Following the principles of this design and of each product, you deploy and configure NSX load balancing services to support vRealize Suite and Workspace ONE Access components.

Logical Load Balancing Design for VMware Cloud Foundation

The logical load balancer capability in NSX offers a high-availability service for applications in VMware Cloud Foundation and distributes the network traffic load among multiple servers.

A standalone Tier-1 gateway is created to provide load balancing services with a service interface on the cross-instance application virtual network.

Figure 1. NSX Logical Load Balancing Design for VMware Cloud Foundation

In the NSX Edge cluster at the top, a Tier-1 gateway runs the load balancing service and is connected to the Tier-0 - Tier-1 gateway pair on the cross-instance segment. The edge cluster is connected to the NSX Manager cluster which is connected to the management host transport nodes at the bottom.

Load Balancing Design Requirements for VMware Cloud Foundation

Consider the requirements for running a load balancing service including creating a standalone Tier-1 gateway and connecting it to the client applications. Separate requirements exist for a single VMware Cloud Foundation instance and for multiple VMware Cloud Foundation instances.

Table 1. Load Balancing Design Requirements for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-NSX-LB-REQD-CFG-001

Deploy a standalone Tier-1 gateway to support advanced stateful services such as load balancing for other management components.

Provides independence between north-south Tier-1 gateways to support advanced deployment scenarios.

You must add a separate Tier-1 gateway.

VCF-NSX-LB-REQD-CFG-002

When creating load balancing services for Application Virtual Networks, connect the standalone Tier-1 gateway to the cross-instance NSX segments.

Provides load balancing to applications connected to the cross-instance network.

You must connect the gateway to each network that requires load balancing.

VCF-NSX-LB-REQD-CFG-003

Configure a default static route on the standalone Tier-1 gateway with a next hop the Tier-1 gateway for the segment to provide connectivity to the load balancer.

Because the Tier-1 gateway is standalone, it does not auto-configure its routes.

None.

Table 2. Load Balancing Design Requirements for NSX Federation in VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-NSX-LB-REQD-CFG-004

Deploy a standalone Tier-1 gateway in the second VMware Cloud Foundation instance.

Provides a cold-standby non-global service router instance for the second VMware Cloud Foundation instance to support services on the cross-instance network which require advanced services not currently supported as NSX global objects.

  • You must add a separate Tier-1 gateway.

  • You must manually configure any services and synchronize them between the non-global service router instances in the first and second VMware Cloud Foundation instances.

  • To avoid a network conflict between the two VMware Cloud Foundation instances, make sure that the primary and standby networking services are not both active at the same time.

VCF-NSX-LB-REQD-CFG-005

Connect the standalone Tier-1 gateway in the second VMware Cloud Foundationinstance to the cross-instance NSX segment.

Provides load balancing to applications connected to the cross-instance network in the second VMware Cloud Foundation instance.

You must connect the gateway to each network that requires load balancing.

VCF-NSX-LB-REQD-CFG-006

Configure a default static route on the standalone Tier-1 gateway in the second VMware Cloud Foundation instance with a next hop as the Tier-1 gateway for the segment it connects with to provide connectivity to the load balancers.

Because the Tier-1 gateway is standalone, it does not autoconfigure its routes.

None.

VCF-NSX-LB-REQD-CFG-007

Establish a process to ensure any changes made on to the load balancer instance in the first VMware Cloud Foundationinstance are manually applied to the disconnected load balancer in the second instance.

Keeps the network service in the failover load balancer instance ready for activation if a failure in the first VMware Cloud Foundation instance occurs.

Because network services are not supported as global objects, you must configure them manually in each VMware Cloud Foundation instance. The load balancer service in one instance must be connected and active, while the service in the other instance must be disconnected and inactive.

  • Because of incorrect configuration between the VMware Cloud Foundation instances, the load balancer service in the second instance might come online with an invalid or incomplete configuration.

  • If both VMware Cloud Foundation instances are online and active at the same time, a conflict between services could occur resulting in a potential outage.

  • The administrator must establish and follow an operational practice by using a runbook or automated process to ensure that configuration changes are reproduced in each VMware Cloud Foundation instance.