This section elaborates Folder Scoping for SE Placement and Host and Data Store Scoping in NSX-T Cloud.
Folder Scoping for SE Placement
To select the folder to place all the SE virtual machines in vCenter,
From the UI, navigate to
.Select the NSX-T cloud.
Edit the service engine group required.
Click on the Advanced tab.
Select a value from the Service Engine Folder drop-down menu.
Note:The folder to be configured has to be pre-created in the respective vCenter. NSX Advanced Load Balancer does not auto-create the folders.
Host and Data Store Scope
Host Scope:
SEs may be deployed on any host that most closely matches the resources and reachability criteria for placement. This setting directs the placement of SEs.
By default, NSX Advanced Load Balancer allows SEs to be deployed to any host that best fits the deployment criteria. However, you can specify the preferred hosts as shown below:
To specify the hosts,
Under Host Scope Service Engine Within, click Host.
Select Include to deploy SEs only on the specified hosts or click Exclude for not deploying SEs on the specified host.
Note:All the hosts from vCenter are listed here.
Select the required hosts to be included/ excluded from the drop-down menu.
Data Store Scope:
Under Data Store Scope, set the storage location for SEs. By default, NSX Advanced Load Balancer will determine the best option for data storage. However, you can select specific shared data stores to be included or excluded.
To specify the shared data store,
Under Data Store Scope for Service Engine Virtual Machine, select Shared.
Select Include to select the data stores to be included or Exclude to select the data stores to be excluded.
Select the shared data stores to be included or excluded.
Click Save.
Creating the Virtual Service
To create a new virtual service,
Navigate to
.Click
.Select the NSX-T cloud and click Next.
Configure the virtual service. Under Add Servers, click Security Groups and select the NSX Security Group.
Note:The front-end (VIP) IP supports an IPv6 address.
Click Save.
In the aforementioned steps, IPAM is used. Therefore, the segment, subnet and T1 logical route had to be selected. If IPAM is not configured, you must specify the VIP and select the T1 logical route.
If DFW is enabled and SEs are not added to DFW's exclusion list, then for virtual service scaled out with N+M or Active/Active Mode, enable the se_tunnel_mode 0 to 1 under SE Group properties. This ensures that DFW does not drop or rate-limit the response traffic from secondary SEs.
[admin:1234]: > configure serviceenginegroup <SEG Name> [admin:1234]: serviceenginegroup> se_tunnel_mode 1 Overwriting the previously entered value for se_tunnel_mode [admin:1234]: serviceenginegroup> save
After enabling se_tunnel_mode, NSX Advanced Load Balancer will make sure that the reverse path is from backend to secondary to primary and then to the client, and thereby DFW will not drop it.