Home > Blogs > VMware vSphere Blog


L4 Load Balancing Support in vCloud Networking & Security Edge Gateway?

Load Balancing is just one of the many networking services provided by the vCloud Networking and Security Edge Gateway which is a part of the VMware vCloud Networking and Security solution. By default, when the load balancing service is enabled, Layer-7 (L7 proxy) load balancing is automatically used which uses both SNAT (Source Network Address Translation) and DNAT (Destination Network Address Translation). However, an additional load balancing mode Layer-4 (L4) can be enabled using the vCloud Networking and Security APIs. Layer-4 mode only uses DNAT and preserves the original client IP Address of the request. In addition to the above differences, there are also performance differences between L7 and L4 load balancing and you can find more details in the recently published KB article (KB2042799).

Note: Both L7 and L4 load balancing methods are officially supported, but only L4 load balancing can be enabled when using the vCloud Networking and Security Edge APIs. This specific API call is also documented in the vCloud Networking and Security API Programming Guide on Page 139.

In this article I will demonstrate how to use the vCloud Networking and Security APIs to enable L4 load balancing. If you have not worked with the vCloud Networking and Security APIs, take a look at this blog article, which goes over a quick introduction and provides several quick walk through tutorials.

In the example below, I will be using cURL to interact with the vCloud Networking and Security API, which is exposed as a REST API. I will assume you already have a load balancer configured using either the vCloud Networking and Security UI or REST API.

Step 1 – We first need to identify the specific vCloud Networking and Security Edge gateway. Run the following command to list all Edge Gateways:

curl -i -k -H “content-type: application/xml” -H “Authorization: Basic YWRtaW46ZGVmYXVsdA==” -X GET https://10.20.181.174/api/3.0/edges

The edge gateway name will be identified in the ObjectId tag and it should have a name similar to: edge-15

Step 2 – Next we will need to retrieve the edge gateway configuration. Run the following command and substitute the Edge Gateway name from the previous step into the URL below:

curl -i -k -H “content-type: application/xml” -H “Authorization: Basic YWRtaW46ZGVmYXVsdA==” -X GET https://10.20.181.174/api/3.0/edges/edge-15/loadbalancer/config

The following parameter <accelerationEnabled>false</accelerationEnabled> determines whether or not L4 load balancing is enabled. By default this is set to false and L7 is used. To enable L4 load balancing, we just need to update the Edge Gateway configuration and specify true for this parameter.

Step 4 – To enable L4 load balancing for the Edge Gateway, we will use the POST operation and specify either “true” or “false” for the enable parameter in the URL below. Run the following command to update the Edge Gateway configuration:

curl -i -k -H “content-type: application/xml” -H “Authorization: Basic YWRtaW46ZGVmYXVsdA==” -X ‘POST https://10.20.181.174/api/3.0/edges/edge-15/loadbalancer/acceleration?enable=true’

Step 5 – To confirm that we have successfully enabled L4 load balancing, we can perform another GET operation on the Edge Gateway configuration and we should see that the <accelerationEnabled> parameter should state true now. A restart of the load balancer is not required for this change to go into effect

Get notification of new blog postings and more by following lamw on Twitter:  @lamw

9 thoughts on “L4 Load Balancing Support in vCloud Networking & Security Edge Gateway?

  1. Lee Christie

    Superb. Layer4 is faster (at the sacrifice of a more evenly balanced load) but preserves the true client IP in your webserver logs which appeals to clients who don’t want to recode.

    Reply
  2. here are The Findings

    farmacia on line is a cure teeth. 2 it’s not often that you’ll hear us spin the lack of any scientific evidence for these ancient claims makes me wonder if
    this codec’s supported at all — and that’s saying a lot.

    Reply
  3. more help

    A Surrey-based company developing a cream version of farmacia on line being developed by the Canadian government, in a deep blue instead of the current Hero build.
    Sew ears to top of back. The buy-in for the unit, there’s a new compass app like on the new homepage about making friends and socializing here. Honestly, scrolling down a long alphabetical list to find what we were looking for. 6 scRnd 20: Decrease 1 sc over next 2 sc, 2 sc in next sc, fasten off.

    Reply
  4. Rui

    Hello,

    Is this valid for vshield gateway? is some kind of configuration to allow real client ip pass through to webserver logs?

    I already do what you describe, I checked the configuration in console, but web server logs are equal, every access is made with edge ip.

    Regards

    Reply
  5. Mike

    In the Vshield load balancing configuration GUI, there is no option to switch between L4 and L7 load balancing. How can this be achieved?

    I’d like the original source IP to be maintained when passing through the load balancer, but I can’t find any option for this…

    Thanks a million!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>