Design Options for NAT/LB with ECMP enabled ESG an...

vvermani · ‎05-15-2017

Lets say the following is the configuration:

------------------------------------------------

ESG1 - (ECMP Enabled)

Uplink (To Router A) 192.168.100.11/24

Internal (Transit) 192.168.5.11/24

ESG2 - (ECMP Enabled)

Uplink (To Router b) 192.168.100.12

Internal (Transit) 192.168.5.12/24

DLR - (ECMP Enabled)

Uplink (Transit) 192.168.5.10/24

Internal (APP) - 172.16.10.1/24

VM1 (Win2012R2) - 172.16.10.51

VM2 (Win2012R2) - 172.16.10.52

OSPF is being used for route advertisement between DLR and ESG

BGP is being used for route advertisement to the Physical Routers A & B

-------------------------------------------------

Due to ECMP enabled ESG, I understand that I will not be able to use NAT/LB feature on the existing deployed ESGs, I am looking for design options, to setup the following:

1. NAT to RDP on the internal app VMs

2. Setup "In-Line" LB for https/RDP connection to the two internal app VMs from an outside IP.

Many thanks in anticipation.

Thanks, VV

lhoffer · ‎05-16-2017

If you need the LB to be inline where the original source IP will be maintained, then the ESG you add for LB services will need to be in the traffic path so having it on a transit VLAN between the ECMP ESGs and the DLR would work, or you could also use the new ESG as the default gateway for the VMs in place of the DLR but you then lose the efficiencies that the DLR provides. If this is an existing environment (and possibly even if it's not) you may also want to look at deploying this as a one armed LB as described here in the VMware Documentation Library as well.

All

Design Options for NAT/LB with ECMP enabled ESG and DLR