Updating NSX-T Load Balancer Server Pool Membership

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v2.3 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic describes how to update load balancer server pool membership for Pivotal Cloud Foundry (PCF) foundation using NSX-T on vSphere.

This procedure applies to customers who have manually populated their NSX-T static load balancer pools with the IP addresses of the HA Proxy or Router VMs. When upgrading Pivotal Application Service (PAS) from 2.2 to 2.3, applying a stemcell update, or updating a tile, the foundation may become unreachable. This is because the NSX-T static load balancer server pools have been emptied. To read more about this issue, see Safely Upgrading PAS 2.2 → 2.3 with NSX-T Load Balancers.

To implement this procedure, you must use the Ops Manager API. See the Ops Manager API documentation for more information about the API.

Note: Ops Manager v2.3 supports NSX-T v2.2 and later.


To use the Ops Manager API, you must authenticate and retrieve a token from the Ops Manager User Account and Authentication (UAA) server. For instructions, see the Using Ops Manager API topic.

Update Load Balancer Server Pool Membership

  1. Create a VM extension for each of the jobs that will become members of the load balancer pools. Jobs can belong to multiple pools; for example, the router job may belong to pools for both the HTTP and HTTPS load balancers. Below is an example of the VM extension configuration for the Router job:

    "cloud_properties": {
    "nsxt": {
      "lb": {
        "server_pools": [
            "name": "PAS-GoRouter443ServerPool",
            "port": 443
            "name": "PAS-GoRouter80ServerPool",
            "port": 80
    "name": "http_https_lb"

  2. For each VM extension, use a curl command to stage it with the Ops Manager API, (where VM_EXTENSION_FILE_PATH is the path to the VM extension file, e.g. /tmp/router_ext.json):

    curl "https://OPS-MAN-FQDN/api/v0/staged/vm_extensions" \
    -X POST \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
    -H "Content-Type: application/json" \
  3. Retrieve a list of staged products:

    curl 'https://OPS-MAN-FQDN/api/v0/staged/products' \
    -H "Authorization: Bearer UAA-ACCESS-TOKEN"

    Record the GUID of the cf product. In the following example output, the GUID is cf-01222ab1111111aaa1a.

          "product_version" : "",
          "guid" : "p-bosh-dee11e111e1111ee1e1a",
          "installation_name" : "p-bosh",
          "type" : "p-bosh"
          "type" : "cf",
          "product_version" : "1.10.8-build.7",
          "installation_name" : "cf-01222ab1111111aaa1a",
          "guid" : "cf-01222ab1111111aaa1a"
  4. Retrieve a list of jobs for your product:

    curl 'https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs' \
    -H 'Authorization: Bearer UAA-ACCESS-TOKEN'

    Record the GUIDs of the jobs whose security groups you want to update. See the following example output:

    "jobs" : [
         "guid" : "router-9c37cf48ae7412f2afd1",
         "name" : "router"
         "name" : "tcp_router",
         "guid" : "tcp_router-6af18efdd18d198edee9"
         "name" : "diego_brain",
         "guid" : "diego_brain-b49b0b2aed247302c0e1"
  5. To update the load balancer server pool membership for your job, use the following command:

    curl "https://OPS-MAN-FQDN/api/v0/staged/products/PRODUCT-GUID/jobs/JOB-GUID/resource_config" \
      -X PUT
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \
      -d '{"instance_type": {"id": "INSTANCE-TYPE"},
          "instances": INSTANCE-COUNT,
          "additional_vm_extensions": ["VM-EXTENSION-NAME"]

    Replace the placeholder values as follows:

    • INSTANCE-TYPE: The instance type for the job. For the default instance type, use "automatic".
    • INSTANCE-COUNT: The number of instances for the job. The default number for each job is visible in the Resource Config section of the Ops Manager UI.
    • VM-EXTENSION-NAME: The name field of the VM Extension JSON config file written in step 1. In our example above, the name would be http_https_lb.

    WARNING: Do not use the resource config fields for nsx_lbs and nsx_security_groups; these fields only work on NSX-V. To configure load balancers on NSX-T, you must use the VM Extensions API.

  6. Navigate to OPS-MAN-FQDN in a browser and log in to the Ops Manager Installation Dashboard.

  7. Click Review Pending Changes, then Apply Changes to redeploy.