Objective 6.1 – Configure and Manage Logical Load Balancing

Knowledge

• Identify general ESXi host troubleshooting guidelines
  • I believe this has been erroneously left in from the VCP-DCV Blueprint Section 6.1. If you want to study this anyway, I would check out the numerous VCP5-DCV study guides around on the web.
• Configure global load balancing configuration
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then click NSX Edges.
  • Double-click an NSX Edge.
  • Click Manage and then click the Load Balancer tab.
  • Click Edit.
  • Select the check boxes next to the options you want to enable.
    • Enable Loadbalancer Allows the NSX Edge load balancer to distribute traffic to internal servers for load balancing.
    • Enable Service Insertion allows the load balancer to work with third party vendor appliances.
    • Acceleration Enabled When enabled, the NSX Edge load balancer uses the faster L4 LB engine rather than L7 LB engine.
    • Logging NSX Edge load balancer collects traffic logs. You can also choose the log level.
  • Click OK.
• Create a service monitor
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then click NSX Edges.
  • Double-click an NSX Edge.
  • Click Manage and then click the Load Balancer tab.
  • In the left navigation panel, click Service Monitoring.
  • Click the Add icon.
  • Type a name for the service monitor.
  • Type the interval at which a server is to be pinged.
  • Type the maximum time in seconds within which a response from the server must be received.
  • Type the number of times the server must be pinged before it is declared down.
  • Select the way in which you want to send the health check request to the server.
  • For HTTP and HTTPS traffic, perform the steps below.
    • In Expect, type the string that the monitor expects to match in the status line of HTTP response (for example, HTTP/1.1).
    • Select the method to be used to detect server status.
    • Type the URL to be used in the sample request.
    • If you selected the POST method, type the data to be sent.
    • In Receive, type the string to be matched in the response content. If Expect is not matched, the monitor does not try to match the Receive content.
    • (Optional) In Extension, type advanced monitor parameters as key=value pairs. For example, warning=10 indicates that if a server does not respond within 10 seconds, its status is set as warning.
  • Click OK.
• Add/Edit/Delete a server pool
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then click NSX Edges.
  • Double-click an NSX Edge.
  • Click Manage and then click the Load Balancer tab.
  • In the left navigation panel, click Pools.
  • Type a name and description for the load balancer pool.
  • Select a balancing method for each enabled service.
    • IP_HASH Selects a server based on a hash of the source and destination IP address of each packet.
    • LEAST_CONN Distributes client requests to multiple servers based on the number of connections already on the server. New connections are sent to the server with the fewest connections.
    • ROUND_ROBIN Each server is used in turn according to the weight assigned to it. This is the smoothest and fairest algorithm when the server’s processing time remains equally distributed.
    • URI The left part of the URI (before the question mark) is hashed and divided by the total weight of the running servers. The result designates which server will receive the request. This ensures that a URI is always directed to the same server as long as no server goes up or down.
  • Add members to the pool.
    • Click the Add icon.
    • Type the name and IP address of the server member.
    • Type the port where the member is to receive traffic on and the monitor port where the member is to receive health monitor pings.
    • In Weight, type the proportion of traffic this member is to handle.
    • Type the maximum number of connections the member can handle.
    • Type the minimum number of connections a member should handle before traffic is redirected to the next member.
    • Click OK.
  • Transparent indicates whether client IP addresses are visible to the backend servers. If Transparent is not selected (default value), backend servers see the traffic source IP as a Load balancer internal IP. If Transparent is selected, source IP is the real client IP and NSX Edge must be set as the default gateway to ensure that return packets go through the NSX Edge device.
  • Click OK.
• Add/Edit/Delete an application profile
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then click NSX Edges.
  • Double-click an NSX Edge.
  • Click Manage and then click the Load Balancer tab.
  • In the left navigation panel, click Application Profiles.
  • Click the Add icon.
  • Type a name for the profile and select the traffic type for which you are creating the profile.
  • Type the URL to which you want to re-direct HTTP traffic. For example, you can direct traffic from http://myweb.com to https://myweb.com.
  • Specify persistence for the profile. Persistence tracks and stores session data, such as the specific pool member that serviced a client request. This ensures that client requests are directed to the same pool member throughout the life of a session or during subsequent sessions.
    
