Premium Elastic Load Balancing for AWS with NSX ALB
ABOUT THIS DOCUMENT
This white paper demonstrates how Avi Networks, now part of VMware delivers premium elastic load balancing for applications deployed in AWS as well as on-premises and multi-cloud environments. The Avi Vantage Platform has been rebranded to the The Vmware NSX® Advanced Load Balancer™.
INTRODUCTION
Enterprises adopt Amazon Web Services (AWS) as a natural extension to their data centers and private clouds. These organizations are application-centric and adopt continuous delivery practices across multiple environments (on-prem and cloud) and diverse infrastructures (bare-metal servers, VMs, and containers). Traditional appliance-based load balancers lack the ability to elegantly scale across multiple clouds and do not offer real-time visibility into end-user experience or app performance. Besides requiring manual configuration and separate management for each instance, these legacy solutions also lack native integration with AWS APIs and developer-friendly features. In addition, cloud-native solutions like AWS’s Elastic Load Balancing (ELB) and Application Load Balancing (ALB) lack enterprise-class load balancing capabilities, multi-cloud traffic management, and real-time app analytics.
PREMIUM LOAD BALANCING WITH AVI NETWORKS
The VMware NSX® Advanced Load Balancer™ is a multi-cloud, full-featured elastic application services architecture that is built on software-defined principles. NSX Advanced Load Balancer offers application services such as load balancing, security, application monitoring and analytics, and multi-cloud traffic management for workloads deployed in bare metal, virtualized, or container environments in a data center or public clouds (Amazon Web Services, Google Cloud Platform, or Microsoft Azure). A consistent feature set across diverse cloud environments enable IT teams to be agile without needing to constantly re-skill their IT personnel. See Figure 1.
Figure 1: NSX Advanced Load Balancer Architecture
With NSX Advanced Load Balancer, enterprises can close the gap left by cloud-native solutions and traditional application delivery controllers (ADCs), because unlike these solutions, Avi offers a flexible yet comprehensive solution that is infrastructure independent, agile, and elastic at a reduced total cost of ownership (TCO).
AUTOMATED NETWORK AND APPLICATION SERVICES (L4-L7) IN AWS
Enterprises modernize and maximize infrastructure utilization with AWS. The next phase of this modernization is to extend the app-centricity to the networking stack. Avi Networks delivers elastic application services that extend beyond load balancing to deliver real-time app and security insights, simplify troubleshooting, autoscale predictively, and enable developer self-service and automation.
Avi Networks provides an ELB-like experience for applications deployed in on-prem and multiple cloud infrastructures. See Figure 2.
Figure 2: NSX Advanced Load Balancer
Full-featured Load Balancing: AWS ELB and ALB provide basic load balancing capabilities but lack enterprise-class features and advanced policy support. NSX Advanced Load Balancer delivers full-featured load balancing, including multiple load-balancing algorithms, advanced HTTP content switching capabilities, comprehensive persistence, customizable health monitoring, DNS services, and GSLB across multiple clouds. Avi provides these capabilities in an as-a-service experience similar to AWS ELB with native AWS API integration.
Automation: NSX Advanced Load Balancer is a 100% REST API-based solution that offers Python SDK, Ansible playbook, and CloudFormation templates for automating configuration and operations. Avi natively integrates with AWS APIs for spinning up EC2 instances, allocating Elastic IPs, Route53 integration, autoscaling, and AZ awareness. Avi simplifies CI/CD ops by supporting blue-green deployments and canary upgrades.
Advanced Security: AWS ELB and ALB lack advanced security policies, SSL insights, and DDoS capabilities. NSX Advanced Load Balancer provides network ACLs, advanced HTTP security policies, SSL insights, DDoS detection and mitigation capabilities, along with rate limiting in bare metal, virtual machine, and container environments.
Visibility and Monitoring: With ELB and ALB, admins and developers do not have integrated real-time telemetry and must deploy third party tools and services for analytics. NSX Advanced Load Balancer delivers real-time insights into application health, end-user experience, log analytics, and security insights.
