Using Your Own Load Balancer

Page last updated:

Warning: Pivotal Application Service (PAS) v2.8 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic describes how to use your own load balancer and forward traffic to your Pivotal Application Service (PAS) router IP address.

Overview

PAS includes a tier of reverse proxies that dynamically track the location of app containers and system components, enabling routing of requests to those endpoints even as IPs and ports change.

In order for the PAS routers to be horizontally scalable and highly available, a load balancer must be deployed in front of them. The simplest solution is to use a Layer 4 TCP load balancer, provided by your IaaS or IT team, which passes all HTTP and TLS handling to the PAS routers. For more information about TLS termination, see Securing Traffic into PAS. For a description of features supported by the PAS routing tier, see HTTP Routing.

If you have requirements that are not fulfilled by the PAS routers alone, you can choose to use your own Layer 7 load balancer provided by your IaaS or IT team, or the HAProxy load balancer included with PAS. If you use HAProxy, you must use a Layer 4 TCP load balancer in front of it in order for HAProxy itself to be highly available. Singleton instances of HAProxy are only for use in lab and test environments.

If you use your own Layer 7 load balancer, it must fulfill the following requirements:

  • Provides load balancing to each of the PAS router IP addresses

  • Supports TLS termination for wildcard hostnames

  • Adds appropriate x-forwarded-for and x-forwarded-proto HTTP headers to incoming requests

  • Sets an HTTP keepalive connection timeout greater than five seconds

  • (Optional) Supports WebSocket

The choice to use HAProxy or your own load balancer depends on what features you need out of a load balancer, and whether you want the ability to configure it yourself.

Note: App logging with Loggregator requires WebSocket. To use another logging service, see Streaming App Logs to Log Management Services.

For information about how to install an F5 Local Traffic Manager (LTM) as a load balancer for Ops Manager and PAS, see Configuring an F5 Load Balancer for PAS. For more information about F5 LTMs, see the F5 documentation.

Prerequisites

To integrate your own load balancer with PAS, you must ensure:

  • WebSocket connections are not blocked for Loggregator functionality.
  • The load balancer must be able to reach the Gorouter IP addresses.

Follow the procedure below to use your own load balancer.

Step 1: Deploy Ops Manager Installation VM

Deploy an Ops Manager Installation VM. For more information, see Deploying Ops Manager on vSphere.

Step 2: Register Ops Manager IP Address

In your load balancer, register the IP addresses that you assigned to Ops Manager.

Step 3: Configure Ops Manager and BOSH Director

Configure Ops Manager and the BOSH Director as described in Configuring BOSH Director on vSphere, then add PAS.

Do not click Install after adding PAS.

Step 4: Configure Networking

Configure the Networking pane in PAS. Load balancer configuration in PAS varies depending on which IaaS you are using for Ops Manager. For more information, see Configure Networking in Configuring PAS.

Step 5: Finalize Changes

To finalize the changes to your deployment:

  1. Return to the Ops Manager Installation Dashboard.

  2. Click Install.