NGINX Ingress Controller

<< Back to Technical Glossary

NGINX Ingress Controller Definition

A Kubernetes ingress controller is a specialized load balancer for containerized environments that bridges external and Kubernetes services, abstracting the complexity of Kubernetes application traffic routing away. The NGINX ingress controller for Kubernetes runs in a Kubernetes environment with NGINX Plus or NGINX Open Source instances.

NGINX ingress controller for Kubernetes:

Monitors Kubernetes ingress resources and NGINX ingress resources to load balance traffic to containers on the Kubernetes platform
Manages networking, traffic, communication, and security on Layers 4 through 7
Deploys resources based on its configuration and automatically updates rules

Three NGINX ingress controllers for Kubernetes exist:

This image shows client requests being distributed within a cluster through an ingress controller. The cluster is made up of service pods.

NGINX Ingress Controller FAQs

What is NGINX Ingress Controller?

A Kubernetes ingress controller is a specialized load balancer for containerized environments. For enterprises managing containerized applications, Kubernetes has become the de facto standard. However, moving production workloads into Kubernetes generates new application traffic management complexity and resulting challenges.

A Kubernetes ingress controller bridges external and Kubernetes services, abstracting away Kubernetes application traffic routing complexity. Kubernetes ingress controllers:

  • Load balance outside traffic to containers running inside the Kubernetes platform
  • Manage egress traffic inside a cluster for services which need to communicate with other services outside of a cluster
  • Deploy and create ingress resources based on their Kubernetes API configuration
  • Monitor running pods in Kubernetes and automatically update load-balancing rules as they add or remove pods from a service.


The NGINX ingress controller for Kubernetes is a daemon—a production-grade ingress controller—that runs in a Kubernetes environment with NGINX Plus or NGINX Open Source instances. It monitors Kubernetes ingress resources and NGINX ingress resources to discover where ingress load balancing is required by requests for services. NGINX ingress controller for Kubernetes manages networking, controls traffic, and enhances security on Layers 4 through 7.

Various ingress controllers use NGINX, and there are three iterations of NGINX ingress controller for Kubernetes:


Some features for production-grade app delivery are unique to the NGINX Plus version.

How Does NGINX Ingress Controller Work?

An ingress controller is a Kubernetes cluster component that configures an HTTP load balancer based on the cluster user’s ingress class and other resources. To understand how the NGNIX ingress controller works it is essential to consider NGINX ingress controller configuration.

The goal of an NGNIX ingress controller is assembling an NGINX ingress controller configuration file (nginx.conf). After any change in the configuration file (except changes that impact only an upstream configuration) NGINX must reload. Use lua-nginx-module to reload NGINX.

The most important piece of NGINX ingress controller architecture is the NGINX model. Successful NGINX ingress controller deployment hinges upon understanding when and how to replace the NGINX model.

Typically, an ingress controller checks for updates or needed changes using the synchronization loop pattern. To achieve this, the user builds a model to reflect the state of the cluster in a point in time configuration file using various ingress objects from the cluster, including: configmaps, endpoints, ingresses, secrets, and services.

FilteredSharedInformer, a Kubernetes informer, allows the user to react to changes such as adding or removing objects. However, because there is no way to predict whether any one change will affect the final configuration file, the user must create a new model on every change based on the cluster state for comparison.

If the new model is the same, there is no need for a reload and new NGINX configuration. If the changes are limited to endpoints, the system sends the new endpoints to a Lua handler, and again stops the reload and new NGINX configuration. However, if there are differences between the new and running models beyond mere endpoints, this triggers the creation of a new NGINX configuration and a reload.

For information about Helm installation and a Helm chart, see the NGINX documentation here.

NGINX Ingress Controller Monitoring

NGINX ingress controller metrics are exposed in the Prometheus format. To expose metrics, edit the NGINX ingress controller service with the relevant annotations and port configurations. Then, edit the daemonset.yaml configuration file of the ingress controller to detect the exposed port. Finally, either create AdditionalScrapeConfigs or configure an additional serviceMonitor to enable the Prometheus instance to expose the metrics by scraping the ingress controller endpoints.

NGINX Controller vs Other Kubernetes Ingress Controllers

To make the right architectural choice to deploy a Kubernetes cluster for a specific application, assess the requirements from the business, the developers, and the application itself. Here are a few common comparisons:

Traefik vs NGINX ingress controller

The NGINX ingress controller service uses the NGINX web server as a proxy. The Traefik Kubernetes Ingress provider is an ingress controller for the Traefik proxy.

Originally, Traefik was created to route requests within the dynamic environments of microservices. This led to its canary releases, continuous configuration updates with no restarts, metrics export, REST API, support for multiple load balancing algorithms, support for various protocols, web UI, and many other useful features. Traefik also supports Let’s Encrypt certificates out of the box. However, to access the controller’s high availability users must install and its own KV-storage.

Application Load Balancer (ALB) vs NGINX ingress controller

ALB delivers Layer 7 load balancing of HTTP and HTTPS traffic for Amazon Web Services (AWS) users disappointed by the limited features of the Classic Load Balancer. However, ALB still lacks the full range of capabilities of the NGINX ingress controller, including load balancers (NGINX Plus) and dedicated reverse proxies (NGINX).

HAProxy Ingress vs NGINX ingress controller

HAProxy is a load balancer and proxy server. It offers DNS-based service discovery, a “soft” update to configuration without loss of traffic, and dynamic configuration through API as part of the Kubernetes cluster. HAProxy supports the developer emphasis on optimization, high speed, and efficiency of resource consumption. HAProxy also supports balancing algorithms.

Does VMware NSX Advanced Load Balancer Offer Advanced Kubernetes Ingress Solutions?

Yes. VMware NSX Advanced Load Balancer offers an advanced Kubernetes ingress controller with multi-cloud application services and enterprise-grade features. VMware NSX Advanced Load Balancer’s machine learning based automation and observability bring container-based applications into enterprise production environments.

Vantage is based on a software-defined, scale-out architecture that provides container services for Kubernetes beyond typical Kubernetes ingress controllers, such as observability, security, traffic management, and a rich set of tools to simplify application rollouts and maintenance.

VMware NSX Advanced Load Balancer provides a centrally orchestrated, elastic proxy services fabric with dynamic load balancing, micro-segmentation, security, service discovery, and analytics for containerized applications running in K8s environments. This container services fabric consists of a centralized control plane and distributed proxies:

  • Controller: A central control, management and analytics plane that communicates with the Kubernetes controller, deploys and manages the lifecycle of data plane proxies, configures services and aggregates telemetry analytics from the Service Engines.
  • Service Engine: A service proxy providing ingress services such as load balancing, WAF, GSLB, IPAM/DNS in the dataplane and reporting real-time telemetry analytics to the Controller.


VMware NSX Advanced Load Balancer has a cloud connector model that is agnostic to the underlying Kubernetes cluster implementations. The Controller integrates via REST APIs with Kubernetes ecosystems including Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Red Hat OpenShift, VMware Pivotal Container Services (PKS), VMware Tanzu Kubernetes Grid (TKG), and more.

Learn more here.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.

Network Load Balancer

<< Back to Technical Glossary

Network Load Balancer Definition

A network load balancer distributes network traffic across multiple WAN links, virtual machines, or servers to avoid overloading any single host without using complex routing protocols. Any load balancer sits in front of servers and acts as the “traffic cop” routing requests from clients across capable servers optimally to maximize capacity utilization and speed. The load balancer ensures that servers are not overworked, and redirects traffic to healthy servers when a single server goes down. Likewise, the WAF network load balancer automatically sends requests to a new server when it is added to the server group.

A cloud network load balancer efficiently distributes network load and client requests across multiple servers, ensuring reliability and high availability, and delivering the flexibility to add servers based on demand and remove them later. Load balancing aims to eliminate single points of failure and optimize application reliability.

A global server load balancer (GSLB) is a common type of network load balancer which distributes incoming user requests across groups of servers that are distributed across multiple geographic regions. Because servers are close, either geographically or via network hops, in all but the most extreme cases of server and network failure, organizations enjoy high availability performance from their websites and users experience fast responses to requests.

This image depicts requests from clients moving through a network load balancer and being distributed amongst servers.

Network Load Balancer FAQs

What is a Network Load Balancer?

