Recently I tested NSX-T 3.1 integration with VCD 10.2 in my lab and blogged about it. It was a simple single cell deployment as I was just testing the integration. Later I scaled my lab to 3 nodes VCD cell and also used the NSX-T load balancer feature to test the load balancing of VCD cells.

In order to use NSX-T load balancer, we can deploy VCD cells in 2 different ways:

• Deploy VCD cells on overlay segments connected to T1 gateway and configure LB straight away (easy method).
• Deploy VCD cells on VLAN backed portgroups and load balance them via a dedicated T1 gateway.

In this post, I will demonstrate the second method. Before jumping into the lab, let me show you what is already there in my infrastructure.

In my lab, NSX-T is following VDS + NVDS architecture. Management SDDC where VCD cells are deployed have a VDS named ‘Cloud-VDS’ and I have a dedicated distributed portgroup named ‘VCD-Mgmt’ which is backed by VLAN 1800 and all my VCD cells are connected to this portgroup. 

VCD Database cluster is healthy and HA status is up.

Now it’s time to jump into the lab and configure the NSX-T side of things.

Create VLAN backed Logical Segment

• Create a new segment and don’t attach it to any gateway.
• Place the segment in the transport zone where only edge nodes are connected. 
• VLAN ID for this segment will be the same as configured to the VDS portgroup where VCD cells are connected. 

Create T1 Gateway

We can use the existing T1 gateway for VCD load balancing, but I have chosen to deploy a new T1 gateway dedicatedly for VCD.  This T1 gateway must be instantiated on Edge Cluster as we will be configuring load balancer which is a stateful service. 

Note: Don’t attach this T1 gateway to the T0 gateway. T1 gateway will operate in standalone mode.

Add Tier-1 Service Interface

VLAN backed segment that we created in step-1 needs to be attached as a service interface on the T1 gateway. Edit T1 gateway and expand Service Interfaces and click on Set.

Click on Add Interface and map the interface to the logical segment. The IP address of this interface will be from the VLAN dedicated for VCD.

Add Static Route on T1 Gateway

Add a default static route with next-hop pointing to the default gateway of VCD VLAN (1800 in my case) on the physical router.

Once the T1 gateway is configured, verify that the T1 service interface is reachable via a physical network.

Import VCD SSL certs in NSX-T

Import VCD public certificate in the NSX-T Manager by navigating to System > Settings > Certificates > Import Certificate

Provide name, full certificate chain, private key, and enable set as Service Certificate.

Add LB Monitor

Create a new monitor by navigating to Networking > Load Balancing > Monitors > Add Active Monitor HTTPS

• Name: Provide a name
• Monitoring Port: 443
• HTTP Request Configuration: GET /cloud/server_status, HTTP Request Version: 1
• HTTP Response Configuration: HTTP Response Code: 200
• SSL Configuration: Enabled, Client Certificate: None

Add Application Profile

To add an application profile, navigate to Networking > Load Balancing > Profiles > Add Application Profile > HTTP

Provide a name for the profile and adjust below parameters to the value specified:

• Request Header Size: 65535
• Request Body Size: 52428800
• Response Header Size: 50000

Add Server Pools

Networking > Load Balancing > Server Pools > Add Server Pool

• Algorithm: Least Connection
• Active Monitor: Select the one which you created earlier.
• Select members: Enter individual members.

Add Virtual Servers

We will add two virtual servers. One for UI/API and another for VM Remote Console connections. 

To configure virtual servers navigate to Networking > Load Balancing > Virtual Servers

For vCloud UI

• Add virtual server: L7 HTTP
• Ports: 443
• Server Pool: select the one which we created in earlier step.
• Application Profile: the one which we created earlier.
• Persistence: default-source-ip-lb-persistence-profile

SSL Configuration:

• Client SSL: Enabled, Default Certificate: Certificate which we imported in NSX-T UI, Client SSL Profile: default-balanced-client-ssl-profile,
• Server SSL: Enabled, Client Certificate: None, Server SSL Profile: default-balanced-server-ssl-profile

vCloud Console

• Add virtual server: L4 TCP
• Ports: 8443
• Server Pool: the one which we created earlier.
• Application Profile: default-tcp-lb-app-profile.
• Persistence: disabled.

Load Balancer

Now we can create load balancer instance and associate the virtual servers with it. Create the LB instance on the Tier 1 Gateway which routes to your VCD cell network. To add load balancer navigate to Networking > Load Balancing > Load Balancers > Add Load Balancer

• Provide a name for the LB and select the T1 gateway which you created dedicatedly for VCD. 
• Under virtual servers click on set to define the virtual servers which we created in previous step.

Select the virtual servers from the list.

Change VCD Public URL

The last step is to change the public url of VCD to point to hostname of the VIP defined for VCD.

Test VCD login by connecting to VCD load balancer address.

And that concludes this post. 

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