NSX Load Balancers

The NSX Edge load balancer enables high-availability service and distributes the network traffic load among multiple servers. It distributes incoming service requests evenly among multiple servers in such a way that the load distribution is transparent to users. Load balancing thus helps in achieving optimal resource utilization, maximizing throughput, minimizing response time, and avoiding overload. NSX Edge provides load balancing up to Layer 7.

You map an external, or public, IP address to a set of internal servers for load balancing. The load balancer accepts TCP, UDP, HTTP, or HTTPS requests on the external IP address and decides which internal server to use. Port 80 is the default port for HTTP and port 443 is the default port for HTTPs.

Before you begin

• You must have a working NSX Edge instance before you can configure load balancing. For information on setting up NSX Edge, see NSX Edge Configuration or vCloud Director Edge Gateways.  
• For information on configuring an NSX Edge certificate, see Certificate Authentication.
• Select the layer of load balancing (L7 or L4) by clicking on the Type selection icon in the top right corner of the screen.
• Select the level of logging from the Log level drop-box in the top right corner of the screen. Note that Emergency is the least detailed level of logging, and Debug is the most detailed level of logging.

Add Application Profiles

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Application Profiles tab.
3. Click the "+" button on  the top of the page.
4. On the page that appears specify the following parameters:
   
   • Name - enter the name of the application profile

   • Type - select the type of traffic (TCP, HTTP, HTTPS or UDP). Depending on the type of traffic, specify the following parameters:
     

      Click to view the list of parameters

     For TCP or UDP

     • Persistence - select the persistence type (Source IP, MSRDP or none)
     • Expires - enter the persistence expiration time in seconds. The default value is 60 seconds.

     For HTTP

     • Persistence - select the persistence type (Source IP, Cookie or none)
     • HTTP Redirect URL - enter the URL to which you want to redirect the HTTP traffic
     • Mode - if you selected the Cookie persistence type, select the mode of inserting the cookie (insert, prefix or App session)
     • Cookie name - if you selected the Cookie persistence type, enter the cookie name
     • Expires - enter the persistence expiration time in seconds. The default value is 60 seconds.
     • Insert X-Forwarded-For HTTP header - move the slider to the right to identify the originating IP address of a client connecting to a Web server through the load balancer

     For HTTPS

     • Enable SSL Passthrough - move the slider to the right to enable SSL passthrough
     • HTTP Redirect URL - enter the URL to which you want to redirect the HTTP traffic 
     • Persistence - select the persistence type (Source IP, Cookie or none) 
     • Mode - if you selected the Cookie persistence type, select the mode of inserting the cookie (insert, prefix or App session) 
     • Cookie name - if you selected the Cookie persistence type, enter the cookie name
     • Expires - enter the persistence expiration time in seconds. The default value is 60 seconds.
     • Enable pool side SSL - move the slider to the right to enable the HTTPS communication between the load balancer and the back-end servers
     • Insert X-Forwarded-For HTTP header - move the slider to the right to identify the originating IP address of a client connecting to a Web server through the load balancer
     • Cipher - enter a cipher algorithm
     • Client Auth - select whether to ignore or accept client authentication 
     • Virtual server certificates - select server certificates, CA certificates and CRLs certificates to authenticate the load balancer from the server side
5. Click the Save button.

Edit Application Profiles

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Application Profiles tab.
3. Click the icon next to the application profile you want to edit.
4. On the page that loads, edit the following parameters:
   • Name - enter the name of the application profile

   • Type - select the type of traffic (TCP, HTTP, HTTPS or UDP). Depending on the type of traffic, specify the following parameters:

      Click to view the list of parameters

     For TCP or UDP

     • Persistence - select the persistence type (Source IP, MSRDP or none)
     • Expires - enter the persistence expiration time in seconds. The default value is 60 seconds.