Network Load Balancers use variables such as destination ports and IP addresses to distribute traffic. They function on OSI Layer 4, so they are not intended to be context-aware or to consider cues at the application layer such as cookie data, content type, user location, custom headers, or application behavior. Network Load Balancers consider only the network-layer information contained inside the packets they direct.

Network Load Balancers offer the following benefits:

  • Ability to scale to millions of requests per second to handle volatile workloads
  • Support for static IP addresses
  • Ability to assign one elastic IP address per enabled subnet
  • Support registering targets including those outside the VPC by IP address
  • Support routing requests on a single EC2 instance to multiple applications and registering each IP address or instance using multiple ports with the same target group
  • Support independent monitoring of service health, with health checks defined at the target group level and many metrics reported there


Network Load Balancer Architecture

A Network Load Balancer layer serves as the single point of contact, distributing incoming traffic  across many registered targets and increasing application availability. Functioning on Layer 4 of the Open Systems Interconnection (OSI) model, each second a Network Load Balancer handles up to millions of requests.

Users can enable multiple Availability Zones for a load balancer to increase the fault tolerance of applications and ensure each enabled Availability Zone has at least one registered target for each target group. For each enabled Availability Zone, ELB creates a network interface that every load balancer node in the Availability Zone uses to get a static IP address.

What is Load Balancing in Networking?

How does network load balancing work? Load balancing distributes network traffic smoothly and evenly across multiple functional, healthy targets to ensure no one server becomes overloaded. Load balancing spreads workload evenly to increase application responsiveness and availability. Modern software load balancers also enhance application security.

Load Balancing Techniques in Networking

Here are some of the more common methods and technologies for how to use network load balancing.

Network Load Balancer SSL

To establish an encrypted link between a browser and a web server, Secure Sockets Layer (SSL) is the standard security technology. Before passing requests on, a load balancer frequently decrypts SSL traffic; this is called SSL termination. The load balancer thus improves application performance by saving the web servers from needing to engage in decryption.

Unfortunately, SSL termination can expose the application to possible attack as it transmits unencrypted traffic between the load balancers and the web servers. This risk is reduced when the load balancer and the web servers are within the same data center.

The SSL pass-through is another solution in which the load balancer merely passes a request still encrypted to the web server for decryption. This delivers extra security although it uses more CPU power.

Network Load Balancing Failover

Network load balancing failover is an automatic process that, along with failback, moves backend VMs to and from the active pool for the load balancer. These network load balancing techniques allow the system to remove unhealthy VMs and ensure the system is healthy.

Load Balancing and Security

Load balancing is critical to cyber security, especially as more organizations move to the cloud. The load balancer’s innate offloading function defends against distributed denial-of-service (DDoS) attacks by shifting malicious traffic toward a public cloud provider and away from the target server. Hardware defense against DDoS attacks, such as a perimeter firewall, can be prohibitively expensive and demand significant upkeep. Software types of network load balancing with cloud offload provide cost-effective and efficient security.

Load Balancing Algorithms

A variety of network load balancing methods exist. Which load balancing algorithm is best suited for a given use case depends on the specific facts.

  • Least Connection Method. This load balancing algorithm selects the server with the fewest active connections and directs traffic to it. This is ideal when many persistent connections exist for unevenly distributed traffic.
  • Least Response Time Method. This algorithm directs traffic to the server with the lowest average response time and the fewest active connections.
  • Round Robin Network Load Balancing Method. This technique directs traffic to the first available server and then sorts that server to the bottom of the queue. This method is ideal when there are not many persistent connections and servers are of equal specification.


IP Hash. In this case, which server receives the request is determined by the addresses of the clients.

What is a Network Load Balancing Cluster?

There is a difference between a failover cluster and network load balancing and between load balancing and server clustering generally.

A failover cluster provides redundancy and high availability but doesn’t distribute workload. Load balancing improves performance by distributing a workload across multiple servers. Server clustering combines servers to operate as a single entity.

Both network load balancing and server clustering coordinate multiple servers to manage a greater workload, but load balancers can more easily be integrated into existing architecture and used to distribute workload, while server clusters typically demand identical hardware.

Network load balancing clusters incorporate load balancing software and prioritize balancing jobs among all cluster servers. High performance clusters perform specific tasks very rapidly using multiple servers and support data intensive projects such as real-time data processing and live-streaming.

The most basic type of Kubernetes network load balancer is load distribution. Kubernetes operates two methods of load distribution through the kube-proxy feature.

Advantages and Disadvantages of Network Load Balancing

There are a number of advantages of Network Load Balancing to consider:

Connection-based Load Balancing on OSI Layer 4. Load balance both UDP and TCP traffic, routing connections to targets such as microservices and containers.

TLS Offloading. Network Load Balancer supports TLS session termination. This preserves the source IP address for back-end applications and enables users to delegate TLS termination tasks to the load balancer.

Sticky Sessions. Sticky sessions as defined by affinity with the source IP address at the target group level and routes requests from one client to the same target during one session.

Low Latency. Network Load Balancer delivers low latency for sensitive applications.

Preserve Source/Remote IP Address. Network Load Balancer retains the client side source IP address and source ports for the incoming connections unmodified, allowing the back-end to see the client IP address and applications to use it in further processing.

Static IP support. Network Load Balancer automatically provides a single static IP address for every Availability Zone or subnet that applications can use as the load balancer’s front-end IP. This makes using a firewall to allowlist an application easier than it was with Classic Load Balancer.

Elastic IP support. Network Load Balancer provides the possibility of assigning one Elastic IP for each Availability Zone or subnet, essentially offering a fixed IP option.

Long-lived TCP Connections. Ideal for WebSocket kinds of applications, Network Load Balancer supports long-lived TCP connections that can be open for months or even years, which is perfect for adtech, gaming, IoT, and more.

Central API Management. With the same API as Application Load Balancer, Network Load Balancer enables users to conduct health checks, work with target groups, and support containerized applications by load balancing across multiple ports of the same instance.

Zonal Isolation. The Network Load Balancer is designed for single zone application architectures. It automatically fails over to healthy Availability Zones if the existing Availability Zone somehow fails.

Reduced Bandwidth Usage. Most applications experience a cost reduction for load balancing with NLB compared to Classic Load Balancers or Application Load Balancers.

Network Load Balancer Limits

The main disadvantage of Network Load Balancer is no SSL offloading. The inherent qualities of the OSI Layer 4 mean that Network Load Balancer does not support SSL offloading. Application Load Balancer or Classic Load Balancer or other OSI Layer 7 compliant load balancers and software load balancing platforms support SSL offloading.

When to Use Network Load Balancer

Among the best use cases for Network Load Balancer include:

  • A demand for seamless support of high-volume or spiky inbound TCP requests
  • A need to support an elastic or static IP address
  • To support more than one port on an EC2 instance while using container services


Network Load Balancing Services, Software, and Tools

Network load balancing services make implementing network load balancing easy. Similarly, using network load balancing software saves you time, time that would have been spent learning how to configure network load balancing. And while most network load balancer configuration is not too complex, why should your team was time on manual configuration when network load balancing tools and software defined networking load balancing eliminate the need?

Does VMware NSX Advanced Load Balancer Offer Network Load Balancing?

In addition to full-featured load balancing, VMware NSX Advanced Load Balancer offers advanced security, application analytics, application monitoring, multi-cloud traffic management, on-demand autoscaling, and more. The VMware NSX Advanced Load Balancer also deploys in virtualized, bare metal, or container environments, delivering enterprise-grade services that far exceed those of virtualized legacy appliances.

Other load balancers and load balancing platforms offer basic load balancing, but lack the advanced policy support, full-featured load balancing, and enterprise-class features VMware NSX Advanced Load Balancer delivers:

  • Comprehensive persistence
  • Advanced HTTP content switching capabilities
  • DNS services and GSLB across multiple clouds
  • Customizable health monitoring

Learn more about how VMware NSX Advanced Load Balancer delivers a superior network load balancing alternative here.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.


Network Congestion

<< Back to Technical Glossary

Network Congestion Definition

Network congestion refers to a reduction in quality of service (QOS) that causes packet loss, queueing delay, or the blocking of new connections. Typically, network congestion occurs in cases of traffic overloading when a link or network node is handling data in excess of its capacity.

To avoid collapse and reduce the effects of congestion in the network, organizations use various congestion avoidance and congestion control methods. These include:

  • TCP/IP window reduction
  • Fair queueing in network devices such as routers, switches, and other devices
  • Priority schemes which transmit higher priority packets ahead of other traffic
  • Explicit network resource allocation via admission controls toward specific flows

This image depicts network congestion showing: data traveling through network and becoming congetsted on it's way to receivers.


