This section describes how the NSX Advanced Load Balancer platform integrates with AWS auto scaling groups.
An NSX Advanced Load Balancer pool is a group of back end servers having similar characteristics, or serving or hosting similar applications. In NSX Advanced Load Balancer-AWS integration, a pool is scaled in or out to reflect actions taken by AWS on the corresponding AWS auto scaling group. These actions are governed by AWS preconfigured policies and criteria.
Scaling out is adding one or more instances to the auto scaling group and scaling in is removing one or more instances from the auto scaling group.
For more information about auto scaling groups on AWS, see Auto Scaling groups.
Background
NSX Advanced Load Balancer supports AWS auto scaling groups for configuring pools for a virtual service.
NSX Advanced Load Balancer AWS cloud connector periodically polls AWS auto scaling group membership information and updates the corresponding pool server membership if the changes are required.
For instance, if a new server (instance) is added to an AWS auto scaling group being used as an NSX Advanced Load Balancer pool, NSX Advanced Load Balancer will automatically update the pool membership to include the newly provisioned server. Conversely, upon deletion of a server (instance) from the AWS auto scaling group, NSX Advanced Load Balancer will delete this server from its pool membership. This enables seamless, elastic and automated management of back end server resources without any operator intervention or configuration updates.
NSX Advanced Load Balancer supports SNS and SQS features for auto scaling groups. If SNS and SQS are not in use, the default polling method is used. For more information, see the section Using the SNS-SQS feature for Auto Scaling Groups in theVMware NSX Advanced Load Balancer Configuration Guide.
ASG with launch templates is supported.
Prerequisites
The AWS user or IAM role needs to read access to Auto scaling groups and instances therein. For more information, see the topic IAM Role Setup for Installation into AWS in the VMware NSX Advanced Load Balancer Installation Guide.
The auto scaling group is already configured on AWS.
Configuring using the NSX Advanced Load Balancer UI
The following are the configuration steps using the UI:
Log in to the UI. Navigate to . Click Create Pool. Select the cloud and specify the pool name and accept the defaults for the remaining field options.
Click Server to view server options.
Select the Auto Scaling Groups option from Select Servers By.
Select auto scaling group instances already configured on AWS for that specific cloud from the Auto Scaling Group drop-down menu.
After selecting an instance or server from the list, NSX Advanced Load Balancer will fetch the instance or server information from AWS.
Click the Save option, the UI will return to the Pools page to display the Auto Scaling group members.
Using the SNS-SQS feature for Auto Scaling Groups
NSX Advanced Load Balancer can make use of the Simple Notification Service (SNS) and Simple Queue Service (SQS) features of AWS. SNS is a push notification service used to update pool member information of AWS auto scaling groups. SQS is a messaging queue service. For more information about SNS and SQS, see the following links:
By default, the flag for using SNS or SQS option is set to false on the NSX Advanced Load Balancer Controller. In the default polling method, the Controller polls every ten minutes to synchronize information regarding ASG membership changes. If SNS and SQS features are not enabled, set the polling interval to one minute. This value can be configured between 60 seconds (1 minute) to 1800 seconds (30 minutes). When using the SNS-SQS feature, increase the polling interval value from 1 minute to 10 minutes (recommended), as the cloud connector notifies the Controller instantly when ASG membership changes.
Configuring SNS-SQS on NSX Advanced Load Balancer using CLI
Change the value of use_sns_sqs. Check asg_poll_interval value. It must be set to ten minutes or more, based on the requirement. If the SNS and SQS features are not in use, change the polling interval to one minute.
Log in to the Controller’s shell prompt and follow the steps as shown below.
[admin:10-1-1-1]: cloud> aws_configuration [admin:10-1-1-1]: cloud:aws_configuration> asg_poll_interval 600 Overwriting the previously entered value for asg_poll_interval [admin:10-1-1-1]: cloud:aws_configuration> use_sns_sqs Overwriting the previously entered value for use_sns_sqs +---------------------+-------------------+ | Field | Value | +---------------------+-------------------+ | access_key_id | sensitive | | secret_access_key | sensitive | | region | us-west-2 | | vpc | AVI-MISC-West-VPC | | vpc_id | vpc-c8d6b5af | | zones[1] | | | availability_zone | us-west-2c | | mgmt_network_name | 2C-nw-9 | | route53_integration | False | | free_elasticips | True | | use_iam_roles | False | | ttl | 60 sec | | wildcard_access | True | | use_sns_sqs | True | | asg_poll_interval | 600 sec | +---------------------+-------------------+
Set use_sns_sqs to false and change asg_poll_interval to 60 seconds when SNS/SQS is not in use.
[admin:10-1-1-1]: cloud:aws_configuration> no use_sns_sqs +---------------------+-------------------+ | Field | Value | +---------------------+-------------------+ | access_key_id | sensitive | | secret_access_key | sensitive | | region | us-west-2 | | vpc | AVI-MISC-West-VPC | | vpc_id | vpc-c8d6b5af | | zones[1] | | | availability_zone | us-west-2c | | mgmt_network_name | 2C-nw-9 | | route53_integration | False | | free_elasticips | True | | use_iam_roles | False | | ttl | 60 sec | | wildcard_access | True | | use_sns_sqs | False | | asg_poll_interval | 600 sec | +---------------------+-------------------+ [admin:10-1-1-1]: cloud:aws_configuration> [admin:10-1-1-1]: cloud:aws_configuration> asg_poll_interval 60 Overwriting the previously entered value for asg_poll_interval +---------------------+-------------------+ | Field | Value | +---------------------+-------------------+ | access_key_id | sensitive | | secret_access_key | sensitive | | region | us-west-2 | | vpc | AVI-MISC-West-VPC | | vpc_id | vpc-c8d6b5af | | zones[1] | | | availability_zone | us-west-2c | | mgmt_network_name | 2C-nw-9 | | route53_integration | False | | free_elasticips | True | | use_iam_roles | False | | ttl | 60 sec | | wildcard_access | True | | use_sns_sqs | False | | asg_poll_interval | 60 sec | +---------------------+-------------------+
Configuring on AWS
AWS users must have all the required privileges to perform various actions required to enable and use SNS-SQS services. For the list of privileges provided, check the following JSON files:
avicontroller-sns-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1499337009000",
"Effect": "Allow",
"Action": [
"sns:ConfirmSubscription",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:GetSubscriptionAttributes",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sns:Publish",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:ListTopics",
"sns:Unsubscribe"
],
"Resource": [
"*"
]
}
]
}
avicontroller-sqs-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1499336908000",
"Effect": "Allow",
"Action": [
"sqs:*"
],
"Resource": [
"*"
]
}
]
}
avicontroller-asg-notification-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1499337126000",
"Effect": "Allow",
"Action": [
"autoscaling:DeleteNotificationConfiguration",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:PutNotificationConfiguration"
],
"Resource": [
"*"
]
}
]
}
For steps to associate these policies to AWS users see IAM Role Setup for Installation into AWS in the VMware NSX Advanced Load Balancer Installation Guide.
Alerts
NSX Advanced Load Balancer synchronizes information of Auto Scaling groups configured on AWS. If any of the Auto Scaling groups are deleted on the integrated AWS, a corresponding alert, and an event is generated on NSX Advanced Load Balancer.
