Load balancer + security groups

jobl · ‎01-26-2017

I am trying to accomplish whats written in this blog https://www.vmguru.com/2016/11/nsx-edge-load-balancer-nodes-not-accessible/ but with vra7

I.e I deploy the load balancer and the vm's from a blueprint. the vm's belongs to a security group. But the loadbalancer can't access them because I cant add the load balancer to the SG. What I need to do is to add firewall rules with the ip of the load balancer to a security group which includes the deployed vm's. Are there any prewritten integration for this?

br

Johan

VCI, VCAP-DCA,VCAP-DCD,VCP-NV and so on 🙂 www.rtsab.com

bayupw · ‎01-27-2017

Hi, how do you create the blueprint?
Do you use external network profile or routed network profile or NAT network profile?

Do you have app isolation policy enabled or disabled?

When using external and routed network profiles, one-arm load balancer will be deployed.

All of the member VMs of every load balancer pool & load balancer VIPs must be on the same network.

For NAT network profile, inline load balancing will be used, the North-South Edge will have load balancing services enabled.

For NAT, mixing VIP placement is supported (i.e. Web VIP on external, App VIP internal network)

VIPs and member VMs must be on the same network when VIP is on the internal network

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

jobl · ‎01-30-2017

External profile

And app isoliation policy does not matter at all.. As it won't effect the loadbalancer (i.e the loadbalancer won't be added to the policy)

VCI, VCAP-DCA,VCAP-DCD,VCP-NV and so on 🙂 www.rtsab.com