What is Network Congestion?

A highway is congested when it is overloaded with traffic in the form of vehicles. Similarly, a network is congested when it is overloaded with data. And just as is true on the road, network congestion can be the result of temporary circumstances such as high traffic or an attack, or the sign of deeper, chronic problems such as outstanding repairs or misconfiguration—issues that demand more significant solutions.

As far as the end-user is concerned, network congestion feels like slow response times or a “network slow down.” When the internet, the WiFi, or even the computer itself just “feels slow,” that is often the result of network congestion. However, there’s more to network traffic congestion than this.

How to check network congestion and identify issues depends on detecting the effects of congestion in the network:

Bandwidth Usage

Bandwidth is among the most common causes of network congestion. Bandwidth refers to the maximum rate that data can move along a path, or the total capacity of that path. Network congestion happens when there’s just not enough bandwidth to handle the existing amount of traffic. This is the same problem that a road built for 50 cars faces when 200 cars a day try to drive on it.


Latency is the time it takes a data packet to travel from point A to point B. Latency is usually closely connected to other congestion issues such as bandwidth. Back on the road, latency is expressed by the way it takes you 20 minutes to travel from point A to point B on one day during certain conditions and 60 minutes for the same trip under different conditions. The slower time is latency, and it’s a sign of the problem, rather than something that itself leads to network congestion.


Jitter is variation in delay in traffic patterns. Computers, like most humans on the road, prefer predictable, consistent traffic. When traffic is unpredictable or inconsistent, this produces jitter, or variability in delay, causing more network congestion.

On the road, drivers access the highway randomly, which means there may be large bursts of cars trying to merge on at any one time. For networks, such a surge can come from a system user that sends the network large bursts of traffic, consuming excessive bandwidth.

Jitter creates congestion because the computer changes its traffic patterns each time the network tries to adjust. To avoid network collisions, the system pauses sending packets and initiates a random back-off for a period of time measured in milliseconds. This increases congestion as other network transmitters wait before trying again in a cascading effect.

Packet Retransmissions

Speaking of the need to retransmit packets, packet retransmissions can also cause congestion and are typically caused by other congestion issues. Packets that arrive damaged or don’t arrive at all must be resent. Clearly, each time a single packet must be sent two or more times, traffic congestion increases without any incremental benefit. It would be like breaking up a successful carpool.


Often it is packet collisions on the network that trigger the back-off process, described above in relation to jitter. Packet collisions can be caused by poor cabling or bad equipment, and can produce a serious situation, forcing all packets to stop and wait for a clear network to retransmit. This produces even greater congestion and delay, and like with a highway collision, traffic direction is often required.

What Are the Reasons for Congestion in a Network?

Generally, network congestion occurs when a network experiences traffic that is too much for the system. That said, there are five main network congestion causes:

Over-Used Devices

Some devices can handle more traffic than others, by design. Devices such as load balancers, switches, routers, and firewalls are built for network throughput. Additionally, any device’s assigned capacity is theoretical; it may not accurately represent the real-world ability of the device in various scenarios. For this reason, over-utilization is a frequent result of pushing devices to their maximum reported capacity.

Often, structures for using multiple devices are hierarchically designed, with higher-level devices serving lower-level devices. To ensure healthy traffic levels and prevent congestion, it’s critical to ensure within the hierarchy that each level is demanding and receiving appropriate support. Incongruencies between firewalls, routers, switches, and other devices can lead to data bottlenecks.

Back on the road, this kind of problem might look like a freeway transition that was not up to the task of merging multi-lane roads into fewer lanes. The constant use of that device with excess levels of traffic will result in over-utilization of the device, and probably packet drops and high CPU utilization. This in turn produces network congestion.


Over-subscription is usually to blame when a web browsing experience is consistently slower or faster at some times of the day or night. This is because during the day, the network’s peak period, there are more users making demands on network resources than there are at night, the off-peak period for the network. This is like commuting to work on a highway or on a train during rush hour or peak times versus the middle of the day or night when people are all already working or home.

Over-subscription is typically done intentionally to achieve cost savings, which is why it is a common cause of network congestion. For example, a business with 1,000 employees in-house normally needs a 1,000Mbps Internet link. If they’ve moved largely to work from home, they may only need 500Mbps—until a company-wide event strains the system and produces network congestion.

Unneeded Traffic

Unneeded traffic such as streaming video on a work system is another common cause of network congestion. Other examples of unneeded traffic eating up bandwidth include junk VoIP phone calls or unsolicited traffic like advertisements. Use the network management console to identify unneeded traffic.

Antiquated Hardware and Faulty Devices

Hardware, devices, and the ethernet cables and wire connections between them might all require updates or replacements as the organization’s needs change. The data speed and other metrics for each piece of the network should be analyzed as part of a network performance assessment for network congestion.

Security Attack

Various security attacks can cause network congestion, including worms, viruses, and Denial of Service (DoS) attacks.

Deficient Design or Misconfiguration

Poor design or device misconfiguration is a more serious cause of network congestion. Each network must be designed to handle the right loads and configured to meet that organization’s needs. An optimized network connects all segments while maximizing performance across each of them.

A broadcast storm is a good example of this issue. This problem causes severe performance degradation when the network experiences a large mass of broadcast or multicast traffic in a short time. Broadcasts are contained inside subnets, so a broadcast storm can have more serious effects on larger subnets. Designing a network that has large subnets without giving proper consideration to broadcast storms can cause network congestion. To avoid this problem, create subnets near where large amounts of data will be stored to allocate performance where it’s needed.

How to Solve Network Congestion Issues?

Monitor and Analyze Network Traffic

The starting point for solving most network congestion issues, especially for too many devices, over-utilized devices, or an insufficient network design, is monitoring and analyzing network traffic. This will help identify where congestion may exist and highlight under-utilized regions that are ripe for re-allocation to improve performance. With deeper insights into network traffic, it’s possible to take intelligent steps toward reducing network congestion.

Monitor during heavy traffic times to diagnose network congestion, especially during peak hours when many devices are connected, or during company wide events. The right network discovery tool can help reveal the source of network congestion. Scan cloud servers, virtual networks, and all other wireless devices and networks with a network discovery program to identify servers, devices, and even users eating up too much bandwidth.

After identifying the issues with bandwidth usage, update the network infrastructure to allocate it more effectively during peak times.


Speaking of bandwidth, network congestion is less likely when the network can transmit more data, making increasing bandwidth an obvious solution. However, a network, like a chain, is only as strong as the weakest—or in this case the slowest—component.

Segmenting and Prioritizing

Traffic monitoring produces an additional benefit: the capacity to design or re-design a bespoke, optimized network for any business. To do that, segment the network into smaller sub-networks to create space for practical priorities and increase efficiency. This permits more accurate monitoring as it produces a more viable network, increasing or reducing data traffic as needed to impact the areas most affected by network congestion.

Prioritization means placing appropriate emphasis or priority on key network processes over less- or non-essential traffic to reduce network congestion. Prioritizing must be done carefully to avoid the wrong design or configuration—which can exacerbate the problem it is meant to resolve.

Business critical traffic can be a mix of typical business network traffic types, including multicast traffic for real time media streams, broadcast traffic for network operation, and unicast traffic to support everyday voice, data transfer, and video functions. Network devices cannot automatically distinguish which of this intermixed traffic should get a priority share of bandwidth without special configuration. This is the realm of Quality of Service (QoS) protocols.

Quality of Service allows traffic to share the same network, but classified and forwarded in an unequal way based on preset rules. QoS is like a police escort that helps real-time applications and business critical traffic through network congestion.

Assess Your Devices

The number, type, and bandwidth usage of network devices affects the whole network’s data processing. In some cases, some network users might accidentally be incorrectly using devices, while other users could be using “legacy devices” that are not well-supported. Older and inefficient device usage both contribute to network congestion, so assess each device to reduce or even prevent network congestion.

Assess Your Network Architecture

Network architecture should be built to provide each user with the appropriate network bandwidth. The wrong network architecture can cause network congestion.

For example, a large company is more likely to deploy a “client/server” network architecture than a “peer-to-peer” network which can provide too much access and bandwidth to users. Instead, allocate access according to needs-based, specific “tiers” for all users. IT or the C suite can ultimately control processing speeds, access levels, and other network permissions to reduce the risk of network congestion.

