NSX requires Monitor Port and Port

Question

NSX requires Monitor Port and Port

Closed this issue 7 years ago · 10 comments

For any load balancer to be configured via C0, we need to be able to set the monitor port (required) and the service port (optional). Since these can be different, we need to allow both to be set. Screen shot shows both a correct (manually done via cookbook) and incorrect (via pipeline) because the same port is used.

Answer 1 · 2017-12-06T00:45:33.000Z

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

Answer 2 · 2018-01-20T01:01:53.000Z

Hi @agregory999 please could you provide more information here, how we can repro the issue you've seen? Do you remember which version of the pipelines you were using when you noticed this issue?

Answer 3 · 2018-02-05T15:39:48.000Z

As per the docs, thus in the NSX cookbook, monitoring of gorouters should be done on port 8080 using a GET /health call. If a Service Monitoring definition is created without specifying both port and monitoring port, the primary port number will be used for both.

Answer 4 · 2018-02-08T00:09:26.000Z

Hi @forddonald thanks for clarifying. It sounds like we need another param for the pools, i.e. router_nsx_lb_monitoring_port for each of the components, or set sane defaults if the monitoring ports are always the same.

Answer 5 · 2018-02-08T15:03:38.000Z

I'm curious how PCF Pipelines is involved with setting these NSX parameters at all. I seem to remember that PCF Pipelines doesn't setup NSX ESG features at all, only toggles on/off BOSH capability to build security groups and populate pools.

Answer 6 · 2018-02-13T21:34:10.000Z

The pipelines allow for the creation of the NSX security groups, and allow the ERT to dynamically update (via BOSH) the member pools. In our pipelines we defined the standard ones for web, SSH, and TCP, and then an additional one for MySQL and HTTPS traffic. These last 2 seem to use different ports for monitoring than service.

Answer 7 · 2018-02-13T21:47:53.000Z

@forddonald Does the (port = monitor port) rule change if we terminate SSL at NSX, HA, or Router? Wasn't sure if the cookbook allowed each.

Answer 8 · 2018-02-13T22:30:58.000Z

The monitors in ESG are just definitions for how to monitor a thing. In the cookbook we say to make new definitions for how to monitor PCF http things and tcp things. NSX comes with a few pre-defined as well. How you then terminate or pass traffic thru the LBs is separate from these monitor definitions.

Answer 9 · 2018-02-14T18:51:40.000Z

Thanks, I've reached out to @agregory999 for more information regarding their initial set up.

Answer 10 · 2018-03-06T18:15:59.000Z

@agregory999 closing this issue as discussed. Thanks.