Table of Contents
Load Balancers are an integral part of any datacenters and most of the enterprise applications are usually clustered for high availability and load distribution. Choice of the load balancer becomes very critical when applications are distributed across Datacenters/Cloud.
This blog series is focused on demonstrating how can we leverage Avi Load Balancer (NSX ALB) for local/global load balancing for Enterprise applications in VMC on AWS.
If you are new to Avi Load Balancer, then I will encourage you to learn about this product first. Here is the link to the official documentation for Avi Load Balancer
Also, I have written few articles around this topic and you can read them from the below links:
1: Avi Load Balancer Architecture
2: Avi Controller Deployment & Configuration
3: Load Balancing Sample Application
The first 2 part of this blog series is focused on deployment & configuration of Avi LB in single SDDC for the local load balancing. Later I will demonstrate how to achieve global load balancing using the GSLB feature of Avi.
Part 1 is focused on Avi Controller & Service Engine deployment/configuration.
The below diagram shows high-level network connectivity between SDDC and Avi Load balancer components.
Pre-Requisites
Before attempting to deploy Avi load balancer components, please make sure the following pre-requisites are met.
- SDDC in VMC on AWS is deployed and firewall rules are configured for SDDC Access.
- Logical Segments for Avi LB are provisioned.
- Logical Segment for the workload is provisioned and sample workloads are deployed.
- (Optional) DNS server is deployed for name resolution. DNS records are in place for Avi controllers, SE ad sample workloads.
- (Optional) Jump box deployed for local access to SDDC.
Create Logical Segments
I have the following logical segments provisioned in my SDDC. Avi controllers will connect to the Mgmt-LS segment and SE VMs will have one leg on Mgmt LS and one on VIP LS.
Sample web servers that need to be load balanced will be attached to WLD LS.
Deploy Avi Controller
For POC/Lab environments, a single Avi controller will suffice. For production environments, it’s advisable to deploy 3 controllers and cluster them.
Important Note: In VMC on AWS Avi Load Balancer deployment is supported only in No Orchestrator mode. This is very clearly documented in Avi official documentation
Avi Controller is available in ova format and deployment is pretty straight forward so I am not including the ova deployments steps.
Once controller VM boots up and services are initialized, connect to the controller by typing https://<Avi-Controoler-Fqdn> to finish the initial configuration.
Configure credentials and email for the admin user.
Configure DNS server and backup passphrase.
(Optional) Configure Email settings.
Select No Orchestrator for orchestrator integration.
Select No for multiple tenants.
Clicking on No will complete the initial configuration for the Avi Controller and will land you on the Avi dashboard.
Create and Deploy Avi Service Engine
Since we have configured the controller in No Orchestrator mode, we have to manually deploy the Avi Service Engine VM via the ova file. This ova file is first needs to be created from the Avi Controller portal.
Important: SE ova package generated from Avi Controller is coupled with the generating controller and can’t be used in deployment with any other Avi Controller.
To generate the Avi SE ova package, navigate to Infrastructure > Clouds > Default-Cloud and click on the arrow button, and select ova format.
SE ova package generation takes 1-2 minutes and will be downloaded automatically.
Upload Avi SE ova to Content Library
Service Engine VM’s can be created directly from the downloaded ova file. For faster deployment of Avi SE VM’s, upload the ova file to a content library, so that it can be used time and again without having to upload ova to vCenter every time a new SE VM instance is needed.
Fetch Cluster UUID and Authentication Token
During Avi SE deployment, we need to pass two parameters Cluster UUID & Auth Token. These parameters register the Avi SE with the Avi Controller.
To fetch Cluster UUID go to the Default-Cloud and click on the Key button and make a note of the same.
Note: If you are deploying more than one SE VM, then you need Auth Token/SE VM.
Deploy Service Engine VM
Create a new SE VM selecting deploy from the template wizard and continue through the wizard.
Under the Select Networks page, make sure eth0 is mapped to the Management port group and eth1 to the Avi VIP network. You can leave Data Network 2-9 to the default setting.
On the customize template page, punch in the following info:
- IP Address of the Avi Controller.
- Authentication token for Avi Controller: fetched from the previous step.
- Controller Cluster UUID for Avi Controller: fetched from the previous step.
- Avi SE network information (IP Address/Subnet Mask/GW).
- DNS Server Info.
Repeat the process for the additional SE VM.
Once all SE VMs comes up, they will be registered with the Avi Controller and their status can be viewed under Infrastructure > Service Engine.
At this point, Avi SE VMs have established the control and management plane communication with the Avi Controller.
Next, we have to configure the VIP network to set up the SE data path.
Configure Avi SE Data Network
First, make a note of the Mac Address of the network chosen for Avi VIP.
Edit the Service Engine properties.
Find out the interface which has the same mac address that you noted earlier, and then enter the IP address that SE VM will use for establishing the data plane.
The last step is to add a default gateway for the SE Data network.
To do so, navigate to the Infrastructure > Routing > Static Route page and add a default static route as shown below.
Configure DRS Anti-Affinity Rules
For production environments, it’s highly encouraged to have DRS Anti-Affinity rules for the Avi Controller and Avi SE VM’s.
I am running a single node SDDC in VMC, so this step doesn’t apply to my setup.
And that’s it for this post. In the next post of this series, I will walk through the steps of configuring load balancer configuration for a sample web server.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