Other areas to explore when considering how to reduce network congestion include:

  • Optimize the TCP/IP settings to balance the packet send/request speed
  • Use a CDN (Content Delivery Network) that will place more requests on edge servers to optimize resources
  • Use choke packets to prevent network congestion by reducing sender device output
  • Choose multi-hop routing for traffic so whenever the default route starts queueing traffic will be routed over a different path
  • Assess security attacks and attack attempts in your internet connection logs and elsewhere
  • Use a VPN to bypass congestion
  • Using redundancy models
  • Conduct LAN performance network congestion tests

Does VMware NSX Advanced Load Balancer Offer Network Congestion Monitoring Tools?

Yes. VMware NSX Advanced Load Balancer’s comprehensive traffic monitoring platform distributes network traffic across multiple servers to ensure no single server triggers network congestion as it bears too much demand. By creating and distributing an even workload, application responsiveness, availability, and security all increase. Learn more about our approach to network congestion management here.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.

Network Address Translation

<< Back to Technical Glossary

Network Address Translation Definition

Network Address Translation (NAT) is a process that enables one, unique IP address to represent an entire group of computers. In network address translation, a network device, often a router or NAT firewall, assigns a computer or computers inside a private network a public address. In this way, network address translation allows the single device to act as an intermediary or agent between the local, private network and the public network that is the internet. NAT’s main purpose is to conserve the number of public IP addresses in use, for both security and economic goals.

This image depicts network address translation (NAT) and the process of syncing all device addresses to a secure server.

Network Address Translation FAQs

What is Network Address Translation?

Network Address Translation (NAT) conserves IP addresses by enabling private IP networks using unregistered IP addresses to go online. Before NAT forwards packets between the networks it connects, it translates the private internal network addresses into legal, globally unique addresses.

NAT configurations can reveal just one IP address for an entire network to the outside world as part of this capability, effectively hiding the entire internal network and providing additional security. Network address translation is typically implemented in remote-access environments, as it offers the dual functions of address conservation and enhanced security.

What is the Purpose of NAT?

To communicate with the internet, a networking system requires a unique IP address. This 32-bit number identifies and locates the network device so a user can communicate with it.

The IPV4 addressing scheme of past decades technically made billions of these unique addresses available, but not all could be assigned to devices for communication. Instead, some were exempted and used for testing, broadcast, and certain reserved military purposes. While that left over 3 billion for communication, the proliferation of the internet has meant the addresses were near exhaustion.

The IPv6 addressing scheme was introduced as the solution to this weakness in the IPv4 addressing scheme. IPv6 recreates the addressing system so there are more options for allocating addresses, but it has taken several years to alter the networking system infrastructure and to implement. NAT was introduced by Cisco in the meantime and widely deployed.

How Network Address Translation Works

Network address translation permits a single device, such as a NAT firewall or NAT router or other network address translation device, to act as an agent between the public network and private networks—the internet and any local networks. This allows an entire group of devices to be represented by a single unique IP address when they do anything outside their network.

NAT works like a large company’s receptionist, with specific instructions on which calls and visitors to keep out, make wait, or send through, and where they should go. For example, you can tell the receptionist not to forward any visitors or calls without your request until you’re waiting for something specific; you can then leave instructions about letting that particular client communication through.

The client calls the company’s main number, because that public-facing number is the only one anyone knows. They tell the receptionist they need to speak with you, and the receptionist a) checks the instructions and knows you want the call forwarded, and b) matches your extension with a list to send the information to the right place. The caller never gets your private line.

Network address translation works similarly. The request arrives at the public IP address and port, and the NAT instructions send it where it should go without revealing the private IP addresses of the destinations.

NAT Network Address Translation Example

As a NAT network address translation example, an inside host may want to communicate with a destination network address translation web server address in the outside world. For further communication, it will send a data packet to the network’s NAT gateway router.

The NAT gateway router determines whether the packet meets the condition for translation by learning the source IP address of the packet and looking it up in the table. It can locate authenticated hosts for the internal network translation purposes on its access control list (ACL), and then complete the translation, producing an inside global IP address from the inside local IP address.

Finally, the NAT gateway router will route the packet to the destination after saving the translation in the NAT table. The packet reverts to the global IP address of the router when the internet’s web server reverts to the request. Referring back to the NAT table, the router can determine which translated IP address corresponds to which global address, translate it to the inside local address, and deliver the data packet to the host at their IP address. The data packet is discarded if no match is found.

Types of Network Address Translation

There are many forms of NAT and it can function in several ways.

Static network address translation SNAT. SNAT maps unregistered IP addresses using 1 to 1 network address translation to match up with registered IP addresses. It is particularly useful when a device needs to be accessible from outside the network.

Dynamic network address translation DNAT. This form of NAT selects a target from a group of registered IP addresses and maps an unregistered IP address to the registered version.

Reverse network address translation RNAT. RNAT allows users to connect to themselves using the internet or public network.

Overloading network address translation NAT. This is also known as NAT overload, port-level multiplexed NAT, single address NAT, or port address translation (PAT). This form of dynamic NAT uses different ports to map multiple private, local, unregistered IP addresses to a single registered IP address and distinguish which traffic belongs to which NAT IP address. In terms of port address translation vs network address translation, PAT is often most cost-effective when many users are connected to the internet through just one public IP address.

Overlapping network address translation NAT. Overlapping NAT can happen either when two organizations whose networks both use RFC 1918 IP addresses merge, or when registered IP addresses are assigned to multiple devices or otherwise in use on more than one internal network. In both cases, the networks need to communicate, and the organization(s) use overlapping NAT to achieve this without readdressing all devices.

The NAT router intercepts addresses, and maintains a table of them so that it can replace them with registered unique IP addresses. The network address translation router must both translate registered external IP addresses to those unique to the private network and translate internal IP addresses to registered unique addresses. It might achieve this either by using DNS to implement dynamic NAT or through static NAT.

In the network address translation context, the internal network, commonly referred to as the stub domain, is usually a local area network LAN that uses IP addresses internally. Most stub domain network traffic is local, remaining inside the internal network. A stub domain may include both unregistered and registered IP addresses.

Network Address Translation Configuration

A traditional NAT configuration requires at least one interface on a router (NAT outside); another interface on the router (NAT inside); and a configured set of rules for translating the IP addresses in the packet headers and possibly payloads.

In this example of network address translation configuration, IT configures the NAT router as follows. Whenever a device on the inside with an unregistered (inside, local) IP address needs to communicate with the (outside, public) network, the router translates those unregistered addresses residing on the private (inside) network to registered IP addresses.

  • The organization receives a range of registered, unique IP addresses assigned by the ISP. The assigned list of addresses are called inside global addresses.
  • The team splits unregistered, private addresses into one small group and one much larger group. The stub domain will use the larger group, called inside local addresses. The NAT routers will use the small group, called outside local addresses, to translate the outside global addresses or unique IP addresses of devices on the public network.
  • Most stub domain computers communicate with each other using inside local addresses. There are inside global addresses for those stub domain computers that communicate extensively outside the network, meaning they do not require translation.
  • However, when a typical stub domain computer with an inside local address needs to communicate outside the network, it sends the packet to a NAT router.
  • The NAT router checks for the destination address in the routing table. If it has an entry for that address, the NAT router translates the packet and enters that action into the address translation table. The NAT router drops the packet if the destination address is not in the routing table.
  • The router sends the packet on using an inside global address.
  • A public network computer sends a packet to the private network. The packet’s destination address is an inside global address and its source address is an outside global address.
  • The NAT router confirms that the destination address maps to a stub domain computer by checking the address translation table.
  • The NAT router sends the packet to the destination computer after translating the packet’s inside global address to the inside local address.


NAT overloading uses multiplexing, a TCP/IP protocol stack feature. Multiplexing enables a computer to maintain multiple connections with remote computer(s) concurrently using different ports. The header of an IP packet contains:

Source Address. The originating computer’s IP address, for example,
Source Port. The assigned TCP or UDP port number for this packet, for example, Port 1060
Destination Address. The receiving computer’s IP address, for example,
Destination Port. The TCP or UDP network address translation port number the destination computer should open, for example, Port 2170

These four numbers combined represent a single TCP/IP connection. The addresses clarify the two computers at each end, and the port numbers provide a unique identifier for the connection between the two computers. Although there are a possible 65,536 values here since each port number uses 16 bits, different ports are mapped in slightly different ways, so about 4,000 available ports is realistic.

