command to find the UUID of the barbican user. You can run the openstack secret list command to find certificate, key, and container names.

  2. Log in to the VMware Integrated OpenStack dashboard.
  3. Select your project from the drop-down menu in the title bar.
  4. Select Project > Network > Load Balancers and click Create Load Balancer.
  5. Specify the name, description, IP address, and subnet and click Next.
    Only members of this subnet can be added to the LBaaS pool.
  6. Create a listener for the new load balancer and click Next.
    If you select TERMINATED_HTTPS as the protocol, you must also provide the ID of the TLS container.
  7. If you selected the TERMINATED_HTTPS protocol, specify one or more certificates for the listener and click Next.
  8. Specify the name, description, and load balancing method for your LBaaS pool and click Next.
    Supported load balancing methods are described as follows:
    Method Description

    New client requests are sent to the server with the fewest connections.


    Each server is used in turn according to the weight assigned to it.


    All connections that originate from the same source IP address are handled by the same member of the pool.

  9. Select the server and client instances to add to the load balancer pool and click Next.
  10. Specify parameters for the health monitor and click Next.
    Parameter Description
    Monitor type

    Specify HTTP, PING, or TCP.


    Enter the time in seconds between sending probes to members.


    Enter the number of connection failures allowed before changing the member status to INACTIVE.


    Enter the time in seconds that a monitor will wait for a connection to be established before it times out.

    The timeout value must be less than the interval value.

    If you select HTTP, you must also configure the HTTP method, expected status code, and URL.
  11. Click Create Load Balancer.
  12. If you created the load balancer on a tenant subnet, associate a floating IP address with the load balancer.
    1. Click the down arrow to the right of the load balancer and select Associate Floating IP.
    2. Select a floating IP address or pool and click Associate.
  13. (Optional) Send test requests to validate your LBaaS configuration.
    1. Log in to the OpenStack Management Server as viouser.
    2. Create a test index.html file.
    3. In the same directory, start a web server.
      sudo python -m SimpleHTTPServer 80
    4. Log in to the client instance.
    5. Run the wget command to view whether your requests are being correctly load-balanced across the servers in the pool.
       wget -O - http://mgmt-server-ip

What to do next

You can open the load balancer and click Create Listener to add listeners to it.