vSphere with Tanzu with NSX-T medium sized edge

By | 8. January 2021

vSphere with Tanzu automatically deploys an NSX-T based load balancer for its supervisor cluster control plane. The load balancer size is defined as MEDIUM and requires an EDGE node of large size which is defined with 8 vCPU and 32GB RAM. While the creation of a supervisor cluster does also work with a medium sized EDGE node, the creation of subsequent guest clusters will fail as only one MEDIUM load balancer (and no additional SMALL load balancers) can be run on a medium sized EDGE node. Especially in demo environments there’s limited resources which requires to reduce the configuration size of the load balancer. This blog describes how to change the load balancer for the supervisor cluster to SMALL size which enables additional provisioning of guest clusters with SMALL size even when EDGE nodes are configured for medium size only. It will reduce the required size of the EDGE to 4 vCPU and 8GB RAM.

William Lam has already written a blog post that explains a method to reduce the load balancer size. However, in later releases it appears that changes on NSX side have been done which won’t work with the commands described in the blog linked. The steps described in the blog here have been verified with NSX-T 3.1.

Note: This is not a supported configuration and must not be used outside of demo purposes!

Postman

This blog uses Postman for execution of API requests. Basically, any other method like e.g. curl can be used as well. I will not go into details of postman handling.

For the single examples you must replace the {{baseUrl}} with the FDQN name of your NSX manager.

You also need to provide proper authorization parameters as shown in the screenshot.

Step 1: Create temporary tier-1 router

Create temporary tier-1 router with “Edges Pool Allocation Size” set to ROUTING.

Capture temporary tier-1 router name: T1-ROUTER (in this case)

 

Step 2: Get Tanzu load balancer details

List all NSX load balancers:

Search for the proper section of Tanzu MEDIUM load balancer in previous output and extract “path” parameter (not connectivity_path !!). Attach “path” parameter load balancer name to URL to retrieve load balancer details.

Save response body to json file (tanzu-lb.json)

 

Step 3: Temporarily attach Tanzu load balancer to temporary tier-1 router

Modify tanzu-lb.json and change connectivity_path to your temporary tier-1 router (use tier-1 router name from step 1).

{
    "connectivity_path": "/infra/tier-1s/T1-ROUTER",
    "enabled": true,
    "relax_scale_validation": true,
    "size": "MEDIUM",
    "error_log_level": "INFO",
    "resource_type": "LBService",
    "id": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450_0_rwyfm",
    "display_name": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450-0",
    "tags": [
        {
            "scope": "ncp/version",
            "tag": "1.2.0"
        },
        {
            "scope": "ncp/cluster",
            "tag": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450"
        },
        {
            "scope": "external_id",
            "tag": "228a7a2b-d232-51ae-9270-f7542fb75c42"
        },
        {
            "scope": "ncp/created_for",
            "tag": "SLB"
        },
        {
            "scope": "ncp/lb_t1_link_ip",
            "tag": "100.64.160.3"
        }
    ],
    "path": "/infra/lb-services/domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450_0_rwyfm",
    "relative_path": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450_0_rwyfm",
    "parent_path": "/infra",
    "unique_id": "e6b59d83-41ba-40fe-9c29-cb0e4850379f",
    "marked_for_delete": false,
    "overridden": false,
    "_create_user": "wcp-cluster-user-domain-c64-5e20e5d4-9b01-439f-86a6-7dfabad1e3a9",
    "_create_time": 1610021354058,
    "_last_modified_user": "admin",
    "_last_modified_time": 1610090316082,
    "_system_owned": false,
    "_protection": "REQUIRE_OVERRIDE",
    "_revision": 3
}

Create patch command in postman to patch load balancer configuration.

Add content of modified tanzu-lb.json to body in raw format

Verify in load balancer config UI that attached router has changed to temporary router from step1.

 

Step 4: Modify Tanzu tier-1 router

Get Tanzu tier-1 router ID from UI

Get Tanzu tier-1 router details from API by adding retrieved Tanzu tier-1 router ID to URL like in screenshot below.

Save response body to json file tanzu-router.json.

Modify tanzu-router.json and change pool_allocation to ROUTING

{
    "tier0_path": "/infra/tier-0s/T0-ROUTER",
    "failover_mode": "NON_PREEMPTIVE",
    "enable_standby_relocation": false,
    "route_advertisement_types": [
        "TIER1_CONNECTED",
        "TIER1_STATIC_ROUTES",
        "TIER1_LB_VIP",
        "TIER1_NAT"
    ],
    "force_whitelisting": false,
    "default_rule_logging": false,
    "disable_firewall": false,
    "ipv6_profile_paths": [
        "/infra/ipv6-ndra-profiles/default",
        "/infra/ipv6-dad-profiles/default"
    ],
    "pool_allocation": "ROUTING",
    "resource_type": "Tier1",
    "id": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "display_name": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "description": "Automatically created from NCP config",
    "tags": [
        {
            "scope": "ncp/version",
            "tag": "1.2.0"
        },
        {
            "scope": "ncp/cluster",
            "tag": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450"
        },
        {
            "scope": "external_id",
            "tag": "228a7a2b-d232-51ae-9270-f7542fb75c42"
        }
    ],
    "path": "/infra/tier-1s/domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "relative_path": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "parent_path": "/infra",
    "unique_id": "29d6a0de-a9d6-4652-bcc4-7899b015dab2",
    "marked_for_delete": false,
    "overridden": false,
    "_create_user": "wcp-cluster-user-domain-c64-5e20e5d4-9b01-439f-86a6-7dfabad1e3a9",
    "_create_time": 1610021321779,
    "_last_modified_user": "admin",
    "_last_modified_time": 1610089900255,
    "_system_owned": false,
    "_protection": "REQUIRE_OVERRIDE",
    "_revision": 1
}

Patch Tanzu tier-1 router config and use retrieved Tanzu router ID previously retrieved in UI for patch URL.

Add tanzu-router.json content to request body in raw format.

 

Verify that Tanzu tier-1 router “Edges Pool Allocation Size” has changed to ROUTING.

 

Step 5: Attach Tanzu load balancer back to Tanzu tier-1 router

Modify tanzu-lb.json to change connectivity_path back to the Tanzu tier-1 router (use router ID retrieved step 4). Also change size to SMALL in json.

…
"connectivity_path": "/infra/tier-1s/domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
  "enabled" : true,
  "relax_scale_validation" : true,
  "size" : "SMALL",
…

Patch Tanzu load balancer to attach to Tanzu tier-1 router using the tanzu-lb.json as body in raw format (same procedure as in step 3)

Verify that the Tanzu load balancer is now represented in SMALL size and connected to Tanzu tier-1 router.

 

Step 6: Remove temporary tier-1 router

print
Christian Ferber
Latest posts by Christian Ferber (see all)
Category: IT-Security NSX Uncategorized Tags: , , ,

About Christian Ferber

Christian ist seit Juli 2015 bei VMware als Senior Systems Engineer für Enterprise Management tätig. Durch die Arbeit in diversen Cloud-Projekten auch in seinen vergangenen Tätigkeiten hat er Erfahrung im Bereich Rechenzentrumsthemen wie Server, Storage, Networking und Cloud-Management aufgebaut. Heute liegt sein Schwerpunkt im Bereich Automatisierung, Betriebsmonitoring bzw. Analyse und Verrechnung. Er betreut die vRealize Produktfamilie für Enterprise-Kunden in Deutschland.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.