Dynamic NAT and NAT Overloading Configuration

In dynamic network address translation:

  • IANA (Internet Assigned Numbers Authority), the global authority that assigns IP addresses, is the only source of unique IP addresses. Where a stub domain or internal network has been set up with IP addresses that IANA did not specifically allocate for them, the addresses are not unique and are therefore non-routable.
  • The organization sets up a router enabled for NAT that contains a range of unique IP addresses from IANA.
  • A stub domain computer attempts to connect to an outside computer.
  • The router receives the stub domain computer’s packet.
  • The NAT-enabled router saves the non-routable IP address from the sending computer to an address translation table. The router maps the first available IP address outside the zone of unique IP addresses to the sending computer to replace the non-routable IP address.
  • The router now checks each packet’s destination address when it arrives from the destination computer, and verifies which stub domain computer the packet belongs to with the address translation table. If it finds no match, it drops the packet. Otherwise, it locates the alternative for the destination address saved in the address translation table and sends it.
  • The computer receives the packet and the process continues as long as the external system and the computer communicate.


In NAT overloading:

  • As in the previous dynamic NAT example, a stub domain or internal network has been set up with non-routable, non-unique IP addresses not specifically allocated for them, so the organization sets up a router enabled for NAT that contains a unique IP address from IANA.
  • A stub domain computer attempts to connect to an outside computer.
  • The NAT-enabled router receives the stub domain computer’s packet.
  • The NAT router saves the non-routable IP address and port number from the sending computer to an address translation table. The router maps a port number and the router’s IP address to the sending computer to replace the non-routable IP address and port number.
  • The router checks the destination ports of packets that return from the destination computer and confirms which stub domain computer the packet belongs to. It replaces the destination port and address with the saved versions from the address translation table and sends them.
  • The computer receives the packet and the process continues as long as the external system and the computer communicate.
  • The NAT router will continue to use the same port number throughout the connection, as it has the computer’s source port and address saved to the address translation table. If the communication ends without the entry being accessed again, the router removes the entry from the table.


In contrast to the computer described above in the traditional NAT configuration, this is how stub domain computers might appear to external networks:

Source Computer 1

IP Address:
Computer Port: 620
NAT Router IP Address:
NAT Router Port Number: 1

Source Computer 2

IP Address:
Computer Port: 80
NAT Router IP Address:
NAT Router Port Number: 2

Source Computer 3

IP Address:
Computer Port: 1560
NAT Router IP Address:
NAT Router Port Number: 3

The NAT-enabled router stores each source computer’s IP address and port number. It uses its own registered IP address and port numbers to replace the IP address and the port number that correspond to that packet’s source computer in the table. In place of the source-computer information on each packet, any external network sees the NAT router’s IP address and the assigned port number.

Some stub domain computers do use dedicated IP addresses. In these situations their IP addresses can pass by the NAT router untranslated if you create an access list of IP addresses that clarifies for the router which network computers require NAT.

A router’s Dynamic Random Access Memory (DRAM) is the main factor that determines the number of simultaneous translations that it can support. A typical address-translation table entry requires about 160 bytes, so for most applications, a router with 4 MB of DRAM is sufficient.

According to IANA and RFC 1918, there are specific ranges of IP addresses for use as internal network addresses that are non-routable. These addresses are unregistered, meaning no agency or company can use them on public computers or claim ownership over them. Instead of forwarding unregistered addresses, routers are designed to discard them. Therefore, a packet from an unregistered sending computer address could reach its registered computer destination, but the first router the reply came to would discard it.

To reduce the chance of an IP address conflict, it pays to follow the range for each of the three classes of IP addresses in your internal networking:

  • Range 1: Class A – through
  • Range 2: Class B – through
  • Range 3: Class C – through


However, this is a best practice, not a requirement.

NAT Router

Using NAT overload, a NAT router creates a network of IP addresses for a local area network LAN and connects the public network that is the internet to that LAN network. The router executes the NAT permitting communication between WAN or internet and the host devices or computers on the LAN network. Because NAT routers appear to be a solo host with a solo IP address to the internet, they are used for small scale industries and home purposes.

Advantages of Network Address Translation

Advantages of NAT

Address conservation. NAT conserves IP addresses that are legally registered and prevents their depletion.

Network address translation security. NAT offers the ability to access the internet with more security and privacy by hiding the device IP address from the public network, even when sending and receiving traffic. NAT rate-limiting allows users to limit the maximum number of concurrent NAT operations on a router and rate limit the number of NAT translations. This provides more control over the use of NAT addresses, but can also be used to limit the effects of worms, viruses, and denial-of-service (DoS) attacks. Dynamic NAT implementation creates a firewall between the internal network and the internet automatically. Some NAT routers offer traffic logging and filtering.

Flexibility. NAT provides flexibility; for example, it can be deployed in a public wireless LAN environment. Inbound mapping or static NAT allows external devices to initiate connections to computers on the stub domain in some cases.

Simplicity. Eliminates the need to renumber addresses when a network changes or merges.
Network address translation allows you to create an inside network virtual host to coordinate TCP load-balancing for internal network servers.

Speed. Compared to proxy servers, NAT is transparent to both destination and source computers, allowing for quicker direct dealing. In addition, proxy servers typically work at the transport layer or layer 4 of the OSI Reference Model or higher, making them slower than network address translation, which is a network layer or layer 3 protocol.

Scalability. NAT and dynamic host configuration protocol (DHCP) work well together, with the DHCP server doling out unregistered IP addresses for the stub domain from the list as necessary. Scaling up is easier, since you can increase the available range of IP addresses the DHCP configures to make room for additional network computers immediately instead of requesting more IP addresses from IANA as needs increase.

Multi-homing. Multiple connections to the internet, called multi-homing, helps maintain a reliable connection and reduces the chance of a shutdown in case of a failed connection. This also enables load-balancing via reducing the number of computers using any single connection. Multi-homed networks often connect to multiple ISPs, each assigning a range of IP addresses or a single IP address to the organization. Routers use network address translation to route between networks using different network address translation protocols. In a multi-homed network, the router uses part of the TCP/IP protocol suite, the border gateway protocol (BGP), to communicate; the stub domain side uses internal BGP or IBGP, and routers communicate with each other using external BGP or EBGP. Multi-homing reroutes all data through another router should one of the connections to an ISP fail.

Disadvantages of NAT

Resource consumption. Network address translation is a technology that consumes memory resources and processor space, because it must translate IPv4 addresses for all outgoing and incoming IPv4 datagrams and retain the details from translation in memory.

Delays. Path delays are caused by translation results in switching path delays.
Functionality. Some applications and technologies will not function as expected with NAT enabled.

Traceability. Network address translation complicates protocols for tunneling. IPsec is the secure protocol recommended for network address translation.

Layer issue. A router is a device for the network layer, yet as a NAT device it is required to tamper with the transport layer in the form of port numbers.

Does VMware NSX Advanced Load Balancer Offer a Network Address Translation Software Solution?

VMware NSX Advanced Load Balancer’s Platform, a software-defined application services fabric, enforces access control policies and captures and analyzes end-to-end application traffic, delivering services far beyond load balancing.

When new application servers are deployed, the servers need external connectivity for manageability. In the absence of a router in the server networks, the VMware NSX Advanced Load Balancer SE can be used for routing the traffic of server networks by using the IP routing feature of Service Engines. The Service Engine (SE) NAT functionality covers this, and serves as a NAT gateway for the entire private network of servers.

NAT will function either through IP routing on Service Engine, the SE default gateway feature, or in the post-routing phase of the packet path. To use outbound NAT functionality, it’s necessary to enable IP routing on the Service Engine and use the SE as a gateway.

VMware NSX Advanced Load Balancer supports outbound NAT for TCP/UDP, and ICMP flows.

There are three outbound NAT use case options:

  • NAT Flows (show NAT flow information)
  • NAT Policy Stats (show NAT policy stats)
  • NAT Stat (show NAT statistics)


The platform also enables Source NAT or SNAT for application identification. The source IP address used by VMware NSX Advanced Load Balancer SEs for server back-end connections can be overridden through an explicit user-specified address—the source NAT (SNAT) IP address. The SNAT IP address can be specific as part of the virtual service configuration.

