2 Replies Latest reply on Oct 23, 2018 7:14 AM by HassanAlKak88

    ESG Inline Load Balancing where DLR is the Default Gateway

    yhum Lurker

      Hello All,

       

      In regard to ESG's Load balancing service, I read at many places that the ESG must be the default gateway of the servers network in case of Inline LB mode (DLR can't be in the path). However, I feel like the below design would work If I enable Source NAT in Inline mode. ESG will do the both Source and Destination NAT and send traffic to the Internal server. Since the Internal server see the traffic coming from ESG IP address (instead of actual source), server will return the response to ESG using DLR as its default gateways.

       

      Please see the sample topology below (also attached) and give your thought. I would appreciate if someone share the experience and/or lesson learned.

       

      ESG-Inline-Topology.png

        • 1. Re: ESG Inline Load Balancing where DLR is the Default Gateway
          lhoffer Hot Shot
          vExpertVMware Employees

          The topology you reference is fine as the inline mode doesn't explicitly require that the ESG be the default gateway (the Configure a One-Armed Load Balancer section makes a reference to that being a requirement only when the ESG and pool members are on the same subnet and you use transparent mode).  The only requirement is that the ESG must be in the return path for all client sessions as direct server return (DSR) is unsupported so as long as you won't have any clients accessing the LB from other interfaces on the DLR (which could then forward return traffic directly to them and bypass the ESG) your topology works fine as the ESG is still in the traffic path.

          • 2. Re: ESG Inline Load Balancing where DLR is the Default Gateway
            HassanAlKak88 Hot Shot

            Hello,

             

            Noting that the default gateway of load balanced servers should be the ESG (Load balancer) only when the ESG and members are on the same subnet like the below design:

             

            But in your case and following your network design, it is correct and no need to change the gateway configuration.

             

             

            Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.

             

            Cheers,

            VCIX6-NV|VCP-NV|VCP-DC|

            @KakHassan

            linkedin.com/in/hassanalkak