Enhanced Virtual Hosting (EVH) helps in enabling the virtual hosting on virtual service irrespective of Server Name Indication (SNI). This section explains the usage of enhanced virtual hosting (EVH) in NSX Advanced Load Balancer.
Virtual services can be of two types, namely:
Non-virtual hosting enabled virtual service
Virtual hosting enabled virtual service
Non-virtual Hosting Enabled Virtual Service
The Virtual Hosting VS option in the virtual service configuration is deactivated by default. When you create a virtual service with this option deactivated, then that particular virtual service would be non-virtual hosting enabled virtual service.
Virtual Hosting Enabled Virtual Service
SNI Virtual Hosting
Enabling Virtual Hosting VS option for a virtual service indicates the virtual service is a parent or child of another service, in a server name indication (SNI) deployment. Server Name Indication (SNI) is a method of virtual hosting multiple domain names for an SSL enabled virtual IP.
For more information on virtual hosting enabled virtual service, see Server Name Indication, Wildcard SNI Matching for Virtual Hosting.
Enhanced Virtual Service Hosting
The virtual service placement for EVH service follows the same conditions as SNI parent child. A parent can either be a host SNI or EVH children but not both at the same time. The child of the same virtual hosting type can be associated with parent virtual service, if the parent virtual service is of SNI type then the associated children must also be of SNI type. Similarly if parent virtual service is of enhanced virtual service type, then the children associated with this parent virtual service must be of same type (EVH). The EVH child can not be associated with SNI parents and vice versa.
SNI and EVH can be compared as shown in the table:
Server Name Indication (SNI) |
Enhanced Virtual Hosting (EVH) |
---|---|
Multiple domains can be configured under a child virtual service and are owned by that virtual service. |
The same domain can be configured under multiple children but with different path match criteria. |
SNI can only handle HTTPS traffic. |
EVH children can handle both HTTP and HTTPS traffic. |
The entire connection, including all its requests, will be handled by one of the child virtual service, selected during TLS handshake. |
The connection is always handled by the parent virtual service and individual requests in that connection will be handled by the selected child virtual service based on the matching host header, URI path, and path match criteria configured under child virtual service. |
Parent virtual service have the service ports configured on them and need to have SSL enabled on them.
In the child virtual service, FQDN field is used to specify the domains for which the virtual service must be selected. HOST+PATH+
match_criteria
defines which child virtual service under a parent virtual service will process a given request.
NSX Advanced Load Balancer supports the EVH switching of different requests (within one connection) between the child virtual service of a single parent virtual service. Unlike SNI which switches only TLS connections based on one-to-one mapping of children to FQDN, EVH maps one FQDN to many children based on resource path requested.