     For HTTP

     • Persistence - select the persistence type (Source IP, Cookie or none)
     • HTTP Redirect URL - enter the URL to which you want to redirect the HTTP traffic
     • Mode - if you selected the Cookie persistence type, select the mode of inserting the cookie (insert, prefix or App session)
     • Cookie name - if you selected the Cookie persistence type, enter the cookie name
     • Expires - enter the persistence expiration time in seconds. The default value is 60 seconds.
     • Insert X-Forwarded-For HTTP header - move the slider to the right to identify the originating IP address of a client connecting to a Web server through the load balancer

     For HTTPS

     • Enable SSL Passthrough - move the slider to the right to enable SSL passthrough
     • HTTP Redirect URL - enter the URL to which you want to redirect the HTTP traffic 
     • Persistence - select the persistence type (Source IP, Cookie or none) 
     • Mode - if you selected the Cookie persistence type, select the mode of inserting the cookie (insert, prefix or App session) 
     • Cookie name - if you selected the Cookie persistence type, enter the cookie name
     • Expires - enter the persistence expiration time in seconds. The default value is 60 seconds.
     • Enable pool side SSL - move the slider to the right to enable the HTTPS communication between the load balancer and the back-end servers
     • Insert X-Forwarded-For HTTP header - move the slider to the right to identify the originating IP address of a client connecting to a Web server through the load balancer
     • Cipher - enter a cipher algorithm
     • Client Auth - select whether to ignore or accept client authentication 
     • Virtual server certificates - select server certificates, CA certificates and CRLs certificates to authenticate the load balancer from the server side
5. Click the Save button.

Add Service Monitors

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Service Monitoring tab.
3. Click the "+" button on  the top of the page.
4. On the page that appears specify the following parameters:
   • Name - enter a name for the service monitor
   • Interval - enter the interval in seconds in which a server is to be tested
   • Timeout - the maximum time in seconds within which a response from the server must be received
   • Max retries - enter the number of times the server is tested before it is declared DOWN
   • Method - select the method to detect server status from the drop-down menu: GET, OPTIONS, or POST.r (GET, OPTIONS or POST)
   • URL -  Enter the URL to GET or POST ("/" by default).
   • Expected - Enter the string that the monitor expects to match in the status line of HTTP response in the Expected section. This is a comma-separated list.
     For example, 200,301,302,401.
   • Send - enter the string sent to the back-end server after a connection is established. The maximum permitted string length is 256 characters.
   • Receive - enter the string to be matched. This string can be a header or in the body of the response. When the received string matches this definition, the server is considered UP.
   • Extension - enter advanced monitor parameters as key=value pairs in the Extension section
5. Click the Save button.

Edit Service Monitors

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Service Monitoring tab.
3. Click the icon next to the service monitor you want to edit.
4. On the page that loads, edit the following parameters:
   • Name - enter a name for the service monitor
   • Interval - enter the interval in seconds in which a server is to be tested
   • Timeout - the maximum time in seconds within which a response from the server must be received
   • Max retries - enter the number of times the server is tested before it is declared DOWN
   • Method - select the method to detect server status from the drop-down menu: GET, OPTIONS, or POST.r (GET, OPTIONS or POST)
   • URL - enter the string that the monitor expects to match in the status line of HTTP response in the Expected section. This is a comma-separated list.
   • For example, 200,301,302,401.
   • Expected - enter the string that the monitor expects to match in the status line of HTTP response in the Expected section. This is a comma-separated list. For example, 200,301,302,401.
   • Send - enter the string sent to the back-end server after a connection is established. The maximum permitted string length is 256 characters.
   • Receive - enter the string to be matched. This string can be a header or in the body of the response. When the received string matches this definition, the server is considered UP.
   • Extension - enter advanced monitor parameters as key=value pairs in the Extension section
5. Click the Save button.

