You can enable the vRealize Log Insight integrated load balancer (ILB) on a vRealize Log Insight cluster to ensure that incoming ingestion traffic is accepted by vRealize Log Insight even if some vRealize Log Insight nodes become unavailable. You can also configure multiple virtual IP addresses.
It is highly recommended that you enable the ILB in a vRealize Log Insight cluster environment.
The ILB ensures that incoming Ingestion traffic is accepted by vRealize Log Insight even if some vRealize Log Insight nodes become unavailable. The ILB also balances incoming traffic fairly among available vRealize Log Insight nodes. vRealize Log Insight clients, using both the Web user interface and ingestion (through Syslog or the Ingestion API), should connect to vRealize Log Insight via the ILB address.
ILB requires that all vRealize Log Insight nodes be on the same Layer 2 network, such as behind the same switch or otherwise able to receive ARP requests from and send ARP requests to each other. The ILB IP address should be set up so that any vRealize Log Insight node can own it and receive traffic for it. Typically, this means that the ILB IP address will be in the same subnet as the physical address of the vRealize Log Insight nodes. After you configure the ILB IP address, try to ping it from a different network to ensure that it is reachable.
To simplify future changes and upgrades, you can have clients point to a FQDN that resolves to the ILB IP address, instead of pointing directly to the ILB IP address.
About Direct Server Return Configuration
The vRealize Log Insight load balancer uses a Direct Server Return (DSR) configuration. In DSR, all incoming traffic passes through the vRealize Log Insight node that is the current load balancer node while return traffic is sent from vRealize Log Insight servers directly back to the client without needing to go through the load balancer node.
An issue may occur when traffic is forwarded from an External Load Balancer (ELB) to the vRealize Log Insight ILB, and the NetScaler feature Mac Based Forwarding (MBF) is turned on in the ELB. In this scenario, the ELB sends traffic directly to the vRealize Log Insight back-end node, bypassing the vRealize Log Insight load balancer node. This ultimately causes dropped connections by the vRealize Log Insight load balancer, and you will have to continuously re-create connections. This results in data loss.
To avoid this issue, disable MBF in the ELB, or send traffic directly from clients to the vRealize Log Insight load balancer rather than going through the ELB.
Multiple Virtual IP Addresses
You can configure multiple virtual IP addresses (vIPs) for the Integrated Load Balancer. You can also configure a list of static tags to each v IP so that each log message received from the vIP is annotated with the configured tags.