Load Balancing Traffic to Connection Servers

Overview

Both L4 and L7 virtual services are supported to Load balance traffic to connection servers. However, it is recommended to use L7 virtual services. This guide discussed using L7 virtual service to load balance traffic to connection servers.

Using an L7 Virtual Service

Create Custom Health Monitor for Connection Servers

  1. From the Avi UI, navigate to Templates > Profiles > Health Monitors.

  2. Click on Create.

  3. In the New Health Monitor screen, select the Type as HTTPS.

  4. Set the Send Interval to 30 seconds and Receive Timeout to 10 seconds. The New Health Monitor screen is as shown below:
    Health Monitor

  5. Select the Response Code as 2xx.

  6. Select an appropriate SSL Profile.
    Health Monitor

  7. Click on Save.

Create an SSL Profile

Create an SSL profile with session reuse disabled. Follow the steps shown below: To create a new SSL profile,

  1. In the Avi UI, navigate to Templates > Security > SSL/TLS Profile > Create > Application Profile.

  2. In the New SSL/TLS Profile screen, select the Ciphers and the TLS version.

  3. Enable TLS 1.1 and TLS 1.2 for backward compatibility with older Horizon clients.

  4. Ensure the option Enable SSL Session Reuse is disabled.
    SSL Profile

  5. Click on Save.

Creating a Pool

If connection servers are configured in the replication mode then persistence on the connection server is not required. In the non-replication mode, use Consistent Hash - Source IP address as the load balancing algorithm.
Enable SSL to backend and select the appropriate SSL profile (Connection-Server-SSL-Profile used here).

To create a pool,

  1. From the Avi UI, navigate to Applications > Pools.

  2. Click on Create Pool.

  3. Enter the details as shown below:
    Pool

  4. Click on Next.

  5. Enter the Server IP Address and click on Add Server.
    Pool

  6. Click Next and enter the details as required under the Advanced tab.

  7. Click Next and click Save.

Creating an Application Profile

Use an HTTPS application profile, with Connection Multiplex and X-Forwarded-For disabled.
Pool

Creating an L7 Virtual Service

To create the L7 virtual service,

  1. Navigate to Applications > Virtual Services.

  2. Click on Create Virtual Service > Advanced Setup.

  3. Enable SSL and choose the required SSL Profile.

  4. Select the Connection Server Pool. The virtual service is as shown below:
    Virtual Service
    Virtual Service

  5. Click on Next and navigate to Step 4: Advanced.

  6. Click on Save.

The following are the changes in the UAG server when the load balancer is present between the UAG and connection server:

Connection Server

  • The connection server URL should point to the Avi load balancer.
  • The connection server URL thumb print:
    • For an L7 virtual service: The connection server URL thumbprint is taken from the certificate that is bound to the Avi load balancer.
    • For an L4 virtual service: The connection server URL thumbprint is be taken from the certificate that is present in the connection server itself.
    • For an L4 virtual service with SSL (System-SSL-Application) the connection server URL thumbprint is taken from the certificate that is bound to the Avi load balancer.

Creating the App Volume Manager Pool

To create the pool,

  1. From the Avi UI, navigate to Applications > Pools.

  2. Select the vCenter cloud from the Select Cloud sub-screen.

  3. Click on Next.

  4. Click on Create Pool.

  5. In the New Pool: screen, update the details as shown below:

Field Value
Default Server Port 443
Persistence System-Persistence-Client-IP
Load Balance Least Connections
Analytics Profile Systems-Analytics-Profile

  1. To bind the monitor, click on Add Active Monitor and select the HTTPS Health Monitor that was created.

  2. Under SSL to Backend Servers, select Enable SSL.

  3. Select System-Standard as the SSL Profile.

The New Pool screen appears as shown below:
Pool

  1. Click on Next.

  2. Enter the Server IP Address and click on Add Server.
    Pool

  3. Click on Next and Save.

Creating Application Profile

  1. From the Avi UI, navigate to Templates > Profiles.

  2. Click on Create.

  3. Enter the Name of the profile.

  4. Select the Type as HTTP.

  5. Ensure Connection Multiplex is disabled.

The New Application Profile screen is as shown below:
Application Profile

  1. Click on Save.

Creating L7 Virtual Service

To create the new L7 virtual service,

  1. From the Avi UI, navigate to Applications > Virtual Services.

  2. Click on Create Virtual Service > Advanced Setup.

  3. In the New Virtual Service screen, enter the virtual service Name.

  4. Under VIP Address, enter the IPv4 VIP Address.

  5. Select the Application Profile that was created.

  6. Under Service Port,click on Add Port, enter 443 as the Port and select SSL.

  7. Under Pool, select the pool that was created for app volumes.

  8. Under SSL Settings, select System-Standard as the SSL Profile and select the SSL Certificate.

The New Virtual Service is as shown below:
Virtual Service

  1. Click on Next.

  2. Navigate to Step4: Advanced and click on Save.