Tuesday, January 10, 2017

Creating an Active-Passive Pool on VMware NSX Load Balancer

In most of my NSX load balancing deployment at a customer, there is always a use case for Active-Standby or Active-Passive load balancing where the load balancer always forwards the traffic to the primary member and only forward to secondary member only if the primary member is down. The secondary member is working as a standby member.

As a comparison, F5 has this function called Priority Group feature. The Priority Group feature in F5 assigns a priority number to the pool member. Within the pool, traffic is then load balanced according to the priority number assigned to the pool member. Members that are assigned a high priority receive all traffic until the load reaches a certain level or some number of members in the group become unavailable.

This feature is not available in NSX load balancer, but we can use NSX Application Rule to achieve a similar result. NSX Layer 7 engine is based on HAProxy so we can use HAProxy ACL to achieve this Active-Standby load balancing method. Application rules enable NSX to create advanced load balancing rules which may not be possible with the application profile or services natively available on the NSX Edge. The application rule will be utilized by the virtual server configuration.

We can use the nbsrv in ACL to check if primary member is down (pool member is 0) then switch to secondary member (pool). To achieve this, we create two pools, create the application rule, and apply it to the virtual server.
Below is the Application Rule for active/standby pool
acl pool_is_down nbsrv(active_pool_name) eq 0
use_backend standby_pool_name if pool_is_down
Here is a step by step configuration in VMware HOL-1703-SDC-1-HOL
1.  Create 2 Pool: pool-web-01a (active pool) and pool-web-02a (standby pool)

2. Create Application Rule, to add a comment on the script use #. In below screenshot example row 1 & row 3 are comments, the scripts are in row 2 and row 4.

3. Create Virtual Server, select the designated active pool as the Default Pool, and apply the Active-Standby Application Rule

The load balancer will now always forward to pool-web-01a and only use pool-web-02a when pool-web-01a is down/has no member. A caveat to note is that failback/preempt is enabled without delay, so the load balancer will instantly switch back and forward to pool-web01a whenever it comes back online.
I haven't found a way to disable preempt or delay the preempt. So if your active pool is down, disable the member to disable the failback/preempt