Every customer has different requirements hence consider this blog for reference. To set the scene, let say one of the customer who bought the NSX solution was running Distributed Network services except Load balancing but presented their interest to use the NSX Load Balancer for their virtualized web application. As per their requirement client HTTPS connection should terminate on NSX Layer 7 LB and LB initiate contiguous insecure HTTP connection to the Back-end server for further processing. Requirement looks easy from NSX load balancer product perspective, which supports all requested features. Upon further dialogue with customer technical team, they discussed max concurrent connection and connection per sec support on NSX load balancer.
For reference of the discussion adding a public facing blog which provides NSX Edge scale numbers (Keep in mind scale numbers may change upon minor or major NSX release): NSX Edge Features and Performance Matrix
The technical team used the same blog as the reference for solution discussion. As per the Blog X-Large NSX LB running as Layer 7 Proxy can support max 60,000 concurrent connection and process 50,000 incoming connections per second. They claimed that the number of concurrent connections and connections request per sec would be 6 times higher than what X-Large NSX LB could support. Hence requested a solution which could scale based on the present requirement and future increase in traffic or demand. Later on, the technical team added to include client connection persistence feature to the solution.
Design consideration and Decision
Based on the technical feature requirement, we know that NSX LB is the right and the best fit for the virtualized environment. From the scale point of view NSX Edge running LB services can be deployed in various form factor as Compact, Large, Quad-Large and X-Large (Refer the Link provided above). Kindly note Compact Edge form factor running LB services is never recommended for Production environment. Considering the requirement in terms of the number of concurrent connection and connection per second X-Large NSX Edge LB running as Layer 7 proxy alone cannot meet the requirement of catering 60,000 * 6 concurrent connection and 50,000 * 6 connections per second. Generally speaking, if the customer is running Large Edge form-factor as LB can be scaled up either to Quad-Large or X-Large. But in the present scenario we cannot scale-up rather we have to scale-out the LB services. Question is How?
To Scale-Out LB service, we need multiple NSX LB clustering together and share incoming client connections. In general deployment scenario LB sits before Multiple or pool of Back-end server providing the same service, hence in the similar fashion, we need to deploy two-Level/Two-tier Load Balancer function where core NSX Layer 4 LB (Providing 1Million Concurrent Connection) sits above and distributes client connection among the pool of Layer 7 proxy LB (Providing SSL Offload). By this, we can scale out Layer-7 proxy Load-Balancing requirement. Finally, to maintain client connection persistently enable persistence at both Layer 4 LB and Layer 7 LB.
