LBaaS on Public Cloud

Full featured Load Balancer as a Service for all Public Cloud users.

Last year, OVHCloud Public Cloud solution introduced its new LBaaS product for its Managed Kubernetes Service users, allowing them to manage their LBaaS directly through Kubernetes tools.

OVHCloud Public Cloud solution will now offer LBaaS for all its user base, in beta phase. LBaaS comes in multiple sizes to accommodate different usage and performance levels. LBaaS provides typical cloud features such as instant creation and update, high availability, and interface to cloud native platforms.

This beta will let you test the following product :

  • Octavia Load Balancer : use off-the-shelf Octavia load balancer and control your LBaaS using Openstack environment (API, CLI, or UI).

Other loadbalancer products will be rolled out progressively, addressing customers more familiar with OVHcloud environment (APIv6, OVHcloud UI)

Features :

  • TCP & HTTP level load balancing
  • Scaling : scale your LBaaS to adapt to your current needs. Three sizes are available, each providing a specific performance level (see table below).
  • Floating IP support
  • Private network support : balance the load of your traffic to servers attached to your private network (vRack)
  • TLS support : secure your service by enabling TLS on your LBaaS.
  • Statistics (GA only) : Keep an eye on your LBaaS metrics (Load Balancer status, throughput, req/s, target node status...)
  • Simplified management with well-documented API (Openstack Octavia API)
  • New UI (GA only): use OVHcloud UI or Openstack Horizon UI to easily manage your LBaaS.

This is a free beta. Public Cloud contractual conditions do not apply to this beta. This product should be only used for testing and not used in production.

After the beta, any active LBaaS will be charged, according to its respective contractual price. Beta users will be informed 1 month before General Availability.

Please give us feedback through the following channel :


  • User *must not* use network on his private network for any of his services. This will be fixed in the GA.
  • Rate limiting is off for the moment, so performance can be higher than what is announced below. Rate limiting will be rolled out shortly after the start of the beta.
  • User cannot change LB size dynamically. As a workaround, the user must create a new LB and then move its configuration from the old LB to the new LB. Dynamic scaling will be added later.


Octavia Load Balancer size

250 req/s - 100 Mbit/s (UP/DOWN)  -

10k maximum concurrent connections**

Free during the Beta

500 req/s - 200 Mbit/s (UP/DOWN)  -

20k maximum concurrent connections**

Free during the Beta

1000 req/s - 500 Mbit/s (UP/DOWN)  -

40k maximum concurrent connections**

Free during the Beta

* Prices might change after beta

** Capacity might change during beta


How to instantiate an Octavia LBaaS (Openstack CLI)

First, you have to open GRA9 region in your customer service portal :

Go to your project page, section Quotas & Regions. Click on the 'Regions' tab, and add "Gravelines (GRA9)" in the following section :

Manager view

If not already done, create you Openstack CLI environnement :

HOW-TO available here.

Important : OS_REGION_NAME environment variable must include "GRA9" region.

Configure you private network*:

- Create a private network and subnet. If you haven't attached your Public Cloud project to the appropriate vRack you need to go to the vRack section of the portal and add your project to the vRack.

openstack network create my_network

openstack subnet create my_subnet --subnet-range <my_private_ip_range/mask> --network my_network --no-dhcp

openstack router create my_router

openstack router add subnet my_router my_subnet

openstack router set --external-gateway Ext-Net my_router

IMPORTANT : The private network must be, at least, deployed on GRA9. The private subnet should not be in the following range (it shall be fixed before GA)

- Attach your instances to this subnet, as explained here.

- Display the assigned private IP addresses of your instances :

nova list

- Configure your private interfaces on your instances, using private IP addresses you got from previous command.

Create a LB : 

- List available loadbalancer flavors :

openstack loadbalancer flavor list

- Create your loadbalancer using this newly created subnet (here we use a "Small" flavor) :

openstack loadbalancer create --name my_lb --flavor small --vip-subnet-id my_subnet

The newly created LB will have a private IP address assigned on his private subnet. If your LB needs to be reachable via a public IP address, you will have to assign a floating IP to its VIP port (see below).

Create a Floating IP* :

openstack floating ip create Ext-Net
openstack floating ip set --port <my_lb_vip_port_id> <floating_ip>

Configure a LB :

For TCP (Network) Loadbalancing :

openstack loadbalancer listener create --name my_listener --protocol TCP --protocol-port <my_port> my_lb

For HTTP (Application) Loadbalancing :

openstack loadbalancer listener create --name my_listener --protocol HTTP --protocol-port <my_port> my_lb

For HTTPS Loadbalancing :

You need a valid certificate and CA. 

You can also use a self-signed certificate for testing  :

- Generate private key

openssl genrsa -out private.key

- Generate a Certificate Signing Request (CSR) - TIP : Use the load balancer VIP address as a FQDN during the certificate generation

openssl req -new -key private.key -out server.csr

- Generate a Self-Signed SSL Certificate

openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.crt

- Combine the individual certificate, key, and intermediate certificate to a single PKCS12 file.

openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12

- Create a secret in Barbican

openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"

- Create listener

openstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name my_listener --default-tls-container=$(openstack secret list | awk '/ tls_secret1 / {print $2}') my_lb

Create pools  :

openstack loadbalancer pool create --name my_pool --lb-algorithm ROUND_ROBIN --listener my_listener --protocol HTTP
openstack loadbalancer member create --subnet-id my_subnet --address <my_host_priv_ip1> --protocol-port <my_port> my_pool
openstack loadbalancer member create --subnet-id my_subnet --address <my_host-priv_ip2> --protocol-port <my_port> my_pool

Enjoy !!!




OVHcloud documentation will be progressively published here :


Full Documentation of Octavia Loadbalancer is available on Openstack project page :

* Floating IP and Router are also beta services. A dedicated beta program will be launched for those products later on.


What are the prices for LBaaS ?

This is a free beta. After the beta, any active LBaaS will be charged, according to its respective contractual price. Beta users will be informed 1 month before General Availability.

Can I expect high availabilty on those resources?

The high availability of LBaaS will be tested during this beta phase, hence we do not provide any guarantee in the beta phase. After GA, we expect to provide a 99,99% availability rate, under SLA.


  • BETA
  • GA