Re: UAG and Connection Server Load balancing with ...

priscillagr · ‎10-02-2018

Hello community!

So, i'm trying to understand how can i use NSX load balancing to do both the external load balancing for the UAG and the internal load balancing for the connection servers. I know best practices would be be the In line topology, but what i am wondering is: can i make both load balancers in one EDGE? Or i would need two edges in my topology: one to be the external load balancer balacing the UAGS and another edge to be the internal load balancer to balance the connection servers?

BenFB · ‎10-02-2018

I don't use NSX but I think you are mixing up the UAG and security servers. The security servers required a in line or 1:1 topology between the security server and the connection server. With a UAG that is no longer the case and they can be both load balanced and point to a load balanced VIP of connection servers as long as persistence is configured correctly.

priscillagr · ‎10-02-2018

I'm talking about the UAG! For external access they can have a VIP loading balancing the UAG. And between the UAG and the connections servesr i can have an interval loading balancing the connections servers. So it would be something like that:

LB External VIP (DMZ)

|

UAG1 --------- UAG2

|

LB Internal VIP (INTERNAL)

|

CS1------------- CS2

What i am trying to understand is: can LB External VIP and LB Internal VIP be configured in the same NSX EDGE? Would that make sense? Or i need two NSX EDGE, one to configure the external LB and the other to confiugre de internal LB.

BenFB · ‎10-02-2018

Your diagram is correct and that's how our environment looks with the exception that we have additional UAG/connection servers.

I unfortunately can't speak to the need for multiple NSX edges since I'm not familiar with it. However, it's important that the VIP and subnets that the UAG and connections servers are on are all different so you can firewall between them.

All

UAG and Connection Server Load balancing with NSX