NSX - Configure a Load Balancer in an Edge Security Gateway using Powershell/PowerNSX
This is a quick snippet explaining how to use Powershell and PowerNSX to configure a Load Balancer (LB) in an Edge Security Gateway (ESG).
Objective
Setting up a simple DNS LB using Powershell and PowerNSX with the following specs:
- 1x VIP - ESG - Internal interface
- 10.0.0.1/29 (VXLAN X)
- 2x pool members - ESG - External interface
- 172.16.52.10/24 and 172.16.52.11/24 (VLAN X)
- LB policy - Round-Robin
- Transparent
We will not create a new ESG in the post, hence we will use an existing one and add the LB configuration to it.
We will be setting up the LB in the internal interface (Transit - 10.0.0.1).
The final objective is to allow any host/client in the Transit network (10.0.0.0/29), to use ESG LB IP (10.0.0.1) has DNS server. And load balancing the requests across the two DNS servers (172.16.52.10 and 172.16.52.11).
Setup
Let’s set it up, step by step.
Enabling LB service of the ESG
To get the LB working we need to enable the LB service in the edge.
Enabling LB service
$null = Get-NsxEdge -Name "vPOD-Edge" | `
Get-NsxLoadBalancer | Set-NsxLoadBalancer -Enabled
Enabling LB service acceleration
Enabling LB Acceleration gets the ESG LB to use the faster L4 LB engine instead of the L7 LB engine.
$null = Get-NsxEdge -Name "vPOD-Edge" | `
Get-NsxLoadBalancer | Set-NsxLoadBalancer -EnableAcceleration
Creating Application profile
We need to create an Application profile to define the behaviour of a particular type of network traffic, in our case DNS is UDP.
$dnsAppProfile = Get-NsxEdge -Name "vPOD-Edge" | Get-NsxLoadBalancer | `
New-NsxLoadBalancerApplicationProfile -Name "DNS LB" -Type UDP
Creating Server Pool
Create an object with our pool members
Create an object with our pool members with each of the objects being an hash to be make it simple to add additionally entries if we need.
$lbPoolMembers = @(
@{ name = "dns01"; ip = "172.16.52.10" },
@{ name = "dns02"; ip = "172.16.52.11" }
)
Create an object with LoadBalancerMember objects to create our server pool configuration
$lbPool = @()
foreach ($member in $lbPoolMembers) {
$lbPool += New-NsxLoadBalancerMemberSpec -name $member.name `
-IpAddress $member.ip -Port 53 -MonitorPort 53
}
Create our server pool with the objects created above
$dnsServerPool = Get-NsxEdge -Name "vPOD-Edge" | `
Get-NsxLoadBalancer | `
New-NsxLoadBalancerPool -name "DNSpool" `
-Description "Local DNS pool" `
-Transparent:$true -Algorithm round-robin `
-Memberspec $lbPool
Configure LB VIP
$null = Get-NsxEdge -Name $edgeName | Get-NsxLoadBalancer | `
Add-NsxLoadBalancerVip -name "LAB06_Local_DNS_LB" `
-Description "VIP LB for LAB06 Local DNS/DC servers" `
-ipaddress "10.0.0.1" `
-Protocol udp -Port 53 -ApplicationProfile $dnsAppProfile `
-DefaultPool $dnsServerPool -AccelerationEnabled
Summary
A quick summary of what we setup
- We enable LB service in the ESG
- Create an Application profile to define our particular traffic behaviour
- Create a server pool with our two pool members
- Last we configure our LB VIP