Multi-cloud Load Balancing: Inconsistent capabilities across clouds create challenges for network engineers to move workloads across multiple cloud infrastructures. This also forces enterprises to re-invest in training and education. Using native tools locks enterprises to the specific cloud, preventing workload mobility and increasing business risk. NSX Advanced Load Balancer enables dynamic workload mobility across clouds based on business metrics such as cost, performance, security, and compliance requirements, reducing risk and providing flexibility.
Reduced TCO: With AWS, the cost of load balancing (ELB, ALB), security (WAF), and visibility (third-party logging tools) adds up to a significantly higher investment. NSX Advanced Load Balancer reduces the total cost of ownership (TCO) while providing rich functionality.
USE CASES
Premium Elastic Load Balancing for AWS: As enterprises migrate apps to AWS, they don’t need to trade-off functionality for flexibility. NSX Advanced Load Balancer delivers premium load balancing for AWS deployments with integrated app monitoring and analytics, security, predictive autoscaling, and multi-cloud load balancing while offering an as-a-service model with ELB-like experience, operational simplicity, and automation.
Multi-cloud Traffic Management: For enterprises that have their apps deployed in a mix of private data centers and multiple public clouds, NSX Advanced Load Balancer delivers uniform architecture and user experience, regardless of the environment. With Avi, enterprises can move workloads across multiple clouds effortlessly.
Cloud-bursting: NSX Advanced Load Balancer enables enterprises to use AWS as a natural extension to their data centers by automatically bursting to the cloud during traffic peaks. Avi can automatically create app resources in public clouds to absorb traffic bursts and scale them back down.
LOAD BALANCING
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
Load Balancing |
||||
|
Load balancing algorithms |
√ |
O |
O |
Avi: Supports all enterprise-class algorithms; recommends fewest server algorithm in conjunction with server autoscaling to scale down additional capacity ELB: Defaults to round-robin for TCP and to least-connections for HTTP/HTTPS ALB: Only round-robin |
|
Per-app load balancer |
√ |
√ |
√ |
|
|
Pool failure action |
√ |
X |
X |
|
|
Pool groups using priority and ratio |
√ |
X |
X |
|
|
Global server load balancing (GSLB) |
√ |
O |
O |
ALB and ELB: Requires using Route53; no GSLB across clouds |
|
Autoscale |
||||
|
Autoscale load balancer |
√ |
√ |
√ |
|
|
Autoscale server |
√ |
√ |
√ |
Avi: Uses richer metrics (such as app latency) for autoscaling |
|
High Availability |
||||
|
Multi-AZ support |
√ |
√ |
√ |
|
|
Hitless maintenance upgrades |
√ |
√ |
√ |
|
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
L4 Features |
||||
|
TCP load balancing |
√ |
O |
X |
ELB: Supports basic load balancing; no proxy |
|
UDP load balancing |
√ |
√ |
√ |
|
|
Secure TCP |
√ |
X |
X |
|
|
DNS functionality, DNS load balancing |
√ |
O |
X |
|
|
HTTP FEATURES |
||||
|
HTTP load balancing |
√ |
√ |
√ |
|
|
HTTP content switching |
√ |
X |
O |
Avi: Supports URL switching based on pattern starts with, ends with, contains, Regex ALB: Limited URL switching based on HTTP URL path; supports a maximum of 10 policies per app |
|
HTTP/HTTPS policies |
√ |
X |
O |
|
|
HTTP caching |
√ |
X |
X |
|
|
HTTP compression |
√ |
X |
X |
|
|
HTTP datapath scripting |
√ |
X |
X |
|
|
Client authentication |
√ |
X |
X |
|
|
HTTP/2 |
O |
√ |
√ |
Avi: Feature coming soon |
ADVANCED SECURITY
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
SSL Features |
||||
|
SSL terminations |
√ |
√ |
√ |
|
|
