This diagram illustrates the high-level architecture of NSX ALB transparent load balancing configuration on top of VMware Aria Operations for Logs cluster.
The Service Engine Group must be in Active/Standby (Legacy high availability) mode with a floating IP configured that can act as the default gateway IP for the VMware Aria Operations for Logs nodes, referred to as backend servers, pool servers or servers.
When the backend servers (which will have source IP of the server and the destination IP of the original client) need to reply (TCP), they require a way for the server's reply to route to the Service Engines. If the server's default gateway is some other router, the replies will not pass through NSX ALB. Consequently, the source IP will not be rewritten back to the VIP.
To address this, it is common practice to configure a floating IP and use that as the next-hop for the default route on the backend servers. This ensures that reply traffic is directed back through the Service Engine that owns that flow. The easiest way to do that is to have the Service Engine interfaces and floating IP on the same subnet as the backend servers and configure the backend servers' default gateway as the floating IP. This follows standard ADC (Application Delivery Controller) deployment practices. The Service Engines act as a router for traffic to and from the backend servers.
By configuring the floating IP as the default gateway on servers, both load-balanced and non load-balanced outbound traffic from the servers will be directed through the NSX ALB. This typically requires the Service Engines to be in a two-armed configuration, functioning as a router between the subnet where the servers reside and the "rest of the world". VRF (Virtual Routing and Forwarding) can be utilized to route the outbound traffic from servers for nonload- balanced traffic.
To send traffic to destination servers, the VS (Virtual Service) internally passes the traffic to the pool corresponding to that virtual service. A virtual service normally uses a single pool.
Although, VS Policies can be used in lieu of a pool, such as in cases where the virtual service only performs an HTTP redirect.
A typical virtual service consists of a single IP address (VIP) and service port that uses a single network protocol.
Pools maintain a list of servers assigned to them and perform tasks such as health monitoring, load balancing, persistence, and other functions involving the VMware NSX Advanced Load Balancer-to-server interaction.
