When NSX Advanced Load Balancer is used to provide load balancing to applications residing in public cloud, the NSX Advanced Load Balancer Controller communicates with the public cloud provider’s API endpoints for configuration and ongoing operations.
In some cases, the communication between the NSX Advanced Load Balancer Controller and the public cloud endpoint may be required to traverse a proxy.
NSX Advanced Load Balancer supports HTTP proxy for the Controller - Public Cloud API endpoint communication with the following cloud connectors:
Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform
Configuring Proxy Support
Proxy support on an NSX Advanced Load Balancer Controller can be enabled by using the proxy_configuration
knob under the configure systemconfiguration option.
This feature supports proxy servers configured with basic authentication, and without authentication. The following are the parameters which are configured while enabling proxy support:
Host – IP address of the proxy server.
Port – The port number over which the NSX Advanced Load Balancer Controller will communicate to the proxy server.
Username – Username of the proxy server (only if basic authentication is enabled on the proxy server).
Password – Password to access the proxy server (only if basic authentication is enabled on the proxy server).
Follow the steps mentioned below to enable the proxy support:
Login to the shell prompt of the NSX Advanced Load Balancer Controller.
Execute the proxy_configuration command under the
configure systemconfiguration
mode.Provide the details of the required parameters for the proxy server as shown below.
[admin:10.1.1.1]: > configure systemconfiguration Updating an existing object. Currently, the object is: +----------------------------------+---------------------------------------+ | Field | Value | +----------------------------------+---------------------------------------+ | uuid | default | | dns_configuration | | | server_list[1] | 10.10.0.100 | | search_domain | | | ntp_configuration | | | community | <sensitive> | | sys_contact | [email protected] | | version | SNMP_VER2 | | ssh_ciphers[1] | aes128-ctr | | ssh_ciphers[2] | aes256-ctr | | ssh_ciphers[3] | arcfour256 | | ssh_ciphers[4] | arcfour128 | | ssh_hmacs[1] | [email protected] | | ssh_hmacs[2] | [email protected] | | ssh_hmacs[3] | [email protected] | | ssh_hmacs[4] | hmac-sha2-512 | | default_license_tier | ENTERPRISE_18 | +----------------------------------+---------------------------------------+ [admin:10-152-131-93]: systemconfiguration> proxy_configuration [admin:10-152-131-93]: systemconfiguration:proxy_configuration> host 10.20.1.1 [admin:10-152-131-93]: systemconfiguration:proxy_configuration> port 3128 [admin:10-152-131-93]: systemconfiguration:proxy_configuration> username admin [admin:10-152-131-93]: systemconfiguration:proxy_configuration> password admin [admin:10-152-131-93]: systemconfiguration:proxy_configuration> save [admin:10-152-131-93]: systemconfiguration> save +----------------------------------+-------------------------------------------+ | Field | Value | +----------------------------------+-------------------------------------------+ | uuid | default | | dns_configuration | | | server_list[1] | 10.10.0.100 | | search_domain | | | ntp_configuration | | | ntp_servers[1] | | | server | 0.us.pool.ntp.org | | ntp_servers[2] | | | server | 1.us.pool.ntp.org | | ntp_servers[3] | | | server | 2.us.pool.ntp.org | | ntp_servers[4] | | | server | 3.us.pool.ntp.org | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | sslkeyandcertificate_refs[1] | System-Default-Portal-Cert | | sslkeyandcertificate_refs[2] | System-Default-Portal-Cert-EC256 | | use_uuid_from_input | False | | sslprofile_ref | System-Standard-Portal | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | | disable_remote_cli_shell | False | | global_tenant_config | | | tenant_vrf | False | | se_in_provider_context | True | | tenant_access_to_provider_se | True | | email_configuration | | | smtp_type | SMTP_LOCAL_HOST | | from_email | [email protected] | | mail_server_name | localhost | | mail_server_port | 25 | | disable_tls | False | | docker_mode | False | | snmp_configuration | | | community | <sensitive> | | sys_contact | [email protected] | | version | SNMP_VER2 | | proxy_configuration | | | host | 10.20.1.1 | | port | 3128 | | username | admin | | password | <sensitive> | +----------------------------------+-------------------------------------------+