Hi
we are new to NSX, and we would like to know whether we can deploy source based routing with NSX?
the basic idea here is decide the routing based on source IP address + port address. so when we aware there is new port address is used, we will provision NSX such that it will routing to a dedicate VM.
is that works?
Can you please elaborate this requirement with more detail for better understanding ?
Also please explain what exactly you are trying to achieve by this statement "we will provision NSX such that it will routing to a dedicate VM"
If possible put simple diagram to explain your requirement.
hi
let's take an example below. we have three four VMs, named as Node-X, Node-A, Node-B and Node-C. By default, IP traffics will route to Node-X, and when Node-X will check the source IP address and source port address.
Node-X will identify the source IP and port address, and then provision NSX through API call such that this particular source IP and source port address should route to Node-A.
e.g.
IP address Port Address Action
172.28.0.11 12345 route to Node-A
172.28.0.11 23456 route to Node-B
172.28.0.11 34567 route to Node-C
can it be achieved?
You could use the load balancing functionality in an ESG to do this where your "node X" would be the VIP on the ESG, and you could then define application rules to direct the traffic to different server pools based on source IP/port range. The syntax for those is based on HA Proxy ACLs but once you've set up the load balancer with a VIP (for node X) and a server pool for each of the 3 backend nodes, you would basically just need to add something like the following as application rules
acl node-a src 172.28.0.11
acl node-a src src_port 1234
use_backend [name of the pool that contains node A] if node-a
Hi
the rule can be provisioned using API?
Sure, application rules are covered in the API guide starting at the bottom of page 209: http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_api.pdf
Hi
Need further help on this.
In NSX, do we need to define logical switch, edges in this case?
need some help so that we can understand the configuration fully.
NSX load balancer service needs Edge to be deployed. As this LB may be either inline meaning the traffic should pass through this edge or one-armed that needs SNAT (Source Nat). One armed mode may be more suitable for only Load Balanced traffic needs to pass throught the Load Balancer, as Inline mode all traffic needs to pass through the Edge that has LB function. For some traffic types source natting may not be supported.
Thank for the reply.
In Application Profile, we observed there are only having TCP/HTTP/HTTPS/UDP, does it meant that other protocol cannot be used, such as SCTP?
we actually want to deploy such environment based on SCTP protocol.
if you only need Edge Services Gateway functionality, VXLAN/logical switch (and also DLR) is not mandatory.
You can use NSX Edge on VLAN-backed dvPortGroup
from the Edge router, is it possible to configure the destination routing based on source IP + source port?
from the DNAT table, it only allows to change the destination IP only.
You can use Load Balancing features as mentioned bylhoffer .
Enable Load Balancing services on the NSX Edge.
In your scenario, create 3 pools, pool_node-a, pool_node-b, pool_node-c
Create application rule as below, taken from lhoffer reply
acl node-a src 172.28.0.11
acl node-a src src_port 12345
acl node-b src 172.28.0.11
acl node-b src src_port 23456
acl node-c src 172.28.0.11
acl node-c src src_port 34567
use_backend pool_node-a if node-a
use_backend pool_node-b if node-b
use_backend pool_node-c if node-c
Then apply the application rule to the virtual server
For more LB config examples, see this doc NSX-6.2 - LB configuration examples
Hi
does it work for SCTP protocol?