Using Your Own Load Balancer

Page last updated:

This topic describes how to use your own load balancer and forward traffic to your Pivotal Application Service (PAS) router IP address.


Pivotal Platform includes a tier of reverse proxies that dynamically track the location of app containers and system components, enabling routing of requests to those endpoints even as IPs and ports change.

In order for the PAS routers to be horizontally scalable and highly available, a load balancer must be deployed in front of them. The simplest solution is to use a Layer 4 TCP load balancer, provided by your IaaS or IT team, which passes all HTTP and TLS handling to the PAS routers. For more information about TLS termination, see Securing Traffic into PAS. For a description of features supported by the Pivotal Platform routing tier, see HTTP Routing.

If you have requirements that are not fulfilled by the PAS routers alone, you can choose to use your own Layer 7 load balancer (provided by your IaaS or IT team), or the HAProxy load balancer included with Pivotal Platform. If you choose to use HAProxy, you must use a Layer 4 TCP load balancer in front of it, in order for HAProxy itself to be highly available. Singleton instances of HAProxy are only for use in lab and test environments.

If you choose to use your own Layer 7 load balancer, it must fulfill the following requirements:

  • Provides load balancing to each of the PAS router IP addresses

  • Supports TLS termination for wildcard hostnames

  • Adds appropriate x-forwarded-for and x-forwarded-proto HTTP headers to incoming requests

  • Sets an HTTP keep-alive connection timeout greater than five seconds

  • (Optional) Supports WebSockets

The choice to use HAProxy or your own load balancer depends on what features you need out of a load balancer, and whether you want the ability to configure it yourself.

Note: App logging with Loggregator requires WebSockets. To use another logging service, see Streaming App Logs to Log Management Services.

For information about how to install an F5 Local Traffic Manager (LTM) as a load balancer for Pivotal Platform and PAS, see Configuring an F5 Load Balancer for PAS. For more information about F5 LTMs, see the F5 documentation.


To integrate your own load balancer with Pivotal Platform, you must ensure:

  • WebSocket connections are not blocked for Loggregator functionality.
  • The load balancer must be able to reach the Gorouter IP addresses.

Follow the procedure below to use your own load balancer.

Step 1: Deploy Pivotal Platform Installation VM

Deploy a Pivotal Platform Installation VM. For more information, see Deploying Ops Manager on vSphere.

Step 2: Register Pivotal Platform IP Address

In your load balancer, register the IP addresses that you assigned to Pivotal Platform.

Step 3: Configure Ops Manager and BOSH Director

Configure Ops Manager and BOSH Director as described in Installing Pivotal Platform, then add PAS.

Do not click Install after adding PAS.

Step 4: Configure Networking

Configure the Networking pane in PAS. Load balancer configuration in PAS varies depending on which IaaS you are using for Pivotal Platform. For more information, see Configure Networking in Configuring PAS.

Step 5: Finalize Changes

To finalize the changes to your deployment:

  1. Return to the Ops Manager Installation Dashboard.

  2. Click Install.