The schema for
load balancer configuration consists of an object that has a data structure
containing general properties and the following objects:
■
|
virtualServer (Array)
|
■
|
pool (Array)
|
■
|
applicationProfile
(Array)
|
■
|
applicationRule (Array)
|
■
|
monitor (Array)
|
For an example of the data
structure for the load balancer object, see
Example: Request and
Response to Get Load Balancer Configuration.
GENERAL
CONFIGURATION
|
|
|
|
|
featureType
|
String
|
Yes
|
Identifies the
Advanced
Networking Services feature
Note
This element is set
as
"featureType" :
"loadbalancer_4.0". This value is required. Do not change it.
|
|
version
|
Number
|
Yes
|
Current version of the load balancer
configuration
|
|
enabled
|
Boolean
|
No
|
Enables load balancer configuration
|
|
accelerationEnabled
|
Boolean
|
No
|
Sets the load balancer to use the faster L4
engine rather than the L7 engine
The L4 TCP VIP is
processed before the edge gateway firewall so no Allow firewall rule is
required.
L7 HTTP/HTTPS VIPs are
processed after the firewall. Therefore, when
accelerationEnabled is
false, an edge gateway
firewall rule must exist to allow access to the L7 HTTP/HTTPS VIP.
When
accelerationEnabled is
true and the server
pool is in non-transparent mode, an SNAT rule is added. Therefore, ensure that
the firewall is enabled on the edge gateway.
By default,
accelerationEnabled is
set to
false.
|
Add an edge gateway internal or
uplink interface as a virtual server. A virtual server has a public IP address
and services all incoming client requests. By default, the load balancer closes
the server TCP connection after each client request.
VIRTUAL SERVER
(virtualServer
– Array)
|
|
|
|
|
virtualServerId
|
String
|
Yes
|
The ID of the virtual server
The value for
virtualServerId should
match the virtualServer-X pattern.
|
|
name
|
String
|
Yes
|
A name for the virtual server
The virtual server name
must be unique on the edge gateway.
|
|
description
|
String
|
No
|
A description for the virtual server
|
|
enabled
|
Boolean
|
No
|
Enables the virtual server
By default,
enabled is set to
true.
|
|
ipAddress
|
String
|
Yes
|
The IP address that the load balancer is
listening on
Set a valid edge gateway
vNIC IP address.
|
|
ipPoolId
|
String
|
No
|
Associates a server pool to the virtual server
|
|
ipPoolName
|
String
|
No
|
The name of the server pool you are associating
with the virtual server
|
|
protocol
|
String
|
Yes
|
The protocol for the virtual server—HTTP,
HTTPS, TCP, UDP
|
|
port
|
String
|
Yes
|
The port number that the load balancer will
listen on
Set a value between
1-65535.
|
|
connectionLimit
|
Number
|
No
|
The maximum concurrent connections that the
virtual server can process
By default,
connectionLimit is set
to
0.
|
|
connectionRateLimit
|
Number
|
No
|
The maximum incoming new connection requests
per second
By default,
connectionRateLimit is
set to
null.
|
|
defaultPoolId
|
String
|
No
|
Specifies a default server pool
Setting a value for
defaultPoolId is not
required; however, if you set this value it must be a valid
poolId.
|
|
applicationProfileId
|
String
|
Yes
|
The application profile to be
associated with the virtual server
You can associate only
an application profile with the same protocol as the virtual server that you
are adding.
|
|
accelerationEnabled
|
boolean
|
No
|
Sets the virtual server to use the
faster L4 engine rather than the L7 engine
By default,
accelerationEnabled is
set to
false.
|
|
applicationRuleId |
items
|
Array | String
|
No
|
Associates application rules with
the virtual server
See
APPLICATION RULE
(applicationRule –
Array).
|
You can add a server pool to
manage and share backend servers flexibly and efficiently. A pool manages load
balancer distribution methods and has a service monitor attached to it for
health check parameters.
SERVER POOL
(pool –
Array)
|
|
|
|
|
poolId
|
String
|
Yes
|
The server pool ID
The value for
poolId should match the
pool-X pattern.
Setting a value for
poolId is required only
when you associate the server pool with the virtual server.
|
|
name
|
String
|
Yes
|
The name for the load balancer
pool
Specify a unique name
per edge gateway.
|
|
description
|
String
|
No
|
A description for the load
balancer pool
|
|
algorithm
|
String
|
Yes
|
The balancing method for the load
balancer:
■
|
round-robin
Each server is used
in turn according to the weight assigned to it. This is the smoothest and
fairest algorithm when the server processing time remains equally distributed.
|
■
|
ip-hash
Selects a server
based on a hash of the source and destination IP address of each packet.
|
■
|
leastconn
Distributes client
requests to multiple servers based on the number of connections already on the
server. New connections are sent to the server with the fewest connections.
|
■
|
uri
The left part of the
URI (before the question mark) is hashed and divided by the total weight of the
running servers. The result designates which server will receive the request.