    Cookie persistence inserts a cookie to uniquely identify the session the first time a client accessed the site and then refers to that cookie in subsequent requests to persist the connection to the appropriate server. Type the cookie name and select the mode by which the cookie should be inserted.

    SOURCEIP persistence tracks sessions based on the source IP address. When a client requests a connection to a virtual server that supports source address affinity persistence, the load balancer checks to see if that client previously connected, and if so, returns the client to the same pool member.
    
    Microsoft Remote Desktop Protocol (MSRDP) persistence maintains persistent sessions between Windows clients and servers that are running the Microsoft Remote Desktop Protocol (RDP) service. The recommended scenario for enabling MSRDP persistence is to create a load balancing pool that consists of members running Windows Server 2003 or Windows Server 2008, where all members belong to a Windows cluster and participate in a Windows session directory.

Traffic Type        Persistence Method Supported
TCP                        SOURCEIP, MSRDP
HTTP                      Cookie, SOURCEIP
HTTPS                   Cookie, ssl_session_id (SSL Passthrough enabled) , SOURCEIP

• If you are creating a profile for HTTPS traffic, complete the steps below. The following HTTPS traffic pattern are allowed.

  client -> HTTPS -> LB -> HTTP -> servers
  client -> HTTPS -> LB -> HTTPS -> servers
  client -> HTTP-> LB -> HTTPS -> servers

  • Select Insert X-Forwarded-For HTTP header for identifying the originating IP address of a client connecting to a web server through the load balancer.
  • Select the certificate/CAs/CRLs used to decrypt HTTPS traffic in Virtual Server certificates.
  • Define the certificate/CAs/CRLs used to authenticate the load balancer from the server side in Pool Certificates.
• In Cipher, select the cipher algorithms (or cipher suite) negotiated during the SSL/TLS handshake.
  Specify whether client authentication is to be ignored or required. If set to required, the client must provide a certificate after the request or the handshake is aborted.
• Click OK.
• Add/Edit/Delete virtual servers
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then click NSX Edges.
  • Double-click an NSX Edge.
  • Click Manage and then click the Load Balancer tab.
  • In the left navigation panel, click Virtual Servers.
  • Click the Add “+” icon.
  • Type a name for the virtual server.
  • (Optional) Type a description for the virtual server.
  • Type the IP address that the load balancer is listening on. Type the protocol that the virtual server will handle.
  • Type the protocol that the virtual server will handle.
  • Type the port number that the load balancer will listen on.
  • Select the application profile to be associated with the virtual server. You can associate only an application profile with the same protocol as the virtual server that you are adding. The services supported by the selected pool appear.
  • Select the application rule to be associated with the virtual server.
  • In Connection Limit, type the maximum concurrent connections that the virtual server can process.
  • In Connection Rate Limit, type the maximum incoming new connection requests per second.
  • Click OK.
• Configure global server load balancing
  • I have spent a great deal of time trying to find something in the given documentation relating to this, to no avail. My understanding is that “Global Server Load Balancing” is to do with directing user requests to their geographically local datacenter, by manipulating the DNS response. However there is nothing to do with this in the NSX documentation that I can see. A number of 3^rd party vendors have stated they will provide this via a service, but I have yet to uncover any configuration guides.
• Determine appropriate NSX Edge instance size based on load balancing requirements
  The best information I can find in the documentation is as follows:
  • The Large NSX Edge has more CPU, memory, and disk space than the Compact NSX Edge, and supports a bigger number of concurrent SSL VPN-Plus users.
  • The X-Large NSX Edge is suited for environments which have Load Balancer with millions of concurrent sessions.
  • The Quad Large NSX Edge is recommended for high throughput and requires a high connection rate.

Tools

• NSX Installation and Upgrade Guide
• NSX Administration Guide
• HAProxy Configuration Manual
• NSX Manager
• vSphere Web Client