SSL to backend servers |
√ |
√ |
√ |
|
|
SSL RSA and EC cert per application |
√ |
X |
X |
|
|
SSL metrics/ visibility |
√ |
X |
X |
|
|
DDoS Features |
||||
|
Network DDoS detection and mitigation |
√ |
√ |
√ |
|
|
HTTP DDoS detection and mitigation |
√ |
√ |
√ |
|
|
DDoS insights |
√ |
X |
X |
|
|
Rate-limit TCP connections, HTTP requests from a client IP |
√ |
X |
X |
|
|
Rate-limit bad clients |
√ |
X |
X |
|
|
Persistence |
||||
|
HTTP cookie |
√ |
√ |
√ |
|
|
Source IP persistence |
√ |
X |
X |
|
|
SSL and TLS persistence |
√ |
X |
X |
|
|
Custom persistence |
√ |
X |
X |
|
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
Other Security Features |
||||
|
TCP protocol sanitization |
√ |
O |
X |
|
|
HTTP protocol sanitization |
√ |
X |
O |
|
|
Web application firewall (WAF) |
O |
X |
O |
Avi: Feature coming soon ALB: Separate service; no visibility/analytics |
AUTOMATION
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
Automation |
||||
|
Elastic IP |
√ |
√ |
√ |
|
|
Autoscaling |
√ |
√ |
√ |
|
|
Route 53 integration |
√ |
√ |
√ |
|
|
Cloud Formation Templates |
√ |
√ |
√ |
|
|
Ansible playbook |
√ |
√ |
X |
|
|
CI/CD, blue-green deployment |
√ |
X |
X |
|
VISIBILITY AND MONITORING
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
Analytics and Visibility |
||||
|
End-user experience |
√ |
X |
X |
|
|
Client insights |
√ |
X |
X |
|
|
Application health score |
√ |
X |
X |
|
|
Request logs and connection logs |
√ |
X |
X |
ELB and ALB: Must push connection logs to a third-party solution |
|
SSL score |
√ |
X |
X |
|
|
Historical analysis of metrics and app performance |
√ |
X |
X |
|
|
Health Monitors |
||||
|
HTTP, HTTPS, TCP, Ping |
√ |
√ |
√ |
|
|
DNS, SQL, Script |
√ |
X |
X |
|
|
Health monitor to discover server maintenance |
√ |
X |
X |
Avi: Parses content for gracefully moving a server to maintenance |
|
Advanced health monitors |
√ |
X |
X |
Avi: Examples include parsing server header and body response to enable/disable servers, supporting TCP half-open |
MULTI-CLOUD TRAFFIC MANAGEMENT
|
Feature |
Avi Networks |
AWS ELB |
AWS ALB |
Notes |
|
Hybrid and Multi-cloud Support |
||||
|
Multiple VPC support |
√ |
√ |
√ |
|
|
Hybrid cloud across on-prem and AWS |
√ |
X |
X |
|
|
Multi-tenancy |
√ |
X |
X |
|
|
Single management across all clouds |
√ |
X |
X |
ELB and ALB: Must push connection logs to a third-party solution |
|
Consistent capabilities across on-prem and all clouds |
√ |
X |
X |
|
|
Management |
||||
|
Single management across all load balancers |
√ |
O |
O |
ELB and ALB: Management exists only within AWS environment, not in a multi-cloud environment |
|
REST API |
√ |
√ |
√ |
|
|
Central visibility across all clouds |
√ |
X |
X |
|
|
Non-disruptive config migration |
√ |
X |
X |
|
|
ENTERPRISE-CLASS, PREMIUM SUPPORT |
||||
|
24x7 support |
√ |
O |
O |
ELB and ALB: Not included, costs extra |
|
Continuous product innovation based on customer feedback |
√ |
X |
X |
|
|
Onsite support |
√ |
O |
O |
|
PERFORMANCE: NSX ADVANCED LOAD BALANCER IN AWS
The NSX Advanced Load Balancer is a high-performance, full-featured application services solution that delivers L4-L7 services. The platform’s performance correlates directly with the instance type of Avi Service Engines. The table below summarizes the performance for the recommended instances:
|
Instance |
nstance details Hyperthreaded vCPUs / Physical vCPUs |
SSL TPS (ECC) |
|
c4.large |
2 / 1 |
2,500 |
|
c4.xlarge |
4 / 2 |
5,000 |
|
c4.4xlarge |
16 / 8 |
20,000 |
In general, the SSL TPS is proportional to the number of vCPUs in the instance - 2,500 SSL TPS for every 2 hyperthreaded vCPUs.
ADDTIONAL RESOURCES
- White Paper: NSX Advanced Load Balancer
- AWS Installation Guide