There are multiple use cases for enabling IP routing on NSX Advanced Load Balancer Service Engines.
When new application servers are deployed, the servers need external connectivity for manageability. In the absence of a router in the server networks, the NSX Advanced Load Balancer SE can be used for routing the traffic of server networks.
Another use case is when virtual services use an application profile with the Preserve Client IP option enabled, back end servers receive traffic with the source IP set to the IP of the originating clients. The NSX Advanced Load Balancer SE’s IP needs to be configured as the default gateway for servers to route all traffic back through the SEs to the clients.
In NSX Advanced Load Balancer IPv6 forwarding feature is supported. This feature is only supported for IPv6 forwarding. Complete IPv6 router configuration like radvd is not supported.
Scope
The following features are supported:
IP routing is supported on two-armed, no-access configurations of Linux server clouds and VMware clouds and conditionally supported on CSP. On CSP, it is supported when the interfaces attached to the SE instances are configured in SR-IOV mode.
VMWare write access clouds are also supported when configured using the CLI.
NSX Advanced Load Balancer supports IP routing for VMware cloud deployments in write access mode. For this feature to work on VMware write access clouds, at least one virtual service must be configured with the following configurations:
One arm (in the two-arm mode deployment) must be placed in the backend network. For this network, SE acts as the default gateway.
The other arm is placed in the desired front-end network.
The HA mode must be legacy HA (active/standby) only for SE groups with the enable IP routing option set.
The HA mode must be legacy HA (active/standby) only for SE groups and routing has to be enabled in the corresponding Network Service.
IP routing cannot be enabled in conjunction with the distribute load option set in the SE group configuration.
IP routing is supported on the following:
Only DPDK-based SEs.
VMware write access mode if a virtual service has already been created. This virtual service creates the required Service Engines before MAC masquerading is tested.
Preserve_client_ip is supported for non-directly-connected or routed backend servers. However, all the required IPs on NSX Advanced Load Balancer still needs to be static, and there is no support for DHCP relay.
Use Case
Briefly, enabling IP routing requires the following configurations to be done at various points in the network:
On the NSX Advanced Load Balancer Controller, enable IP routing for the SE group. This has to be configured through Network Service of routing_service type.
On the front end router, configure static routes to the back end server networks with the next hop as floating IP in the front end network.
If BGP is enabled in the network and BGP peers configured on the SEs, then enable Advertise back end subnets using BGP for the SE group.
If BGP is enabled in the network and BGP peers are configured on the SEs, then enable Advertise back end subnets using BGP for the SE group in the above routing enabled Network Service.
On the back end servers, configure the SE’s floating IP in the back end server network as the default gateway.