This option ensures that a URI is always directed to the same server as long as
no server goes up or down
|
■
|
url
URL hashing maps the
URL (or portion) for the request to a server pool.
|
■
|
httpheader
Looks up the name of
the HTTP header in each HTTP request. If the header is absent or it does not
contain a value, the
round-robin algorithm
is applied instead.
|
By default,
algorithm is set to
round-robin.
|
|
algorithmParameters
|
String
|
No
|
Any required parameters for the
algorithm set; for example, if
url is set, specify
these parameters:
begin-pattern "string" [end-pattern "string"]
|
|
transparent
|
Boolean
|
No
|
Makes client IP addresses visible
to the backend servers
When
transparent is not
specified (the default value), backend servers see the IP address of the
traffic source as the internal IP address of the load balancer.
When
transparent is set, the
source IP address is the actual IP address of the client and the edge gateway
must be set as the default gateway to ensure that return packets go through the
edge gateway.
|
|
monitorId |
items
|
Array | String
|
No
|
The service monitor associated
with the server pool to manage and share the backend servers flexibly and
efficiently
The value for
monitorId should match
the
monitor-X pattern.
See
SERVICE MONITOR
(monitor – Array).
|
|
applicationRuleId |
items
|
Array | String
|
No
|
The application rules associated
with the virtual server
See
APPLICATION RULE
(applicationRule –
Array).
|
|
MEMBERS (member – Array)
|
|
memberId
|
String
|
No
|
Adds members to the server pool
The value for
memberId should match
the member-X pattern.
|
|
ipAddress
|
String
|
No
|
The IP address of the server
member
A value for
ipAddress is optional;
however, a value is required when
groupingObjectId is not
specified.
|
|
groupingObjectId
|
String
|
No
|
Sets a grouping object ID such as
vm-24,
network-25, or
dvportgroup-26
|
|
groupingObjectName
|
String
|
No
|
The name of the grouping object
|
|
weight
|
Number
|
No
|
The proportion of traffic this
member is to handle
By default,
weight is set to
1.
|
|
monitorPort
|
Number
|
No
|
The monitor port where the member
receives health monitor pings
|
|
port
|
Number
|
No
|
The port where the member receives
traffic
|
|
maxConn
|
Number
|
No
|
The maximum number of concurrent
connections the member can handle
When the incoming
requests are higher than the maximum, the requests are queued and the load
balancer waits for a connection to be released.
By default,
maxConn is set to
0.
|
|
minConn
|
Number
|
No
|
The minimum number of concurrent
connections a member must always accept
By default,
minConn is set to
0.
|
|
condition
|
String
|
No
|
Enables the server pool member
By default,
condition is
enabled; valid values
are
enabled and
disabled.
|
|
name
|
String
|
No
|
The name of the server member
A value for
name is optional;
however, a value is required when
name is used in an ACL
rule.
|
You create an application
profile to define the behavior of a particular type of network traffic. After
configuring a profile, you associate the profile with a virtual server. The
virtual server then processes traffic according to the values specified in the
profile. Using profiles enhances your control over managing network traffic,
and makes traffic-management tasks easier and more efficient.
APPLICATION PROFILE
(applicationProfile –
Array)
|
|
|
|
|
PROPERTIES
(properties)
|
|
applicationProfileId
|
String
|
Yes
|
The ID of the application profile
Setting a value for
applicationProfileId is
required so that you can associate the application profile with the virtual
server.
The value for
applicationProfileId
should match the
applicationProfile-X
pattern.
|
|
name
|
String
|
Yes
|
The name of the application
profile
|
|
insertXForwardedFor
|
Boolean
|
No
|
(HTTP and HTTPS) Identifies the
originating IP address of a client connecting to a Web server through the load
balancer
|
|
sslPassthrough
|
Boolean
|
No
|
Load balances SSL traffic
The load balancer
forwards the SSL handshake and connection directly to the backend server
without decrypting or encrypting the traffic.
|
|
serverSslEnabled
|
Boolean
|
No
|
(HTTPS Only) Enables SSL for the
connection
|
|
PERSISTENCE
(persistence)
|
|
method
|
String
|
No
|
The persistence method for the
profile
The persistence method
varies by type of protocol — HTTP, HTTPS, TCP, or UDP.
|
|
cookieName
|
String
|
No
|
(HTTP and HTTPS) The
cookie name
Cookie persistence
inserts a cookie to uniquely identify the session the first time a client
accessed the site and then refers to that cookie in subsequent requests to
persist the connection to the appropriate server.
Note
A cookie name is
required when you set cookie persistence.
|
|
cookieMode
|
String
|
No
|
The mode by which the
cookie should be inserted
The following cookie
insertion modes are supported:
■
|
insert
The edge gateway
sends a cookie. When the server sends one or more cookies, the client will
receive one extra cookie (the server cookies plus the edge gateway cookie).
