LBaaS
Overview
LBaaS (Load Balancer as a Service) is provided by NSX Advance Load Balancer (NSX ALB) solution from VMware. The implementation is performed at the T1 edge gateway level with a vDC or a data center group (i.e group of multiple VDC) if they are connected to the same T1 edge gateway in the same AZ.
T1 edge gateway to which customer networks with workloads are connected with in vDC are enabled with capability of load balancing services for customer workloads e.g. web servers.
Customers can create/manage load balancer configuration from within tenant user interface (VCD).
Mutualized and Dedicated Advanced Load Balancer
Load balancer services which are available for customers in CAV Mutualized are:
LBaaS type | Configuration requirement | Default Service Class quota | Load balancer Engine Resiliency |
Mutualized | T0 VRF Premium | 20 VIP | Active / Standby
Active / Active |
Dedicated | T0 VRF Premium | 200 VIP | Active / Standby
Active / Active |
Load balancer services which are available for customers in CAV private is:
LBaaS type | Configuration requirement | Default Service Class quota | Load balancer Engine Resiliency |
Dedicated | T0 Dedicated Medium | Based on Service engine service unit requested | Active / Standby
Active / Active |
Configuration parameters | IaaS with vDC | IaaS with vCoD | |
Application type | HTTP | ▲ | ▲ |
HTTPS | ▲ | ▲ | |
L4 TCP | ▲ | ▲ | |
L4 UDP | ▲ | ▲ | |
L4 TLS | ▲ | ▲ | |
Load balancing algorithm | Least Connections | ▲ | ▲ |
Round Robin | ▲ | ▲ | |
Consistent Hash | ▲ | ▲ | |
Fastest Response | ▲ | ▲ | |
Least Load | ▲ | ▲ | |
Fewest Servers | ▲ | ▲ | |
Random | ▲ | ▲ | |
Fewest Tasks | ▲ | ▲ | |
Core Affinity | ▲ | ▲ | |
Pool persistence | Client IP | ▲ | ▲ |
HTTP Cookie | ▲ | ▲ | |
Custom HTTP Header | ▲ | ▲ | |
Application Cookie | ▲ | ▲ | |
TLS | ▲ | ▲ | |
Active health monitor | HTTP | ▲ | ▲ |
HTTPS | ▲ | ▲ | |
TCP | ▲ | ▲ | |
UDP | ▲ | ▲ | |
PING | ▲ | ▲ | |
Analytics | Dashboard | ▲ | ▲ |
Advance Features | HTTP Policy | ▲ | ▲ |
WAF | ▲ | ▲ |
Customer looking for preserve client IP feature need to intimate about their need. Preserve client IP feature is only available with Active / Standby resiliency of load balancer. Using Preserve client feature, the source IP address of the original client is preserved for packets that arrive at the load balancer.
Load Balancer Configurations
General Load Balancer Schema
|
|
External & Internal Load balancer
In this example Pool 1 is running an application which is external facing. Pool 1 servers are accessing Pool 2 which is running an internal facing application
|
Upgrade
IaaS with vDC: Virtual Service Count
Customer with requirement to have capability to create load balancers more than what is allocated as default when service is requested are provided with option to request additional virtual service pack
Changing ALB from Mutualised to Dedicated involves a disruptive procedure. Customer will have to cleanup all its load balancer configuration
IaaS with vCoD: Service Unit (core) Count
Customer can request upgrade for load balancer engine i.e service engine core (vCPU) count. By default customer load balancer engine is provisioned with core count requested by customer in their purchase order.
User Interface options
CAV Mutualized | Customer of CAV mutualized by default gets cloud director tenant portal as self service interface to create/manage virtual services with associated advance features like HTTP Policy, WAF |
CAV Private | Customer of CAV private depending upon options selected by them e.g. optional cloud director self service to manage their CAV private infra or not will determine types of interface availablity for customer.
|
Advance Feature Description
HTTP Policy | Virtual service HTTP policies allows to control security, client request attributes, and application response attributes.
A virtual service policy consists of match criteria and actions that function similarly to an
|
Web Application Firewall (WAF) | Web Application Firewall (WAF) can be enabled for a virtual service. Two WAF modes are available:
The WAF policy evaluates and processes the incoming request, but does not perform a blocking action. A log entry is created when the request is flagged.
The WAF policy evaluates the request and blocks the request based on the specified rules. The corresponding log entry is marked as REJECTED |