When NSX Advanced Load Balancer is used to provide load balancing to applications residing in public cloud, the NSX Advanced Load Balancer Controller communicates with the public cloud provider’s API endpoints for configuration and ongoing operations.

In some cases, the communication between the NSX Advanced Load Balancer Controller and the public cloud endpoint may be required to traverse a proxy.

NSX Advanced Load Balancer supports HTTP proxy for the Controller - Public Cloud API endpoint communication with the following cloud connectors:

  • Amazon Web Services (AWS)

  • Microsoft Azure

  • Google Cloud Platform

Configuring Proxy Support

Proxy support on an NSX Advanced Load Balancer Controller can be enabled by using the proxy_configuration knob under the configure systemconfiguration option.

This feature supports proxy servers configured with basic authentication, and without authentication. The following are the parameters which are configured while enabling proxy support:

  • Host – IP address of the proxy server.

  • Port – The port number over which the NSX Advanced Load Balancer Controller will communicate to the proxy server.

  • Username – Username of the proxy server (only if basic authentication is enabled on the proxy server).

  • Password – Password to access the proxy server (only if basic authentication is enabled on the proxy server).

Follow the steps mentioned below to enable the proxy support:

  1. Login to the shell prompt of the NSX Advanced Load Balancer Controller.

  2. Execute the proxy_configuration command under the configure systemconfiguration mode.

  3. Provide the details of the required parameters for the proxy server as shown below.

  4. [admin:10.1.1.1]: > configure systemconfiguration
Updating an existing object. Currently, the object is:
+----------------------------------+---------------------------------------+
| Field                            | Value                                 |
+----------------------------------+---------------------------------------+
| uuid                             | default                               |
| dns_configuration                |                                       |
|   server_list[1]                 | 10.10.0.100                           |
|   search_domain                  |                                       |
| ntp_configuration                |                                       |
|   community                      | <sensitive>                           |
|   sys_contact                    | [email protected]               |
|   version                        | SNMP_VER2                             |
| ssh_ciphers[1]                   | aes128-ctr                            |
| ssh_ciphers[2]                   | aes256-ctr                            |
| ssh_ciphers[3]                   | arcfour256                            |
| ssh_ciphers[4]                   | arcfour128                            |
| ssh_hmacs[1]                     | [email protected]         |
| ssh_hmacs[2]                     | [email protected]         |
| ssh_hmacs[3]                     | [email protected]              |
| ssh_hmacs[4]                     | hmac-sha2-512                         |
| default_license_tier             | ENTERPRISE_18                         |
+----------------------------------+---------------------------------------+
[admin:10-152-131-93]: systemconfiguration> proxy_configuration
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> host 10.20.1.1
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> port 3128
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> username admin
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> password admin
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> save
[admin:10-152-131-93]: systemconfiguration> save
+----------------------------------+-------------------------------------------+
| Field                            | Value                                     |
+----------------------------------+-------------------------------------------+
| uuid                             | default                                   |
| dns_configuration                |                                           |
|   server_list[1]                 | 10.10.0.100                               |
|   search_domain                  |                                           |
| ntp_configuration                |                                           |
|   ntp_servers[1]                 |                                           |
|     server                       | 0.us.pool.ntp.org                         |
|   ntp_servers[2]                 |                                           |
|     server                       | 1.us.pool.ntp.org                         |
|   ntp_servers[3]                 |                                           |
|     server                       | 2.us.pool.ntp.org                         |
|   ntp_servers[4]                 |                                           |
|     server                       | 3.us.pool.ntp.org                         |
| portal_configuration             |                                           |
|   enable_https                   | True                                      |
|   redirect_to_https              | True                                      |
|   enable_http                    | True                                      |
|   sslkeyandcertificate_refs[1]   | System-Default-Portal-Cert                |
|   sslkeyandcertificate_refs[2]   | System-Default-Portal-Cert-EC256          |
|   use_uuid_from_input            | False                                     |
|   sslprofile_ref                 | System-Standard-Portal                    |
|   enable_clickjacking_protection | True                                      |
|   allow_basic_authentication     | True                                      |
|   password_strength_check        | False                                     |
|   disable_remote_cli_shell       | False                                     |
| global_tenant_config             |                                           | 
|   tenant_vrf                     | False                                     |
|   se_in_provider_context         | True                                      |
|   tenant_access_to_provider_se   | True                                      |
| email_configuration              |                                           |
|   smtp_type                      | SMTP_LOCAL_HOST                           |
|   from_email                     | [email protected]                   |
|   mail_server_name               | localhost                                 |
|   mail_server_port               | 25                                        |
|   disable_tls                    | False                                     |
| docker_mode                      | False                                     |
| snmp_configuration               |                                           |
|   community                      | <sensitive>                               |
|   sys_contact                    | [email protected]                   |
|   version                        | SNMP_VER2                                 |
| proxy_configuration              |                                           |
|   host                           | 10.20.1.1                                 |
|   port                           | 3128                                      |
|   username                       | admin                                     |
|   password                       | <sensitive>                               |
+----------------------------------+-------------------------------------------+