In some deployments, to provide differential treatment based on the application, it’s essential to identify traffic based on source IP address. For example, in DMZ deployments security, firewall, visibility, and other types of solutions may need to validate clients using the source IP before passing traffic on to an application.

Source NAT can be used with either high availability (HA) mode: elastic HA or legacy HA. The configuration requirements differ depending on whether the SE and back-end servers are in the same subnet (connected at Layer 2) or in different subnets (connected at Layer 3).

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.

Network Performance Management

<< Back to Technical Glossary

Network Performance Management Definition

Network performance management NPM is the collection of methods that manage, enable, and ensure a computer network’s optimal performance levels. Typically, network performance management demands the routine monitoring of quality and performance service levels for each network component and device.

In general, network performance management reviews performance metrics at a granular level from across the network. For example, NPM reviews router performance and measures it at each port.

Key network performance management functions include:

  • Error rates
  • Network delays
  • Packet loss
  • Packet transmission
  • Throughput


Network performance management takes a proactive approach to identifying and reducing bottlenecks and other network problems. These issues affect not only end users, but also business operations as a whole, including basic internal maintenance tasks.


Image depicts Network Performance Management example with VMware's vRealize Operations Manager dashboard.

Network Performance Management FAQs

What is Network Performance Management?

Modern IT infrastructure demands the actionable insights made possible by end-to-end visibility because it is more complex than ever before. Networks deploy a broad range of components to improve productivity, enhance network performance, and enable a positive user experience.

Maintaining this level of comprehensive visibility is a challenge given that technology stacks have both expanded into third party SaaS applications and increased in density locally. The effects of any one component experiencing performance issues can be wide-reaching, and it is often difficult or impossible to pinpoint the catalyst of the resultant problems across such a broad swath of components without granular network performance management solutions.

NPM identifies and mitigates problems related to internal functions by assessing the performance metrics of each network infrastructure component. Real-time monitoring of performance data or performance logs enables IT teams to proactively resolve network-based performance issues by identifying potential causes of outages before they create a negative user experience. This level of greater insight and the improved performance it enables are among the benefits of NPM.


Network Performance Management Strategy?

NPM involves establishing a strategy of network operations, policies, and workflows intended to prevent, mitigate, and solve network performance issues. Selecting network performance management software vendors and protocols depends largely on the particular needs of a business, but there are several NPM best practices that can help improve IT operations while reducing the chance of problems.

Gather High Quality Data

Reviewing appropriate performance metrics is critical to effective NPM. It is a challenge to sift through the wide range of information a complex network generates.

Network performance management tools streamline the process by monitoring data relating to bandwidth usage, network node outages, network traffic analysis, packet loss, and SNMP performance. They then convey relevant information to IT for evaluation, or analyze the data using artificial intelligence/AIOps or machine learning.

Analyze Network Management Performance Metrics Carefully

Effective network monitoring tools can provide a host of performance metrics that offer data about the health of the IT stack because so many different components are involved in keeping any network operational. It’s easier to spot troublesome areas for performance with a more comprehensive view into a multi-layered network, but it’s just as important to have insight into which specific metrics offer the correct insights. With the right data in hand, improve user experience and productivity as you mitigate problems with more carefully tailored network management policies.

Collect Data Automatically

Automatic data collection is essential because it can take time to identify a pattern of performance problems. Effective network performance management software logs all performance issues, such as the circumstances surrounding each problem. The IT team is better able to assess which problems demand closer monitoring or more in-depth investigation by referring to a log of past concerns.

Identify Security Issues

Security threats such as malware are often the cause of poor network performance, and can quickly spell disaster for the network and the business. An NPM system should be capable of detecting unsecured network devices, malware, and other network vulnerabilities. This allows IT to develop network fault & performance management protocols to manage and prevent weaknesses before confidential data or end users are affected.


Network Performance Management vs Network Performance Monitoring?

Although the terms are similar and easy to confuse, network performance management and network performance monitoring are distinct in terms of both intent and purpose.

Network performance monitoring processes are aimed at identifying bottlenecks in performance. In contrast, the network performance management process helps mitigate problems and restore the network to the required level of performance. NPM analyzes, reviews, maintains, and manages performance based on internal metrics as well as from the user’s perspective.

Network performance monitoring is just one component of NPM, the part that involves the process of watching, collecting, reviewing, measuring, and diagnosing network component metrics. Once these assessments are complete, management begins. NPM is the overall set of procedures, policies, responsibilities, and network flows designed to achieve or maintain optimal network performance.

Network performance monitoring is always an important part of effective network performance management, because smarter decision-making, prevention, and mitigation strategies rely upon the ability to identify the root cause of problems. However, each uses its own set of techniques to pursue a unique set of goals. Network performance monitoring is one tool among many designed to take on the suite of network performance management challenges that might be present in any enterprise.


Application Performance and Network Performance Management?

Better application experience demands real time visibility and analysis of application performance in the context of the network. For several reasons, only more modern network performance management platforms and tools are up to the task of application network performance management and mobile NPM.

Traditionally, organizations have turned to various tools and network utilities to reveal possible causes of performance degradation, such as ICMP, SPAN/ERSPAN, S-Flow, J-Flow, SNMP, and other tools and flows. However, these tend to provide a more basic level of insight, and may fail to provide necessary network performance assurance data. They also tend to add to troubleshooting time and operational complexity because they operate in silos.

Information such as device utilization, port status, and link status are important, but they don’t offer data center application visibility. This is a critical metric for application and network performance management, further confirming the need for a granular view into the network with a unified, application-centric model.

As cloud adoption increases rapidly, organizations are moving from private clouds to hybrid clouds and public clouds. Real time insight into the network from application network performance management solutions is even more critical as new ways of access networking in enterprises, WAN connectivity, and data center networking develop.

Traditional network performance monitoring solutions are ill-equipped to manage the data shift from private to public cloud, which opens organizations to security vulnerabilities. Although multiple vendors provide application network performance management tools for analytics and visibility, a holistic approach that eliminates vendor lock-in with proprietary hardware/software is essential.

Furthermore, at the enterprise level a single vendor does not always provide the underlying infrastructure. Multiple IT infrastructure components send application flows to the upstream analyzer or tool in their own ways. It’s supposed to make troubleshooting easier to use an analyzer, but in practice, managing multiple infrastructure components, tools, and protocols under these conditions can be complex and time consuming.

An innovative network performance management architecture that uses existing tools wherever possible and closes gaps in analysis and visibility with new solutions and tools is the ideal way to achieve an application-centric network. This demands next-generation network performance management tools that integrate tightly with underlying infrastructure, offering better insight into the various flows prevalent in the network and the broader application landscape.

This type of network architecture allows organizations to retain their traditional application flow data collection methods such as physical/virtual taps, Netflow, centralized tools/analyzers, and SPAN by deploying an orchestration/intent layer. This orchestration/intent layer may be customized based on business objectives and the existing environment, and manages all underlying tools from a single pane for ease of analysis and management.


Elements of Network Performance Management?

Some of the common elements of network performance management architecture are as follows.

Intelligent Visualization. Intelligent visualization offers insight into independent solutions and tools, ability to manage network and application performance and tools in one place, and insightful visualization of collected application-centric network data.

Flow-Based Monitoring. Even when organizations use traditional techniques for collecting application flow from the underlying network, flow-based monitoring offers improved visibility into traffic passing through the network.

Big Data, Cloud. Integrates with an analytics platform and flow monitoring from cloud providers to enable end-to-end, centralized data visibility of information flow into the cloud from the enterprise network.

Multiple Domains. Smarter application, device monitoring, and network monitoring architecture consolidates NPM metrics from all possible domains, including traditional IT infrastructure such as applications, network, and voice/video. This holistic view of the entire IT infrastructure is increasingly important with the advent of increased cloud adoption and software-defined networks.

Programmability. Using open APIs to link various components for communication up- and downstream and data analysis and sharing enables customization.

Closed Loop Automation. Closed loop automation enables self-healing by offering built-in intelligence to match possible problems with potential recovery scenarios. This automates the entire process starting with data monitoring and collection through data processing, remediation, and storage.

NPM/APM Platform Convergence. Co-relating metrics and data from both network application performance management and network performance monitoring offers administrators a holistic view for faster troubleshooting and superior visibility.


Does the VMware NSX Advanced Load Balancer Platform Complement Network Performance Management?

