Premium Elastic Load Balancing for AWS with NSX ALB

ABOUT THIS DOCUMENT

This white paper demonstrates how Avi Networks, now part of VMware delivers premium elastic load balancing for applications deployed in AWS as well as on-premises and multi-cloud environments. The Avi Vantage Platform has been rebranded to the The Vmware NSX® Advanced  Load Balancer™.

INTRODUCTION



Enterprises adopt Amazon Web Services (AWS) as a natural extension to their data centers and private clouds. These organizations are application-centric and adopt continuous delivery practices across multiple environments (on-prem and cloud) and diverse infrastructures (bare-metal servers, VMs, and containers). Traditional appliance-based load balancers lack the ability to elegantly scale across multiple clouds and do not offer real-time visibility into end-user experience or app performance. Besides requiring manual configuration and separate management for each instance, these legacy solutions also lack native integration with AWS APIs and developer-friendly features. In addition, cloud-native solutions like AWS’s Elastic Load Balancing (ELB) and Application Load Balancing (ALB) lack enterprise-class load balancing capabilities, multi-cloud traffic management, and real-time app analytics.

PREMIUM LOAD BALANCING WITH AVI NETWORKS

The VMware NSX® Advanced Load Balancer™ is a multi-cloud, full-featured elastic application services architecture that is built on software-defined principles. NSX Advanced Load Balancer offers application services such as load balancing, security, application monitoring and analytics, and multi-cloud traffic management for workloads deployed in bare metal, virtualized, or container environments in a data center or public clouds (Amazon Web Services, Google Cloud Platform, or Microsoft Azure). A consistent feature set across diverse cloud environments enable IT teams to be agile without needing to constantly re-skill their IT personnel. See Figure 1.

Figure 1: NSX Advanced Load Balancer Architecture

With NSX Advanced Load Balancer, enterprises can close the gap left by cloud-native solutions and traditional application delivery controllers (ADCs), because unlike these solutions, Avi offers a flexible yet comprehensive solution that is infrastructure independent, agile, and elastic at a reduced total cost of ownership (TCO).

AUTOMATED NETWORK AND APPLICATION SERVICES (L4-L7) IN AWS

Enterprises modernize and maximize infrastructure utilization with AWS. The next phase of this modernization is to extend the app-centricity to the networking stack. Avi Networks delivers elastic application services that extend beyond load balancing to deliver real-time app and security insights, simplify troubleshooting, autoscale predictively, and enable developer self-service and automation.

Avi Networks provides an ELB-like experience for applications deployed in on-prem and multiple cloud infrastructures. See Figure 2.

Figure 2: NSX Advanced Load Balancer

Full-featured Load Balancing: AWS ELB and ALB provide basic load balancing capabilities but lack enterprise-class features and advanced policy support. NSX Advanced Load Balancer delivers full-featured load balancing, including multiple load-balancing algorithms, advanced HTTP content switching capabilities, comprehensive persistence, customizable health monitoring, DNS services, and GSLB across multiple clouds. Avi provides these capabilities in an as-a-service experience similar to AWS ELB with native AWS API integration.

Automation: NSX Advanced Load Balancer is a 100% REST API-based solution that offers Python SDK, Ansible playbook, and CloudFormation templates for automating configuration and operations. Avi natively integrates with AWS APIs for spinning up EC2 instances, allocating Elastic IPs, Route53 integration, autoscaling, and AZ awareness. Avi simplifies CI/CD ops by supporting blue-green deployments and canary upgrades.

Advanced Security: AWS ELB and ALB lack advanced security policies, SSL insights, and DDoS capabilities. NSX Advanced Load Balancer provides network ACLs, advanced HTTP security policies, SSL insights, DDoS detection and mitigation capabilities, along with rate limiting in bare metal, virtual machine, and container environments.

Visibility and Monitoring: With ELB and ALB, admins and developers do not have integrated real-time telemetry and must deploy third party tools and services for analytics. NSX Advanced Load Balancer delivers real-time insights into application health, end-user experience, log analytics, and security insights.

Multi-cloud Load Balancing: Inconsistent capabilities across clouds create challenges for network engineers to move workloads across multiple cloud infrastructures. This also forces enterprises to re-invest in training and education. Using native tools locks enterprises to the specific cloud, preventing workload mobility and increasing business risk. NSX Advanced Load Balancer enables dynamic workload mobility across clouds based on business metrics such as cost, performance, security, and compliance requirements, reducing risk and providing flexibility.

Reduced TCO: With AWS, the cost of load balancing (ELB, ALB), security (WAF), and visibility (third-party logging tools) adds up to a significantly higher investment. NSX Advanced Load Balancer reduces the total cost of ownership (TCO) while providing rich functionality.

USE CASES

Premium Elastic Load Balancing for AWS: As enterprises migrate apps to AWS, they don’t need to trade-off functionality for flexibility. NSX Advanced Load Balancer delivers premium load balancing for AWS deployments with integrated app monitoring and analytics, security, predictive autoscaling, and multi-cloud load balancing while offering an as-a-service model with ELB-like experience, operational simplicity, and automation.

Multi-cloud Traffic Management: For enterprises that have their apps deployed in a mix of private data centers and multiple public clouds, NSX Advanced Load Balancer delivers uniform architecture and user experience, regardless of the environment. With Avi, enterprises can move workloads across multiple clouds effortlessly.

