Solved: Re: Load Balancing Mode's

hs77 · ‎01-22-2015

NSX LB operate in one of the 2 Modes: One arm mode and Inline Mode.

But in NSX ICM Course Lab workbook there is another mode mentioned: 2 Armed mode. Also in this mode transparent check box is not enabled.

what is this 2 Arm mode.

ddesmidt · ‎01-23-2015

NSX Edge has no concept of 2 arm or 1 arm deployment.

What NSX Edge knows is under the pool:

. Transparent enabled => SNAT is configured

. Transparent disabled => SNAT is not configured

So when you deploy an Edge in 2 arm mode:

"Client --- Edge --- servers_load_balanced" (with servers default gw = Edge)

If you have Transparent enabled, it will works and the server will see the real client IP@, so the server will reply to the Client IP@ (via its default gw = Edge)

If you have Transparent disabled, it will works and the server will see the Edge IP@, so the server will reply to the Edge IP@ (which will NAT to reply to the Client)

View solution in original post

RussH · ‎01-23-2015

Hi - my understanding is:

1 arm mode is effectively a SNAT on the edge (i.e. traffic comes externally from internet to the edge, the edge will replace the source IP with that of its own interface and then forward the traffic to the back end server (the backend server never see's the orignal source IP). When the server replies, the server sends the traffic to the edge, where the process is reversed). This way the LB/Edge and the backend server can be on the same subnet - the backend server does not need to use the LB as it's default gateway.

2 arm mode routes the traffic through the edge without translating the source IP.... (i.e The backend server actually see's the original source IP - this can be important for some applications). The LB/Edge and backend server are on two different subnets - the backend server uses the edge as its default gateway.

ddesmidt · ‎01-23-2015

Short easy answer:

. "1 arm mode" equals "Non-Transparent" in NSX Edge and does SNAT (client-IP@ is replaced by Edge-IP@ - server will still see sce-IP@=Edge-IP@)

. "In-Line mode" is sometimes also called "2-arms mode" and equals "Transparent" in NSX Edge where there is no SNAT (client-IP@ is not replaced by Edge-IP@ - server will still see sce-IP@=Client-IP@)

Dimitri

hs77 · ‎01-23-2015

Dimitri if in 2 Arm mode we don't enable transparent check box then what happens.

ddesmidt · ‎01-23-2015

NSX Edge has no concept of 2 arm or 1 arm deployment.

What NSX Edge knows is under the pool:

. Transparent enabled => SNAT is configured

. Transparent disabled => SNAT is not configured

So when you deploy an Edge in 2 arm mode:

"Client --- Edge --- servers_load_balanced" (with servers default gw = Edge)

If you have Transparent enabled, it will works and the server will see the real client IP@, so the server will reply to the Client IP@ (via its default gw = Edge)

If you have Transparent disabled, it will works and the server will see the Edge IP@, so the server will reply to the Edge IP@ (which will NAT to reply to the Client)

admin · ‎02-10-2016

Hi

What NSX Edge knows is under the pool:

. Transparent enabled => SNAT is configured

. Transparent disabled => SNAT is not configured

But when I enable Transparent mode, i am not able to see the SNAT rule getting generated in NAT tab. I can see only DNAT Rule auto generated. ?

Really appreciate if you could clarify

ddesmidt · ‎02-11-2016

When a LB VIP is created, an "internal DNAT" rule in created under NAT (you can see it with the description "loadBalancer").

This happens regardless if the VIP is:

in transparent mode (no SNAT with pool = transparent)
in non-transparent mode (SNAT with pool = non-transparent)

The SNAT in case of non-transparent mode is NOT done via "Edge-NAT" but directly within the "Edge-LB". That's why you don't see it under "Edge-NAT"

Dimitri

All

Load Balancing Mode's