VMware NSX

 View Only
  • 1.  Horizon 7 with NSX Edge Load Balancer

    Posted Apr 23, 2018 01:59 PM

    Hello,

    We are planning to implement Horizon 7 on top of NSX environment and using the NSX load balancer from an ESG.

    What is recommended to use ? One arm or Inline ?

    Please advise,



  • 2.  RE: Horizon 7 with NSX Edge Load Balancer

    Broadcom Employee
    Posted Apr 23, 2018 02:06 PM

    Either option can work, however, inline mode is recommended for production deployments according to the VMware® NSX for vSphere End-User Computing Design Guide 1.2  This is discussed in more detail starting at the bottom of page 58.



  • 3.  RE: Horizon 7 with NSX Edge Load Balancer

    Posted Apr 23, 2018 02:29 PM

    as i know in Inline mode we have to change the Default Gateway of load balanced servers ? correct ?

    thanks for the Guide.



  • 4.  RE: Horizon 7 with NSX Edge Load Balancer

    Broadcom Employee
    Posted Apr 23, 2018 02:33 PM

    Correct.  Since the LB doesn't perform SNAT in inline mode, VMs in the pool(s) behind it must have it set as their default gateway to ensure that return traffic goes back through the load balancer.



  • 5.  RE: Horizon 7 with NSX Edge Load Balancer

    Posted Apr 23, 2018 02:38 PM

    As I see, VIEW has internal variables that make the SNAT mode insufficient for production deployments.(p 59)

    P 60: Horizon has internal variables that make the inline mode the recommended topology for production deployments

    Do you know what are the weak points for One armed ? and if it is sufficient for production environments with 200 user ?



  • 6.  RE: Horizon 7 with NSX Edge Load Balancer

    Broadcom Employee
    Posted Apr 24, 2018 02:08 PM

    I'm not sure what the specific issue with regards to Horizon is, however, if I had to guess I'd say that the most likely scenario is scale.  Since the ESG load balancer can only do SNAT to a single IP address and there are only about 16,000 ephemeral ports to use for client sessions, one wouldn't be able to reach the published maximum of 20,000 active connections per pod in that scenario because you'd run out of ports to SNAT sessions to.

    The only other potential issue might be some sort of reliance on seeing the real source IP, however, I expect that if that were the case they'd just call one-armed mode unsupported.