Load Balancer Monitoring

Overview

Monitoring the load balancing infrastructure ensures production traffic is not impacted by appliance degradation, certificate expiry, or capacity saturation. This guide covers appliance health checks, traffic statistics, and manual failover procedures.

Administrator Access Required — This operation requires the admin role. Contact your Xloud administrator if you do not have sufficient permissions.

Appliance Health

List all appliances with health status

openstack loadbalancer amphora list

Key status fields to monitor:

Field	Healthy Value	Description
`status`	`ALLOCATED`	Appliance is assigned to a load balancer
`lb_network_ip`	Non-empty	Management plane connectivity established
`cert_expiration`	Future date	Appliance TLS certificate validity
`compute_id`	Non-empty	Backing compute instance exists

Show detailed appliance information

openstack loadbalancer amphora show <amphora-id>

Traffic Statistics

Load balancer statistics
Listener statistics

Show load balancer statistics

openstack loadbalancer stats show <lb-name>

Statistic	Description
`active_connections`	Current open connections to the load balancer
`bytes_in`	Total bytes received from clients
`bytes_out`	Total bytes sent to clients
`request_errors`	Failed requests — useful for detecting upstream issues
`total_connections`	Lifetime connection count

Show per-listener statistics

openstack loadbalancer listener stats show <listener-name>

Listener statistics provide granular visibility when a load balancer has multiple listeners on different protocols or ports.

Certificate Expiration Monitoring

Appliances use TLS certificates for controller-to-appliance management communication. Monitor expiration to prevent management plane failures:

Check certificate expiration on all appliances

openstack loadbalancer amphora list \
  -c id -c cert_expiration -c status \
  --sort-column cert_expiration

Appliances with expired certificates cannot receive configuration updates from the controller. If an appliance certificate expires, trigger a failover to rotate the certificate:

Rotate appliance certificate via failover

openstack loadbalancer amphora failover <amphora-id>

Manual Failover

Trigger a manual failover to replace a degraded or expired appliance:

Failover an appliance

openstack loadbalancer amphora failover <amphora-id>

Failover causes brief service interruption (typically under 30 seconds for ACTIVE_STANDBY topologies) while the replacement appliance is provisioned and configuration is replicated.

Monitor failover progress:

Monitor load balancer provisioning status during failover

watch -n 5 "openstack loadbalancer show <lb-name> -c provisioning_status"

Prometheus Integration

Xloud Load Balancer exposes metrics via the Octavia Prometheus exporter when configured. Key metrics to alert on:

Metric	Alert Threshold	Description
`octavia_loadbalancer_status`	!= 1	Load balancer not ACTIVE
`octavia_member_status`	!= 1	Member not ONLINE
`octavia_amphora_cert_expiry_days`	< 30	Appliance certificate expiring soon

Next Steps

Security

Configure TLS certificate lifecycle management and management plane access controls.

Admin Troubleshooting

Use monitoring data to diagnose and resolve platform-level failures.

Flavor Profiles

Upgrade appliance capacity when statistics show saturation.

Architecture

Understand the relationship between appliances and the management plane.

Core Services

Other Services

Load Balancer Monitoring

Overview

Appliance Health

Traffic Statistics

Certificate Expiration Monitoring

Manual Failover

Prometheus Integration

Next Steps

Security

Admin Troubleshooting

Flavor Profiles

Architecture

Core Services

Other Services

​Overview

​Appliance Health

​Traffic Statistics

​Certificate Expiration Monitoring

​Manual Failover

​Prometheus Integration

​Next Steps

Security

Admin Troubleshooting

Flavor Profiles

Architecture

Overview

Appliance Health

Traffic Statistics

Certificate Expiration Monitoring

Manual Failover

Prometheus Integration

Next Steps