Cloud-bursting: NSX Advanced Load Balancer enables enterprises to use AWS as a natural extension to their data centers by automatically bursting to the cloud during traffic peaks. Avi can automatically create app resources in public clouds to absorb traffic bursts and scale them back down.

LOAD BALANCING

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

Load Balancing

Load balancing algorithms

O

O

Avi: Supports all enterprise-class algorithms; recommends fewest server algorithm in conjunction with server autoscaling to scale down additional capacity

ELB: Defaults to round-robin for TCP and to least-connections for HTTP/HTTPS

ALB: Only round-robin

Per-app load balancer

 

Pool failure action

X

X

 

Pool groups using priority and ratio

X

X

 

Global server load balancing (GSLB)

O

O

ALB and ELB: Requires using Route53; no GSLB across clouds

Autoscale

Autoscale load balancer

 

Autoscale server

Avi: Uses richer metrics (such as app latency) for autoscaling

High Availability

Multi-AZ support

 

Hitless maintenance upgrades

 

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

L4 Features

TCP load balancing

O

X

ELB: Supports basic load balancing; no proxy

UDP load balancing

 

Secure TCP

X

X

 

DNS functionality, DNS load balancing

O

X

 

HTTP FEATURES

HTTP load balancing

 

HTTP content switching

X

O

Avi: Supports URL switching based on pattern starts with, ends with, contains, Regex

ALB: Limited URL switching based on HTTP URL path; supports a maximum of 10 policies per app

HTTP/HTTPS policies

X

O

 

HTTP caching

X

X

 

HTTP compression

X

X

 

HTTP datapath scripting

X

X

 

Client authentication

X

X

 

HTTP/2

O

Avi: Feature coming soon

ADVANCED SECURITY

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

SSL Features

SSL terminations

 

SSL to backend servers

 

SSL RSA and EC cert per application

X

X

 

SSL metrics/ visibility

X

X

 

DDoS Features

Network DDoS detection and mitigation

 

HTTP DDoS detection and mitigation

 

DDoS insights

X

X

 

Rate-limit TCP connections, HTTP requests from a client IP

X

X

 

Rate-limit bad clients

X

X

 

Persistence

HTTP cookie

 

Source IP persistence

X

X

 

SSL and TLS persistence

X

X

 

Custom persistence

X

X

 

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

Other Security Features

TCP protocol sanitization

O

X

 

HTTP protocol sanitization

X

O

 

Web application firewall (WAF)

O

X

O

Avi: Feature coming soon

ALB: Separate service; no visibility/analytics

AUTOMATION

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

Automation

Elastic IP

 

Autoscaling

 

Route 53 integration

 

Cloud Formation Templates

 

Ansible playbook

X

 

CI/CD, blue-green deployment

X

X

 

VISIBILITY AND MONITORING

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

Analytics and Visibility

End-user experience

X

X

 

Client insights

X

X

 

Application health score

X

X

 

Request logs and connection logs

X

X

ELB and ALB: Must push connection logs to a third-party solution

SSL score

X

X

 

Historical analysis of metrics and app performance

X

X

 

Health Monitors

HTTP, HTTPS, TCP, Ping

 

DNS, SQL, Script

X

X

 

Health monitor to discover server maintenance

X

X

Avi: Parses content for gracefully moving a server to maintenance

Advanced health monitors

X

X

Avi: Examples include parsing server header and body response to enable/disable servers, supporting TCP half-open

MULTI-CLOUD TRAFFIC MANAGEMENT

Feature

Avi

Networks

AWS ELB

AWS ALB

Notes

Hybrid and Multi-cloud Support

Multiple VPC support

 

Hybrid cloud across on-prem and AWS

X

X

 

Multi-tenancy

X

X

 

Single management across all clouds

X

X

ELB and ALB: Must push connection logs to a third-party solution

Consistent capabilities across on-prem and all clouds

X

X

 

Management

Single management across all load balancers

O

O

ELB and ALB: Management exists only within AWS environment, not in a multi-cloud environment

REST API

 

Central visibility across all clouds

X

X

 

Non-disruptive config migration

X

X

 

ENTERPRISE-CLASS, PREMIUM SUPPORT

24x7 support

O

O

ELB and ALB: Not included, costs extra

Continuous product innovation based on customer feedback

X

X

 

Onsite support

O

O

 

PERFORMANCE: NSX ADVANCED LOAD BALANCER IN AWS

The NSX Advanced Load Balancer is a high-performance, full-featured application services solution that delivers L4-L7 services. The platform’s performance correlates directly with the instance type of Avi Service Engines. The table below summarizes the performance for the recommended instances:

Instance

nstance details Hyperthreaded vCPUs / Physical vCPUs

SSL TPS (ECC)

c4.large

2 / 1

2,500

c4.xlarge

4 / 2

5,000

c4.4xlarge

16 / 8

20,000

In general, the SSL TPS is proportional to the number of vCPUs in the instance - 2,500 SSL TPS for every 2 hyperthreaded vCPUs.

ADDTIONAL RESOURCES

  • White Paper: NSX Advanced Load Balancer
  • AWS Installation Guide

Filter Tags

Advanced Load Balancing Document Whitepaper Advanced Automation Public & Private Clouds