2. Introduction
• Load Balancing can be enabled on T-1 Gateway in Active –
Standby Mode only
• This load balancing works at Layer 7 of OSI model
• Tier-0 Gateways may be set in Active/Active or
Active/Standby
• Health checkups can be configured to monitor the status of
the pool members
• SSL Offloading is supported i.e., HTTPS to HTTP.
2
3. Building Blocks
• Load Balancer
The NSX-T load balancer is running on a Tier-1 gateway.. Load balancers can only be attached to Tier-1 gateways (not Tier-0
gateways), and one Tier-1 gateway can only have one load balancer attached to it.
• Virtual Server
On a load balancer, the user can define one or more virtual server (the maximum number depends on the load balancer form
factor – See NSX-T Administrator Guide for load balancer scale information). As mentioned earlier, a virtual server is defined
by a VIP and a TCP/UDP port number, for example IP: 20.20.20.20 TCP port 80. A virtual server can have basic or advanced
load balancing options such as forward specific client requests to specific pools, or redirect them to external sites, or even
block them.
• Pool
A pool is a construct grouping servers hosting the same application. Grouping can be configured using server IP addresses or
for more flexibility using Groups. NSX-T provides advanced load balancing rules that allow a virtual server to forward traffic to
multiple pools.
• Monitor
A monitor defines how the load balancer tests application availability. Those tests can range from basic ICMP requests to
matching patterns in complex HTTPS queries. The health of the individual pool members is then validated according to a
simple check (server replied), or more advanced ones, like checking whether a web page response contains a specific string.
Monitors are specified by pools: a single pool can use only 1 monitor, but the same monitor can be used by different Pools
3
4. In-line load balancing
• In in-line load balancing mode, the clients and the pool servers are on different side of the load
balancer.
• Because the traffic between client and servers necessarily go through the load-balancer, there is
no need to perform any LB Source-NAT (Load Balancer Network Address Translation at virtual
server VIP).
• The in-line mode is the simplest load-balancer deployment model. Its main benefit is that the
pool members can directly identify the clients from the source IP address, which is passed
unchanged (step2).
4
5. One-arm load balancing-1
• In one-arm load balancing mode, both client traffic (client traffic to the load-balancer VIP) and
server traffic (load-balancer to server) use the same load balancer interface.
• In that case, LBSNAT will be used to make sure that the traffic from the servers back to the client
indeed go through the load-balancer.
Clients and servers on the same subnet
5
6. One-arm load balancing-2
• In one-arm load balancing mode, both client traffic (client traffic to the load-balancer VIP) and
server traffic (load-balancer to server) use different load balancer interface.
• In that case, LBSNAT will be used to make sure that the traffic from the servers back to the client
indeed go through the load-balancer.
• This design allows for better horizontal scale, as an individual segment can have its own dedicated
load-balancer service appliance(s). Because the load-balancer service has its dedicated appliance,
in East-West traffic for Segments behind different Tier-1 gateway (the blue Tier-1 gateway in the
below diagram) can still be distributed. The diagram above represented a Tier-1 One-Arm
attached to overlay segment.
Clients and servers on different subnet
6
7. Load Balancing Mechanism
• Round Robin
• Weight Round Robin
• Least Connection (RR)
• Weight Least Connection
• IP Hash
7
8. Load Balancing Mechanism
Weight Round Robin
• weighted round-robin load balancer, the network administrator assigns a numeric weight to all of
the servers behind the load balancer. The weights can be assigned based on factors such as the
server’s processing power or total bandwidth.
• A server, say ServerA, with the most processing power will be assigned the maximum weight. It
will also receive the maximum proportion of incoming requests from the load balancer.
• A server, say ServerB, with half the processing capacity compared to ServerA will be assigned a
weight that is half of the actual weight of ServerA. Additionally, it will receive the proportion of
incoming requests from the load balancer accordingly.
• A server, say ServerC, with the lowest specifications will be assigned the lowest weight, and it will
receive the minimum proportion of incoming requests from the load balancer.
8
9. Load Balancing Mechanism
Weight Least Connection
• Like weighted Round Robin, each server is given a numeric value. If two servers have equal
number of active connections, then server with higher weight will get next connection.
Note: weights are taken into consideration when active connections are same.
9
S1
S2
S3
Active Connection:7
Weight: 4
Active Connection:7
Weight: 5
Active Connection:9
Weight: 1
New Request
10. Load Balancing Mechanism
IP Hash
Algorithm combines source and destination IP address of the client and server to generate a unique
hash key. This key assign a server in the pool to a client.
This is useful if it is important that a client connects to a session that is still active after a
disconnection.
10
12. Technical Steps
• Step 1: Setup your Tier-1 Gateways
• Step 2: Setup your Tier-0 Gateways
• Step 3: Setup load Balancer Profile
• Step 4: Setup Monitor
• Step 5: Setup Server Pool
• Step 6: Setup Virtual Server
12
13. Step 1: Setup your Tier-1 Gateways
• Setup your Tier-1 Gateways and map them to Tier-0 Gateways
• Connect the Tier-1 to the Edge nodes
• Route Advertisement:
• Advertise All NAT IP Address
• Advertise LB VIP Routes
• Advertise LB SNAT IP Routes
13
23. Step 6: Setup Virtual Server
• Virtual Servers are of 3 types
• L4 TCP
• L4 UDP
• L7 HTTP
23
24. Step 6: Setup Virtual Server
• Layer 4 Virtual Server: TCP/UDP
Virtual servers receive all the client connections and distribute them among the servers. A virtual
server has an IP address, a port, and a protocol. For Layer 4 virtual servers, lists of ports ranges can
be specified instead of a single TCP or UDP port to support complex protocols with dynamic ports.
Ref: https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-73FA828B-F5D0-42B3-
A7E2-5B02A23BEA2A.html
• Layer 7 Virtual server: HTTP
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-0488EC53-
25B5-48CD-A486-2B06D9E52765.html
24
27. Question ?
Question: What are Application Profiles in Load Balancers ?
Answer: Use application profiles to enhance your control over managing network traffic and make
traffic-management tasks easier and more efficient. After configuring a profile, you associate the profile
with a virtual server. The virtual server then processes traffic according to the values specified in the profile.
• Create a TCP or UDP Application Profile
To create an application profile that balances either TCP or UDP traffic type, specify the name and the type
of persistence in the profile.
• Create an HTTP Application Profile
To create an application profile that balances the HTTP traffic type, specify the name, HTTP redirect URL, and
the type of persistence in the profile. Optionally, you can also choose to insert the X-forwarded-for-HTTP
header.
• Create an HTTPS Application Profile
You can create an HTTPS application profile for three HTTPS traffic types: SSL passthrough, HTTPS offloading,
and HTTPS end-to-end. The workflow for creating the application profile varies for each HTTPS traffic type.
27