Yes. The VMware NSX Advanced Load Balancer Platform is a smart, software-defined load balancer that complements both network performance management and application performance monitoring (APM). VMware NSX Advanced Load Balancer’s APM functionalities include application event alerts, network health monitoring, application log filing, and end user experience monitoring.

VMware NSX Advanced Load Balancer’s elastic load balancing solution can minimize delays and shrink rollout times for applications and new services. The VMware NSX Advanced Load Balancer cloud based platform also offers rapid incident resolution, enabling users to map interactions visually, monitor the health of applications, and see system-wide views at-a-glance.

Learn more about how to manage network performance with an elastic load balancer.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.


Network Function Virtualization

<< Back to Technical Glossary

Network Function Virtualization Definition

Network function virtualization or NFV is a concept in network architecture that decouples hardware and and network functions using virtualization technologies. By virtualizing entire categories of network node functions into modular units, NFV achieves greater scalability in communication and computing services.

NFV utilizes traditional server-virtualization methods like those deployed in enterprise IT, but it is unique. Custom hardware appliances for each network function are not necessary for a virtualized network function (VNF). Instead, one or multiple virtual machines (VMs) deploying distinct processes and software on top of switches and storage devices, typical high-volume servers, or cloud computing infrastructure can comprise a VNF.

Network function virtualization examples include virtualized load balancers, session border controllers, firewalls, WAN accelerators, intrusion detection devices, and more. Administrators may deploy any of these to deliver network services or protect a network without the typical complexity and cost of acquiring and installing physical units.

Network Function Virtualization Diagram compares a typical hardware network appliance approach to NFV.

What is Network Function Virtualization?

Network function virtualization unlinks network services from proprietary hardware appliances, enabling them instead to run in virtual machines as software. Admins can virtualize standard compute, storage, and network function resources and place them on commercial off-the-shelf (COTS) hardware such as x86 servers. Giving available x86 server resources to the VMs keeps network services independent of hardware.

In this way, network function virtualization allows multiple VNFs to run on just one server and scale to consume the free resources that remain. This virtualization of infrastructure also typically results in more efficient use of data center resources. Both outside networks and within the data center, NFV can also virtualize the control plane and data plane.

NFV Performance, Background, and History

In the telecommunication industry, product development has followed rigorous standards for protocol adherence, stability, and quality. However, standards for hardware development led to slow development, long product cycles, and reliance on proprietary hardware. Public internet communications services such as Google Talk, Netflix, and Skype along with consumer demand drove changes to this status quo.

In October 2012, a working group on network function virtualization published a white paper on OpenFlow and software-defined networking (SDN). This paper from the group, part of the European Telecommunications Standards Institute (ETSI), began the movement toward network function virtualization.

To realize the enhanced benefits of virtualization, NFV equipment vendors continue to improve IT virtualization technology to achieve scalability, high availability, improved network management capabilities, and more effective performance. Efficient implementation of carrier-grade features is critical to minimizing the total cost of ownership (TCO). This level of efficiency demands that NFV solutions achieve five-nines availability (99.999%) by effectively using redundant resources.

Virtualization is changing how administrators specify, measure, and achieve availability in NFV solutions. As VNFs replace traditional equipment dedicated by function, a layered, end-to-end, service-based approach from network function virtualization companies is superseding approaches limited by equipment availability. The broken link between specific hardware or equipment and functions allows VNF services to define availability instead.

Different types of NFV functions each come with their own set of user expectations for service availability, and NFV technologies can virtualize a wide range of function types. Therefore, NFV solutions should support a broad spectrum of fault tolerance options. This level of flexibility should allow NFV solution providers to meet any VNF availability requirement.

Network Function Virtualization Infrastructure

NFV allows for a flexible, open architecture with a wide range of deployment options and NFV solutions. The typical NFV architectural framework is made up of three distinct layers:

Virtualized network functions (VNFs)

VNFs are software implementations of network functions, such as load balancing, firewall, IP multimedia subsystems, mobile core, routing, security, or video. Virtualized network functions can be deployed on a network functions virtualization infrastructure (NFVi).

Network functions virtualization infrastructure (NFVi)

NFVi or NFV infrastructure is the universe of all software and hardware components that comprise the deployment environment for NFVs. The NFV infrastructure can stretch across multiple locations, and the networking equipment that connects those locations is part of the NFVi.

Network functions virtualization management and orchestration architectural framework (NFV-MANO)

NFV-MANO includes all functional blocks, the data repositories they use, and the interfaces and reference points through which they exchange information. Information exchange is critical for VNF and NVVi orchestration and management purposes. Similarly, NFV microservices build out highly complex functions solely in the cloud using modular, distributed software components.

NFV is a building block for both the NFVi and the NFV-MANO. The NFV platform serves as virtualization software in both roles. In its NFVi role, it also provides both physical and virtual storage and processing resources. In NFV-MANO mode, the NFV platform operates both virtualization software and NFVi and VNF managers on a hardware controller. In addition, the NFV system also provides important public carrier network requirements, such as carrier-grade monitoring and management features for platform components and tools for security and recovery from failures.

Advantages and Disadvantages of Network Function Virtualization

Network function virtualization can better scale and adjust resources available to applications and services, shorten the time-to-market for new or updated products, and save money. More details about the advantages of network function virtualization include:

Greater efficiency

NFV in IoT or another form of virtualized infrastructure enables increased workload capacity with less—less power consumption, a smaller data center footprint, and similar or reduced cooling requirements. Fewer servers can do the same amount of work because just one server can run multiple VNFs at once.

As network demand fluctuates, software can update organizational infrastructure instead of physical appliance updates to data centers and the network. Network function virtualization also allows multiple functions to run on a single server, eliminating proprietary physical hardware, consolidating resources, and reducing costs.

Reduced vendor lock-in

COTS hardware is all that organizations need to run VNFs, so they help avoid vendor lock-in and proprietary hardware that is expensive to configure and deploy and can easily become obsolete. NFV allows standard hardware to run network functions, replacing dedicated hardware.


NFV is agile, shortening the time-to-market period by allowing for quick changes to the network infrastructure in support of new organizational goals and products. NFV networks also adjust more rapidly to fluctuations in traffic and demand. NFV networks scale the resources provided to them and the number of active VNFs up and down automatically using SDN software.

Challenges in network function virtualization are centered in three aspects of the approach: the VNFs, the NFV manager (NFVM), and the NFV infrastructure (NFVi). Because these three components are so closely interwoven, implementing NFV at scale is complex.

Complexity arises at three points of integration: when the NFV manager and existing computational infrastructure integrate, when the NFV manager and the VNFs integrate, and when various components of the NFV manager must coordinate their activities. To resolve the complexity and allow network function virtualization design elements to innovate freely, simplify these three points of integration.

The fact that multiple organizations have worked to standardize NFV tools over time has driven this complexity. This has evolved into a patchwork of approaches and standards—another of the disadvantages of network function virtualization.

Network Function Virtualization vs SDN

SDN and NFV are not dependent on each other, although they share some traits. Both use network abstraction and rely on virtualization, but they abstract resources and separate functions differently.

The difference between network function virtualization and SDN is that NFV refers to network component virtualization, while SDN refers to network architecture that decouples forwarding functions and network control, injecting programmability and automation into the network.

SDN and NFV together create a network that is built, managed, and operated by software. SDN separates network forwarding and control functions to achieve a centralized, programmable network control. NFV virtualizes network infrastructure, abstracting network functions from hardware. SDN software can run on NFV infrastructure, and together SDN and NFV can create a flexible, resource-efficient, and programmable network architecture.

NFV Implementation

To implement network function virtualization, create and deploy virtualized network functions, or VNFs. VNFs must be strategically built out in sequence as part of a service chain to deliver more complex products or services.

The orchestration process is another aspect of implementing NFV. The orchestration layer of a network must instantiate and monitor VNF instances, and repair and bill for them. These carrier-grade features enable scalable, highly reliable services, reduce maintenance and operational costs, and provide high security and availability.

It is critical that the properly implemented orchestration layer be able to manage VNFs without regard to the underlying technology. In other words, an orchestration layer must be able to manage any sort of VNF from any vendor running on any technology.

Reliable, high performance servers are a central piece of NFV equipment.

NFV architecture relies on server virtualization technology, and the virtualization layer options today are VMware, OpenStack, and container technology. VMware and OpenStack are the main hypervisor options. Container based network function virtualization, while not as widely deployed, offers next generation applications performance benefits.

