Loadbalancer As a Service
Preview
The load balancer service in Cloud Avenue is provided by VMware’s NSX Advanced Load Balancer (NSX ALB) solution.
The implementation is carried out at the T1 gateway level in a vDC or a “Data center group ” (i.e., a group of multiple vDCs) if they are connected to the same T1 gateway within the same AZ (Chartres or Val de Reuil).
You can create/manage the load balancer configurations from the tenant user interface (vCloud Director – VCD portal).
Advanced Load Balancer – Shared and Dedicated
The load balancer services available on Cloud Avenue IaaS are as follows :
| Type of LBaaS | Configuration Requirements | Load Balancing Engine Resilience | Load Balancing Engine Resilience |
| Shared | T0 VRF Premium | 20 VIP | Active / Standby Active / Active |
| Dedicated | T0 VRF Premium | 200 VIP | Active / Standby Active / Active |
The load balancer services available on Cloud Avenue IaaS are as follows :
| Type of LBaaS | Configuration Requirements | Quota de classe de service par défaut | Résilience du moteur de Load Balancing |
| Dédié | T0 Dédié Medium | 200 VIP par Service Engine | Actif / Standby Actif / Actif |
| Configuration Parameters | IaaS with vDC | IaaS with vCoD | |
|---|---|---|---|
| Application Type | HTTP | ▲ | ▲ |
| HTTPS | ▲ | ▲ | |
| L4 TCP | ▲ | ▲ | |
| L4 UDP | ▲ | ▲ | |
| L4 TLS | ▲ | ▲ | |
| Load Balancing Algorithm | Least Connections | ▲ | ▲ |
| Round Robin | ▲ | ▲ | |
| Consistent Hash | ▲ | ▲ | |
| Fastest Response | ▲ | ▲ | |
| Least Load | ▲ | ▲ | |
| Fewest Servers | ▲ | ▲ | |
| Random | ▲ | ▲ | |
| Fewest Tasks | ▲ | ▲ | |
| Core Affinity | ▲ | ▲ | |
| Pool Persistence | Client IP | ▲ | ▲ |
| HTTP Cookie | ▲ | ▲ | |
| Custom HTTP Header | ▲ | ▲ | |
| Application Cookie | ▲ | ▲ | |
| Client IP | ▲ | ▲ | |
| Active Health Monitor | HTTP | ▲ | ▲ |
| HTTPS | ▲ | ▲ | |
| TCP | ▲ | ▲ | |
| UDP | ▲ | ▲ | |
| PING | ▲ | ▲ | |
| Analytics | Dashboard | ▲ | ▲ |
| Advanced Features | HTTP Policy | ▲ | ▲ |
| WAF | ▲ | ▲ | |
General diagram of the load balancer
A load balancer option is available on the T1 gateway.
You can create:
- Virtual Services: A virtual service is a combination of an IP address and a port that uses a single network protocol. A virtual service listens for traffic to an IP address. It processes client requests and directs valid requests to a member of the load balancer server pool.
- Pools: A server pool is a group of one or more servers that you configure to run the same application and ensure high availability.
- Application Profiles: Application profiles determine the behavior of virtual services based on the type of application. Types of application profiles, such as HTTP, HTTPS, L4 TCP, L4 UDP, L4 TLS, can be used.
External and Internal Load Balancer
Depending on configuration needs, you can deploy the load balancer for internal and external applications.
In this example, Pool 1 runs an outward-facing application. The servers in Pool 1 access Pool 2, which runs an inward-facing application.
Upgrade
Cloud Avenue Shared: Number of Virtual Services
If you need to create additional load balancers beyond those assigned by default when opening your tenant, you can request an additional virtual services pack.
Cloud Avenue Private: Service Unit Counting (cores)
You can request an upgrade for the load balancer engine, meaning an increase in the number of engine cores (vCPU). By default, your load balancer engine is provisioned with the number of cores specified in your order form.
User Interface Options
Cloud Avenue Shared
If you have the Cloud Avenue Shared offer, you will have by default the vCloud Director tenant management portal as a self-service interface to create/manage virtual services with associated advanced features such as HTTP Policy or WAF.
Cloud Avenue Priate
If you have the Cloud Avenue Private offer, the available interface types depend on the options you have chosen, especially if you have not selected the vCloud Director tenant management portal option:
- If you have opted for vCloud Director, you will use it to create/manage virtual services with associated advanced functions such as HTTP Policy, WAF.
- If you have not opted for vCloud Director, you will have access to the NSX Advanced Load Balancer interface to create/manage virtual services in your tenant with associated advanced features such as HTTP Policy, WAF.
Advanced Features
HTTP policy
The HTTP policies of virtual services allow controlling security, client request attributes, and application response attributes.
A virtual service policy consists of match criteria and actions that function similarly to an if-then statement. If match criteria are met, defined actions are performed.
HTTP policy rules can be configured only to a layer-7 virtual service.
- HTTP Request Rules : Use HTTP request rules to modify requests before they are either forwarded to the application, used as a basis for content switching, or discarded.
- HTTP Response Rules : Use HTTP response rules to evaluate and modify the response and response attributes that the application returns.
- HTTP Security Rules : Use HTTP security rules to configure allowing or denying certain requests, to close the TCP connection, to redirect a request to HTTPS, or to apply a rate limit
Web Application Firewall (WAF)
The Web Application Firewall (WAF) can be enabled for a virtual service. Two WAF modes are available: Detection Mode and Enforcement Mode.
Detection Mode:
The WAF policy evaluates and processes the incoming request, but does not perform a blocking action. A log entry is created when the request is flagged.
Enforcement Mode:
The WAF policy evaluates the request and blocks the request based on the specified rules. The corresponding log entry is marked as REJECTED
