Loadbalancer As a Service

Preview

The load balancer service in Cloud Avenue is provided by VMware’s NSX Advanced Load Balancer (NSX ALB) solution.

The implementation is carried out at the T1 gateway level in a vDC or a “Data center group ” (i.e., a group of multiple vDCs) if they are connected to the same T1 gateway within the same AZ (Chartres or Val de Reuil).

You can create/manage the load balancer configurations from the tenant user interface (vCloud Director – VCD portal).

Advanced Load Balancer – Shared and Dedicated

The load balancer services available on Cloud Avenue IaaS are as follows :

Type of LBaaSConfiguration RequirementsLoad Balancing Engine ResilienceLoad Balancing Engine Resilience
SharedT0 VRF Premium20 VIPActive / Standby Active / Active
DedicatedT0 VRF Premium200 VIPActive / Standby Active / Active

The load balancer services available on Cloud Avenue IaaS are as follows :

Type of LBaaSConfiguration RequirementsQuota de classe de service par défautRésilience du moteur de Load Balancing
DédiéT0 Dédié Medium200 VIP par Service EngineActif / Standby Actif / Actif
Configuration ParametersIaaS with vDCIaaS with vCoD
Application TypeHTTP
HTTPS
L4 TCP
L4 UDP
L4 TLS
Load Balancing AlgorithmLeast Connections
Round Robin
Consistent Hash
Fastest Response
Least Load
Fewest Servers
Random
Fewest Tasks
Core Affinity
Pool PersistenceClient IP
HTTP Cookie
Custom HTTP Header
Application Cookie
Client IP
Active Health MonitorHTTP
HTTPS
TCP
UDP
PING
AnalyticsDashboard
Advanced FeaturesHTTP Policy
WAF

General diagram of the load balancer


A load balancer option is available on the T1 gateway.
You can create:

  • Virtual Services: A virtual service is a combination of an IP address and a port that uses a single network protocol. A virtual service listens for traffic to an IP address. It processes client requests and directs valid requests to a member of the load balancer server pool.
  • Pools: A server pool is a group of one or more servers that you configure to run the same application and ensure high availability.
  • Application Profiles: Application profiles determine the behavior of virtual services based on the type of application. Types of application profiles, such as HTTP, HTTPS, L4 TCP, L4 UDP, L4 TLS, can be used.

External and Internal Load Balancer


Depending on configuration needs, you can deploy the load balancer for internal and external applications.
In this example, Pool 1 runs an outward-facing application. The servers in Pool 1 access Pool 2, which runs an inward-facing application.

Upgrade

Cloud Avenue Shared: Number of Virtual Services

If you need to create additional load balancers beyond those assigned by default when opening your tenant, you can request an additional virtual services pack.

Cloud Avenue Private: Service Unit Counting (cores)

You can request an upgrade for the load balancer engine, meaning an increase in the number of engine cores (vCPU). By default, your load balancer engine is provisioned with the number of cores specified in your order form.

User Interface Options

Cloud Avenue Shared

If you have the Cloud Avenue Shared offer, you will have by default the vCloud Director tenant management portal as a self-service interface to create/manage virtual services with associated advanced features such as HTTP Policy or WAF.

Cloud Avenue Priate

If you have the Cloud Avenue Private offer, the available interface types depend on the options you have chosen, especially if you have not selected the vCloud Director tenant management portal option:

  • If you have opted for vCloud Director, you will use it to create/manage virtual services with associated advanced functions such as HTTP Policy, WAF.
  • If you have not opted for vCloud Director, you will have access to the NSX Advanced Load Balancer interface to create/manage virtual services in your tenant with associated advanced features such as HTTP Policy, WAF.

Advanced Features

HTTP policy

The HTTP policies of virtual services allow controlling security, client request attributes, and application response attributes.

A virtual service policy consists of match criteria and actions that function similarly to an if-then statement. If match criteria are met, defined actions are performed.

HTTP policy rules can be configured only to a layer-7 virtual service.

  • HTTP Request Rules : Use HTTP request rules to modify requests before they are either forwarded to the application, used as a basis for content switching, or discarded.
  • HTTP Response Rules : Use HTTP response rules to evaluate and modify the response and response attributes that the application returns.
  • HTTP Security Rules : Use HTTP security rules to configure allowing or denying certain requests, to close the TCP connection, to redirect a request to HTTPS, or to apply a rate limit

Web Application Firewall (WAF)

The Web Application Firewall (WAF) can be enabled for a virtual service. Two WAF modes are available: Detection Mode and Enforcement Mode.

Detection Mode:
The WAF policy evaluates and processes the incoming request, but does not perform a blocking action. A log entry is created when the request is flagged.

Enforcement Mode:
The WAF policy evaluates the request and blocks the request based on the specified rules. The corresponding log entry is marked as REJECTED