MANO layer network function virtualization architectures vary, some open standard, some vendor supplied. The principal open source MANO option comes from the Linux Foundation, the Open Network Automation Platform (ONAP). Network operators must customize MANO to meet the specific requirements of their billing and operations architectures.

In the application layer, VNFs provide feature-rich network application code. In more sophisticated settings, network operators will select multiple VNFs from many to be service chained to deliver an expansive network function.

NFV Applications

NFV is applicable across a broad scope of network functions, including mobile networks. Some common applications of network function virtualization include:

  • Content delivery networks (CDN), including content delivery services, such as video streaming
  • Evolved packet core (EPC)
  • IP multi-media subsystem (IMS)
  • Network monitoring
  • Network slicing
  • Load balancers
  • Web Application Firewalls
  • Security functions, including intrusion detection and prevention systems, firewalls, and NAT
  • Session border control (SBC)
  • Software-defined branch and SD-WAN
  • Virtual customer premises equipment (vCPE)

Does VMware NSX Advanced Load Balancer Provide a Load Balancing Solution that Enables NFV?

VMware NSX Advanced Load Balancer makes turnkey, scalable load balancing for NFV deployments possible. Leave proprietary, purpose-built appliances behind with an application delivery controller/load balancer solution that allows NFV to live up to its promise. The VMware NSX Advanced Load Balancer architecture separates the control and data planes for application services such as load balancing and web application firewall and delivers load balancing as a flexible pool of resources that can run in any cloud environment.

With VMware NSX Advanced Load Balancer, a single REST API call provisions new load balancers within seconds and configures virtual services instantaneously. The platform also gathers and processes application data to present insightful security, performance, and end-user analytics about applications.

Learn more about how VMware NSX Advanced Load Balancer enables network function virtualization with the Cisco ACI Integration.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.

Network Monitoring

<< Back to Technical Glossary

Network Monitoring Definition

Network Monitoring, a subset of network management, is a systematic attempt by a computer network to identify slow or failing components before they cause problems. For example, crashed, frozen, or overloaded servers; failed switches; failing routers; and other troublesome components can all potentially cause outages or network failures. Should some problem arise and trigger an outage, it is the role of the network monitoring system to alert the network administrator in a timely way.

Typically, administrators monitor and manage a network using network monitoring tools and software applications. These network monitoring services help users monitor performance, and detect whether a web server is properly connected to worldwide networks and functioning as expected. In fact, many network performance monitoring tools also offer an end-to-end visualization of the networks and the applications.

Diagram depicts Avi Networks network monitoring architecture.

How Does a Network Traffic Monitoring System Work?

The first step of effective network monitoring is identifying the devices to be monitored and their related performance metrics. The next step is selecting an appropriate monitoring interval.

Routers, servers, and switches perform business-critical tasks, so these components demand more frequent monitoring. In other words, internet traffic monitoring intervals rely upon particular parameters and usage and should be selected based on the facts of a specific situation. The best systems allow users to create customized alerts.

A network monitoring design should cover every aspect of IT infrastructure, such as the connectivity, network, and security systems. It should ideally include a single-pane-of-glass view into the network, allow administrators to monitor devices seamlessly, and offer network maintenance, problem detection, reporting, and resolution.

Every web traffic monitoring system should also offer reports for a range of users, including systems administrators, network administrators, and IT management. Finally, a secure network monitoring system should be user-friendly, and offer basic drill down and reporting functionalities.

What Does a Network Monitoring Tool Do?

Network monitoring tools and systems constantly monitor a network’s health and reliability by tracking and logging network parameters and searching for trends. A network monitoring system will watch and compare data transmission rates (throughput), uptime/downtime rates, error rates, response times to inputs and requests (both user-generated and automated), and use-time percentages to parameter thresholds that users set in advance. When levels reach those thresholds, the network monitoring system triggers an alarm and initiates network fault management processes.

There is more than one way network traffic monitoring tools as part of a network monitoring system might alert administrators to performance and security problems that can harm the network. Triggers are events that will generate alarms in the system. An event might refer to a deviation from mean value of a parameter, a crossed threshold parameter value, a change in the state of a node.

Threshold violations generate most alerts, but users can also set a network activity monitor to generate alerts based on time delays or repeat count of threshold violations. For example, a network monitoring and maintenance system can be configured not to generate an alert if a threshold is breached—until it is breached twice in 15 minutes. Similarly, an alert can be generated after an initial threshold violation returns to its baseline value or resets.

Certain threshold violations may be expected. Users may configure a network usage monitor to suppress these types of alerts. In other situations, the same sort of facts may cause multiple threshold violation alerts. Monitoring systems that support deduplication of alerts or consolidation of alerts can eliminate this problem.

How Do Secure Network Monitoring Tools Work?

Ping is a basic network monitoring tool that tests host availability and reachability in an IP network. Ping results data can determine whether a network host is active, or measure the packet loss and transmission time while communicating with a host.

Other common network performance monitoring tools monitor performance at the enterprise network level. Network monitoring systems deploy internet traffic monitoring tools such as mail server (POP3 server) monitoring and Voice over Internet Protocol (VoIP) monitoring applications.

What is Network Performance Management?

Network performance management refers to the total body of techniques used to manage performance across a computer network. The network performance management process demands continuous monitoring of mission critical network performance management functions and metrics.

Application network performance management tools include network connectivity monitoring tools in particular, as well as traffic monitoring systems more generally.

What is Network Monitoring Software?

Some organizations use multiple network monitoring solutions including web traffic monitoring software to manage and monitor their network operations. This can sometimes mean that when there is a problem, it takes using several of these tools, including data, graphs, and reports, to uncover the real source of the problem.

Using integrated network management software allows some users to avoid this issue. This kind of network monitoring service offers cloud based network monitoring in real-time and provides more detailed insights into the issues that are slowing down the network. This in turn enables quicker fixes and less downtime.

The right network monitor software depends on your organization, so any package, whether it is a free version or a more premium offering, should offer targeted capabilities and scalability. Remote network monitoring solutions such as those that are software- or cloud-based offer the benefits of internal network monitoring without the need for a network monitoring server.

Availability Monitoring vs Interface Monitoring vs Server Monitoring

Availability monitoring simply refers to the totality of hardware, IT infrastructure, software, network monitoring tools, and other solutions an organization uses to ensure that its resources are available to meet its business needs. Monitoring and managing IP addresses and network connections constantly helps ensure high levels of network resource availability.

This is a continuous monitoring process that helps protect bandwidth availability, storage space, and application functionalities. Availability monitoring includes traffic monitoring and analysis, but it is not limited to that type of monitoring.

Any given network uses various kinds of interfaces, such as Gigabit Ethernet and Fast Ethernet, or very high-speed Fiber channel interfaces. Any interface is the entry and exit point on a device for packets—each of which provides a service.

Poor user experience can result from any packet loss, discards, errors, utilization limits, or of course downtime on the part of the interface. Interface monitoring and sometimes network speed monitoring watch for these kinds of issues and offer alerting and reporting options when there are problems.

Server monitoring is part of what network monitoring systems do as they gather interface statistics from network devices with SNMP or ping.

What is a Throughput Monitor?

Network throughput refers to how much data a given network transmits over a set time period. For instance, an Ethernet connection that transfers data at a rate of 40 Megabits per second has a 40 Mbps throughput.

Network throughput monitoring or throughput monitoring protects these high speed transmission rates. Application throughput monitoring focuses on the throughput speed of a specific application.

Does VMware NSX Advanced Load Balancer offer a Real Time Network Monitoring Solution?

VMware NSX Advanced Load Balancer is a smart, software-defined load balancer, but it does far more. Its features include multi-cloud traffic management, real time traffic monitoring, application performance monitoring (APM), security, predictive autoscaling, and container services.

VMware NSX Advanced Load Balancer’s elastic load balancing solution can do many of the same things a dedicated APM tool does, including shrinking rollout times for applications and new services, minimizing delays. The platform also provides rapid incident resolution, allowing users to see system-wide views at-a-glance, monitor the health of applications, and map interactions visually.

Learn more about the benefits of VMware NSX Advanced Load Balancer’s elastic load balancer as a cloud based network monitoring solution here: APM Tools | Network Monitoring Simplified.

For more on the actual implementation of load balancing, security applications and web application firewalls check out our Application Delivery How-To Videos.