NCP will create a layer 4 load balancer virtual server and pool for each service port.

Details about this feature:
  • Both TCP and UDP are supported.
  • Each service will have a unique IP address.
  • The service is allocated an IP address from an external IP pool based on the loadBalancerIP field in the LoadBalancer definition. The loadBalancerIP field can be empty, have an IP address or the name or ID of an IP pool. If the loadBalancerIP field is empty, the IP will be allocated from the external IP pool specified by the external_ip_pools_lb option in the [nsx_v3] section in ncp.ini. If the external_ip_pools_lb option does not exist, the pool specified by external_ip_pools is used. The LoadBalancer service is exposed on this IP address and the service port.
  • You can change to a different IP pool by changing the configuration and restarting NCP.
  • The IP pool specified by loadBalancerIP must have the tag scope: ncp/owner, tag: cluster:<cluster_name>.

  • In Policy mode, a service of type LoadBalancer without a selector is supported. For such a service, the NSX-T load balancer's SNAT IP will be the IP of the service of type LoadBalancer. The NSX-T load balancer's SNAT IP will be updated if you update the IP of the service of type LoadBalancer. Note that a service without a selector cannot be configured as the endpoint of another service without a selector.
  • Error are annotated to a service. The error key is ncp/error.loadbalancer. The possible errors are:
    • ncp/error.loadbalancer: IP_POOL_NOT_FOUND

      This error indicates that you specify loadBalancerIP: <nsx-ip-pool> but <nsx-ip-pool> does not exist. The service will be inactive. To fix the error, specify a valid IP pool, delete and recreate the service.

    • ncp/error.loadbalancer: IP_POOL_EXHAUSTED

      This error indicates that you specify loadBalancerIP: <nsx-ip-pool> but the IP pool has exhausted its IP addresses. The service will be inactive. To fix the error, specify an IP pool that has available IP addresses, delete and recreate the service.

    • ncp/error.loadbalancer: IP_POOL_NOT_UNIQUE

      This error indicates that multiple IP pools have the name that is specified by loadBalancerIP: <nsx-ip-pool>. The service will be inactive.

    • ncp/error.loadbalancer: POOL_ACCESS_DENIED

      This error indicates that the IP pool specified by loadBalancerIP does not have the tag scope: ncp/owner, tag: cluster:<cluster_name> or the cluster specified in the tag does not match the name of the Kubernetes cluster.

    • ncp/error.loadbalancer: LB_VIP_CONFLICT

      This error indicates that the IP in the loadBalancerIP field is the same as the IP of an active service. The service will be inactive.

  • The layer 4 load balancer supports automatic scaling. If a Kubernetes LoadBalancer service is created or modified so that it requires additional virtual servers and the existing layer 4 load balancer does not have the capacity, a new layer 4 load balancer will be created. NCP will also delete a layer 4 load balancer that no longer has virtual servers attached. This feature is enabled by default. If you want to disable this feature, you must set l4_lb_auto_scaling to false in the NCP ConfigMap.