Best Practices for Deploying KEMP’s VLM on VMware ESX


I have spent a considerable amount of time working with KEMP Load Balancers recently and would like to share some VMware deployment Best practices .

For all those using KEMP Virtual LoadMaster’s with VMware, you will need to configure a Load Balancing port group for the relevant vlan “production_LB” or “DMZ_LB” to avoid port flooding. To prevent RARP packets being sent every time vMotion or powering on a VM, you will need to configure no notify switch on the required port groups. You will also need to set the Security Policy Forged Transmit to Accept. Ensure that this is forced (Hard coded) on the port group as any changes to the vSwitch will effect all port groups by default.

NLB

Load balancer Port group.

Key Configuration Points:

  • Use the E1000 network adapter type when deploying the VLM.
  • do not upgrade the VMware Tools, VMware Tools have been integrated with the VLM.
  • The Security Policy Forged Transmit on the Portgroup is set to Accept.
  • The transmission of RARP packets is prevented on the portgroup by setting No notify Switch.

Forged Transmits

Hard Code Forged Transmits on the portgroup.

Notify Switches

Hard Code no notify Switches on the portgroup.

4 thoughts on “Best Practices for Deploying KEMP’s VLM on VMware ESX

  1. THANK YOU FOR THIS! At my work we have our production port groups locked down and have all security settings set to “reject”. In order to get two virtual Kemp LoadMasters to work together in HA I had to make a new PortGroup and relax the settings you mention in this post. AWESOME WORK.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s