hi

let's take an example below. we have three four VMs, named as Node-X, Node-A, Node-B and Node-C. By default, IP traffics will route to Node-X, and when Node-X will check the source IP address and source port address.

Node-X will identify the source IP and port address, and then provision NSX through API call such that this particular source IP and source port address should route to Node-A.

e.g.

IP address          Port Address          Action

172.28.0.11          12345                   route to Node-A

172.28.0.11          23456                   route to Node-B

172.28.0.11          34567                   route to Node-C

can it be achieved?

You could use the load balancing functionality in an ESG to do this where your "node X" would be the VIP on the ESG, and you could then define application rules to direct the traffic to different server pools based on source IP/port range.  The syntax for those is based on HA Proxy ACLs but once you've set up the load balancer with a VIP (for node X) and a server pool for each of the 3 backend nodes, you would basically just need to add something like the following as application rules

acl node-a src 172.28.0.11

acl node-a src src_port 1234

use_backend [name of the pool that contains node A] if node-a

Hi

the rule can be provisioned using API?

Sure, application rules are covered in the API guide starting at the bottom of page 209:  http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_api.pdf

Hi

Need further help on this.

In NSX, do we need to define logical switch, edges in this case?

need some help so that we can understand the configuration fully.

NSX load balancer service needs Edge to be deployed. As this LB may be either inline meaning the traffic should pass through this edge or one-armed that needs SNAT (Source Nat).  One armed mode may be more suitable for only Load Balanced traffic needs to pass throught the Load Balancer, as Inline mode all traffic needs to pass through the Edge that has LB function. For some traffic types source natting may not be supported.

Thank for the reply.

In Application Profile, we observed there are only having TCP/HTTP/HTTPS/UDP, does it meant that other protocol cannot be used, such as SCTP?

we actually want to deploy such environment based on SCTP protocol.

if you only need Edge Services Gateway functionality, VXLAN/logical switch (and also DLR) is not mandatory.

You can use NSX Edge on VLAN-backed dvPortGroup

from the Edge router, is it possible to configure the destination routing based on source IP + source port?

from the DNAT table, it only allows to change the destination IP only.

You can use Load Balancing features as mentioned bylhoffer‌ .

Enable Load Balancing services on the NSX Edge.

In your scenario, create 3 pools, pool_node-a, pool_node-b, pool_node-c

Create application rule as below, taken from lhoffer‌ reply

acl node-a src 172.28.0.11

acl node-a src src_port 12345

acl node-b src 172.28.0.11

acl node-b src src_port 23456

acl node-c src 172.28.0.11

acl node-c src src_port 34567

use_backend pool_node-a if node-a

use_backend pool_node-b if node-b

use_backend pool_node-c if node-c

Then apply the application rule to the virtual server

For more LB config examples, see this doc NSX-6.2 - LB configuration examples

Hi

does it work for SCTP protocol?