Product Announcements

Load Balancing using vCloud Networking and Security 5.1 Edge

VMware vCloud Networking and Security Edge is part of the vCloud Networking and Security solution and provides network edge security and gateway services such as DHCP, VPN, NAT, Firewall and Load Balancing. Edge provides load balancing for TCP, HTTP, and HTTPS traffic. Edge maps an IP address to a set of backend servers for load balancing. In this blog, I am going to show step-by-step configuration illustrating how easy it is to deploy and configure load balancing using Edge.

Each Edge virtual appliance can have a total of ten uplink and internal network interfaces. In the three-tier application below, Web, App and DB tiers are on three different internal interfaces of the Edge. Uplink interface is connected to network with access to corporate network. In this example, we are going to load balance HTTP and HTTPS traffic to two internal web servers ( and using an external virtual address (


VMware vCenter view of this setup with Edge interfaces is shown below.

Let’s go through the following steps to setup load balancing using Edge

  • Create Pool of Servers
  • Create Virtual Server
  • Enable Edge Load Balancer Service
  • Configure Edge Firewall Rules

Step 1: Create Pool of Servers

First create a pool of backend servers to share the load flexibly and efficiently. Pool manages health check monitors and load balancer distribution methods.

Let’s give a name for the load balancer pool and configure the services (HTTP, HTTPS, TCP) supported by this pool.

Select the load balancing method for each enabled service. The details of the supported load balancing options IP_HASH, LEAST_CONN, ROUND_ROBIN and URI are provided below.

Load balancing method Description
IP_HASH Selects a server based on a hash of the source IP address of each packet.
LEAST_CONN New connections are sent to the server with the fewest connections.
ROUND_ROBIN Each server is used in turn according to the weight assigned to it.
URI The left part of the URI (before the question mark) is hashed and divided by the total weight of the running servers. The result designates which server will receive the request. Applicable to only HTTP service load balancing.

Next configure the health check parameters. Health check checks that servers in the server pool are alive and answering queries.

Edge supports HTTP and TCP health check modes for HTTP service, SSL and TCP health check modes for HTTPS service, and TCP health check mode for TCP service.

Mode Description
TCP TCP connection check
HTTP HTTP GET method is used to detect server status. Only responses 2xx and 3xx are valid. Other responses (including a lack of response) indicate a server failure. URI used for HTTP GET requests can be specified in the text field.
SSL Tests servers using SSLv3 client hello messages. The server is considered valid only when the response contains server hello messages.

The table below lists the health check parameters. We can change the default values if required.

Parameter Description
Interval Interval at which a server is pinged.
Timeout Time within which a response from the server must be received.
Health Threshold Number of consecutive successful health checks before a server is declared operational.
Unhealth Threshold Number of consecutive unsuccessful health checks before a server is declared dead.

Next add backend servers to the pool. Specify the weight to indicate the ratio of how many requests are to be served by each backend server. We can also change the service port and monitor port for the server if required.

Review the settings for the server pool and click Finish to accept the settings and add the pool. Then click Publish Changes for the pool configuration to take effect.

Step 2: Create Virtual Server

Give a name for the virtual server, type the ip address of the Edge internal or uplink interface to be used as the virtual server address, and select the pool to be associated with the virtual server. In Services, click Enable for each service to be supported, change the default Port, Persistence Method, Cookie Name, and Cookie Mode values as required. Click Enabled to enable the virtual server and Enable logging for sending syslog messages.

Clicking on Add creates the virtual server as shown below.

Step 3: Enable Edge Load Balancer Service

This step is self-explanatory from the below screen.

Once the Load Balancer Service is enabled, the service status changes to “Up” after few seconds as shown below when the servers in the pool respond positively to the health checks. If there are configuration errors or when the pool servers are not responding on the monitoring port, we will see Status as “Down”.

Step 4: Configure Edge Firewall Rules

We need to make sure Edge Firewall rules are setup properly to allow the services offered for load balancing. In this example, allowing HTTP (port 80) and HTTPS (port 443) traffic from external network to virtual server (

With logging enabled on Firewall rules and load balancer and a syslog server configured for the Edge, following syslog messages are shown illustrating load balancing is working as configured for HTTP and HTTPS services.

HTTP traffic from to (virtual server), load balanced to backend server

HTTP traffic from to (virtual server), load balanced to backend server

HTTPS traffic from to (virtual server), load balanced to backend server

HTTPS traffic from to (virtual server), load balanced to backend server