Add Server Pools

To add server pools to manage load balancer distribution:

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Pools tab.
3. Click the "+" button on  the top of the page.
4. On the page that appears specify the following parameters:
   • Name - enter a name of the server pool
   • Description - additional description if any
   • Monitor - select an existing default or custom monitor from the Monitors drop-down menu
   • Transparent - move the slider to the right to make client IP addresses visible to the back-end servers
   • Members - enter the name and IP address of the server member 
     • Weight - enter the proportion of traffic this member can handle 
     • Monitor port - enter the monitor port where the member is to receive health monitor pings
     • Port - enter the port where the member is to receive traffic
     • Min Conn. - enter the minimum number of concurrent connections that a member must always accept
     • Max Conn. - enter the maximum number of concurrent connections that the member can handle. If the incoming requests go higher than the maximum, they are queued and wait for a connection to be released.
5. Click the Save button.

Edit Server Pools

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Pools tab.
3. Click the icon next to the service monitor you want to edit.
4. On the page that loads, edit the following parameters:
   • Name - enter a name of the server pool
   • Description - additional description if any
   • Monitor - select an existing default or custom monitor from the Monitors drop-down menu
   • Transparent - move the slider to the right to make client IP addresses visible to the back-end servers
   • Members - enter the name and IP address of the server member 
     • Weight - enter the proportion of traffic this member can handle 
     • Monitor port - enter the monitor port where the member is to receive health monitor pings
     • Port - enter the port where the member is to receive traffic
     • Min Conn. - enter the minimum number of concurrent connections that a member must always accept
     • Max Conn. - enter the maximum number of concurrent connections that the member can handle. If the incoming requests go higher than the maximum, they are queued and wait for a connection to be released.
5.  Click the Save button.

Add Application Rules

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Application Rules tab.
3. Click the "+" button on the top of the page.
4. On the page that appears specify the following parameters:
   • Name - enter a name for an application rule
   • Script - Type the name and script for the rule. For information about the application rule syntax, see http://cbonte.github.io/haproxy-dconv/.
5. Click the Save button.

Edit Application Rules

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Application Rules tab.
3. Click the icon next to the service monitor you want to edit.
4. On the page that loads, edit the following parameters:
   • Name - enter a name for an application rule
   • Script - type the name and script for the rule. For information about the application rule syntax, see http://cbonte.github.io/haproxy-dconv/.
5. Click the Save button.

Add Virtual Servers 

To add an NSX Edge internal or uplink interface as a virtual server:

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Virtual Servers tab.
3. On the page that appears you will see the list of virtual servers together with their details:
   • Name - enter a name of a virtual server
   • Application profile - select application profile associated with this VS from the drop-down menu
   • Enable virtual server - move the slider to the right to make this virtual server available for use
   • Enable acceleration - move the slider to the right to enable acceleration for the load balancer to use the faster L4 load balancer engine rather than L7 load balancer engine
   • Description - add description if any
   • IP Address - enter an IP address that the load balancer is listening on
   • Protocol - select the protocol that the virtual server handles
   • Port - enter the port number that the load balancer listens on
   • Default pool - select the default VSs pool
   • Conn limit - enter the maximum concurrent connections that the virtual server can process
   • Conn rate limit - enter the maximum incoming new connection requests per second section
   • Selected rules - add the application rule to associate it with the virtual server
4. Click the Save button.

Edit Virtual Servers

1. Go to your Control Panel > vCloud > Edge Gateways > Edge gateway's label > Load Balancers tab.
2. Select Virtual Servers tab.
3. On the page that appears, edit the following parameters:
   • Name - enter a name of a virtual server
   • Application profile - select application profile associated with this VS from the drop-down menu
   • Enable virtual server - move the slider to the right to make this virtual server available for use
   • Enable acceleration - move the slider to the right to enable acceleration for the load balancer to use the faster L4 load balancer engine rather than L7 load balancer engine
   • Description - add description if any
   • IP Address - enter an IP address that the load balancer is listening on
   • Protocol - select the protocol that the virtual server handles
   • Port - enter the port number that the load balancer listens on
   • Default pool - select the default VSs pool
   • Conn limit - enter the maximum concurrent connections that the virtual server can process
   • Conn rate limit - enter the maximum incoming new connection requests per second section
   • Selected rules - add the application rule to associate it with the virtual server
4. Click the Save button.