Load Balancing VMware Cloud Director with NSX-T

manish_jha86

Recently, I tested NSX-T 3.1 integration with VCD 10.2 in my lab and blogged about it. It was a simple single-node deployment, as I was testing the integration. Later, I scaled my lab to 3 nodes and also used the NSX-T load balancer feature to test the load balancing of VCD cells.

To use the NSX-T load balancer, we can deploy VCD cells in 2 different ways:

  • Deploy VCD cells on overlay segments connected to the Tier-1 gateway and configure LB straight away (easy method).
  • Deploy VCD cells on a VLAN-backed port group and load balance them via a dedicated Tier-1 gateway.

In this post, I will demonstrate the second method. Before jumping into the lab, let me show you what is already there in my infrastructure.

In my lab, NSX-T follows the VDS + NVDS architecture. The management SDDC, where VCD cells are deployed, has a VDS named ‘Cloud-VDS,’ and I have a dedicated distributed portgroup named ‘VCD-Mgmt’ which is backed by VLAN 1800, and all my VCD cells are connected to this portgroup. 

The VCD database cluster is healthy, and the HA status is up.

Now it’s time to jump into the lab and configure the NSX-T side of things.

Create a VLAN-backed Logical Segment

  • Create a new segment and don’t attach it to any gateway.
  • Place the segment in the transport zone where only edge nodes are connected. 
  • The VLAN ID for this segment will be the same as configured for the VDS port group where VCD cells are connected. 

Create T1 Gateway

We can use the existing T1 gateway for VCD load balancing, but I have chosen to deploy a new T1 gateway dedicatedly to VCD. This T1 gateway must be instantiated on the Edge Cluster, as we will be configuring a load balancer, which is a stateful service. 

Note: Don’t attach this T1 gateway to the T0 gateway. The T1 gateway will operate in standalone mode.

Add Tier-1 Service Interface

The VLAN-backed segment that we created in step-1 needs to be attached as a service interface on the T1 gateway. Edit the T1 gateway, expand Service Interfaces, and click on Set.

Click on Add Interface and map the interface to the logical segment. The IP address of this interface will be from the VLAN dedicated to VCD.

Add a Static Route on the T1 Gateway

Add a default static route with the next hop pointing to the default gateway of the VCD VLAN (1800 in my case) on the physical router.

Once the T1 gateway is configured, verify that the T1 service interface is reachable via a physical network.

Import VCD SSL certs in NSX-T

Import the VCD public certificate in the NSX-T Manager by navigating to System > Settings > Certificates > Import Certificate

Provide the name, full certificate chain, and private key, and enable the “Service Certificate” toggle.

Add LB Monitor

Create a new monitor by navigating to Networking > Load Balancing > Monitors > Add Active Monitor HTTPS

  • Name: Provide a name
  • Monitoring Port: 443
  • HTTP Request Configuration: GET /cloud/server_status, HTTP Request Version: 1
  • HTTP Response Configuration: HTTP Response Code: 200
  • SSL Configuration: Enabled, Client Certificate: None

Add Application Profile

To add an application profile, navigate to Networking > Load Balancing > Profiles > Add Application Profile > HTTP

Provide a name for the profile and adjust parameters below to the value specified:

  • Request Header Size: 65535
  • Request Body Size: 52428800
  • Response Header Size: 50000

Add Server Pools

Networking > Load Balancing > Server Pools > Add Server Pool

  • Algorithm: Least Connection
  • Active Monitor: Select the one that you created earlier.
  • Select members: Enter individual members.

Add Virtual Servers

We will add two virtual servers. One for UI/API and another for VM Remote Console connections. 

To configure virtual servers, navigate to Networking > Load Balancing > Virtual Servers

For vCloud UI

  • Add virtual server: L7 HTTP
  • Ports: 443
  • Server Pool: select the one that we created in the earlier step.
  • Application Profile: the one that we created earlier.
  • Persistence: default-source-ip-lb-persistence-profile

SSL Configuration:

  • Client SSL: Enabled, Default Certificate: Certificate which we imported in NSX-T UI, Client SSL Profile: default-balanced-client-ssl-profile,
  • Server SSL: Enabled, Client Certificate: None, Server SSL Profile: default-balanced-server-ssl-profile

vCloud Console

  • Add virtual server: L4 TCP
  • Ports: 8443
  • Server Pool: the one that we created earlier.
  • Application Profile: default-tcp-lb-app-profile.
  • Persistence: disabled.

Load Balancer

Now we can create a load balancer instance and associate the virtual servers with it. Create the LB instance on the Tier 1 Gateway, which routes to your VCD cell network. To add a load balancer, navigate to Networking > Load Balancing > Load Balancers > Add Load Balancer

  • Provide a name for the LB and select the T1 gateway that you created dedicatedly for VCD. 
  • Under virtual servers, click on Set to define the virtual servers that we created in the previous step.

Select the virtual servers from the list.

Change VCD Public URL

The last step is to change the public URL of VCD to point to the hostname of the VIP defined for VCD.

Test VCD login by connecting to the VCD load balancer address.

And that concludes this post. 

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.

Leave a Reply