Anycast Stateless Services with NSX-T, Implementation

ngschmidt

Nick Schmidt

Posted on March 8, 2020

Anycast Stateless Services with NSX-T, Implementation

First off, let's cover what's been built so far:


To set up an anycast vIP in NSX-T after standing up your base infrastructure (already depicted and configured), all you have to do is stand up a load balanced vIP at multiple sites. NSX-T takes care of the rest. Here's how:

Create a new load balancing pool.


Create a new load balancer:


Create a new virtual server:


If your Tier-1 gateways have the following configured, you should see a new /32 in your routing table:


Repeat the process for creating a new load balancer and virtual server on your second Tier-1 interface, pinned to a completely separate Tier-0. If multipath is enabled, you should see entries like this in your routing table:

It really is that easy. This process can be repeated for load balancers, and (when eventually supported) multisite network segments.

A few caveats:

  • State isn't carried through: if you're using a stateful service, use your routing protocols (AS-PATH is an easy one) to ensure that devices consistently forward to the same load balancer
  • Anycast isn't load balancing: This is easy here, as NSX-T can do both. This won't protect your servers from overload unless you use one.
  • Use the same server pool: It was (hopefully) apparent that I used the same pool everywhere. Try to keep regional configurations consistent, to ensure that new additions aren't missed for a pool. Server pools should be configured on a per region or per transport zone basis.

Some additional light reading on anycast implementations:

Cloudflare's Anycast

Google Public DNS

F5 BIG-IP DNS

💖 💪 🙅 🚩
ngschmidt
Nick Schmidt

Posted on March 8, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related