When the server does not send any cookies, the client will receive the edge
gateway cookie only.
|
■
|
prefix
Set this option when
your client does not support more than one cookie.
|
■
|
appsession
The server does not
send a cookie; instead, it sends the user session information as a URL.
|
|
|
expire
|
String
|
No
|
The length of time in seconds that
persistence stays in effect
|
|
CLIENT SSL
(clientSsl)
|
|
ciphers
|
String
|
No
|
(HTTPS Only) The cipher
algorithms (or cipher suite) negotiated during the SSL/TLS handshake
|
|
clientAuth
|
String
|
No
|
(HTTPS Only) Whether client
authentication is ignored or required
Note
When set to
required, the client
must provide a certificate after the request or the handshake is canceled.
|
|
serviceCertificate |
items
|
Array | String
|
No
|
(HTTPS Only) The certificate(s)
used to decrypt HTTPS traffic
|
|
caCertificate |
items
|
Array | String
|
No
|
(HTTPS Only) The Certificate
Authority(s) used to decrypt HTTPS traffic
|
|
crlCertificate |
items
|
Array | String
|
No
|
(HTTPS Only) The Certificate
Revocation List(s) used when decrypting HTTPS traffic
|
|
SERVER SSL
(serverSsl)
|
|
ciphers
|
String
|
No
|
(HTTPS Only) The cipher
algorithms (or cipher suite) negotiated during the SSL/TLS handshake
|
|
serviceCertificate |
items
|
Array | String
|
No
|
(HTTPS Only) The certificate(s)
used to authenticate the load balancer from the server side
|
|
caCertificate |
items
|
Array | String
|
No
|
(HTTPS Only) The Certificate
Authority(s) used to authenticate the load balancer from the server side
|
|
crlCertificate |
items
|
Array | String
|
No
|
(HTTPS Only) The Certificate
Revocation List(s) used when authenticating the load balancer from the server
side
|
|
HTTP REDIRECT
(httpRedirect)
|
|
to
|
String
|
No
|
(HTTP and HTTPS) The URL to which
you want to re-direct HTTP traffic
For example, you can
direct traffic from
http://myweb.com to
https://myweb.com.
|
You can configure an application
rule to directly manipulate and manage IP application traffic. For information
on the application rule syntax, see the following reference guide:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html.
For more information about
creating application rules for load balancing in vCloud Air, see
Application Rule Examples in
the
NSX
Administration Guide.
APPLICATION RULE
(applicationRule –
Array)
|
|
|
|
|
applicationRuleId
|
String
|
No
|
The ID of application rule
The value for
applicationRuleId
should match the applicationRule-X pattern.
|
|
name
|
String
|
No
|
The name for the application rule
The application rule
name must be unique on the edge gateway.
|
|
script
|
String
|
No
|
The script for the application rule
For information on the
application rule syntax, see
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html.
|
You create a service monitor to
define health check parameters for a particular type of network traffic. When
you associate a service monitor with a pool, the pool members are monitored
according to the service monitor parameters.
SERVICE MONITOR
(monitor – Array)
|
|
|
|
|
monitorId
|
String
|
No
|
The ID of service monitor
The value for
monitorId should match
the monitor-X pattern.
Setting a value for
monitorId is required
only when you associate the service monitor with a server pool.
|
|
type
|
String
|
No
|
The way in which you want to send the health
check request to the server—HTTP, HTTPS, TCP, ICMP, or UDP
|
|
interval
|
Number
|
No
|
The interval at which a server is pinged
By default,
interval is set to
5.
|
|
timeout
|
Number
|
No
|
The maximum time in seconds within which a
response from the server must be received
By default,
timeout is set to
15.
|
|
maxRetries
|
Number
|
No
|
The number of times the server must be pinged
before it is declared down
By default,
maxRetries is set to
3.
|
|
method
|
String
|
No
|
(HTTP and HTTPS only) The method used to detect
server status
Valid values for
method are
GET,
HEAD,
POST,
PUT,
DELETE,
TRACE, and
CONNECT.
|
|
url
|
String
|
No
|
(HTTP and HTTPS only) The URL used in the
sample request
Note
When you set the
POST method, you must
specify a URL.
|
|
expected
|
String
|
No
|
(HTTP and HTTPS only) The string that the
monitor expects to match in the status line of the HTTP or HTTPS response
By default, the value of
expected is set to
HTTP/1.1 for the HTTPS
protocol.
|
|
name
|
String
|
No
|
The name for the service monitor
|
|
send
|
String
|
No
|
(HTTP, HTTPS, and UDP only) The data sent (the
URL encoded HTTP POST data)
|
|
receive
|
String
|
No
|
(HTTP, HTTPS, and UDP only) The string matched
in the response content
Note
When
expected is not
matched, the monitor does not try to match the
receive content.
|
|
extension
|
String
|
No
|
(ALL) Advanced monitor parameters set as
key=value pairs
For example,
warning=10 indicates
that when a server does not respond within 10 seconds, its status is set as
warning. All extension items should be separated with a carriage return
character. For example:
"extension" : "delay=2
critical=3
escape",
|
LOGGING (logging)
|
|
|
|
|
enable
|
Boolean
|
No
|
The edge gateway load balancer collects traffic
logs
|
|
logLevel
|
String
|
No
|
The log level to use; for example,
info
|