Proxy Support for Azure Deployment with Avi Vantage

Overview of Proxy Support for Azure Deployment

Starting with release 17.2.13, Avi Vantage supports Azure cloud deployment in a proxy environment. This feature can be used if the Avi Controller has to communicate through a proxy server. During the cloud deployment, Avi Controller makes API calls. With this new feature, API calls are also allowed through the proxy server at the deployment site.

Use case

In an environment where the Avi Controller is behind a proxy server, the proxy configuration option is used.

Configuring Avi Vantage

The proxy support for the Azure cloud on an Avi Vantage can be enabled by using the proxy_configuration knob under the configure systemconfiguration option. This feature supports proxy configuration with the server with basic authentication and without basic authentication too. The following are the four parameters which are configured while enabling proxy support for the cloud.

  • Host: IP address of the proxy server.
  • Port: The port number over which the Avi Controller will communicate to the proxy server.
  • Username: username of the proxy server (only If the basic authentication is enabled on the proxy server).
  • Password: password to access the proxy server (only if the basic authentication is enabled on the proxy server).

Follow the steps mentioned below to enable the proxy support:

Login to the shell prompt of the Avi Controller. Execute the proxy_configuration command under the configure systemconfiguration mode, and provide the details of the required parameters for the proxy server as shown below.


[admin:10.1.1.1]: > configure systemconfiguration
Updating an existing object. Currently, the object is:
+----------------------------------+---------------------------------------+
| Field                            | Value                                 |
+----------------------------------+---------------------------------------+
| uuid                             | default                               |
| dns_configuration                |                                       |
|   server_list[1]                 | 10.10.0.100                           |
|   search_domain                  |                                       |
| ntp_configuration                |                                       |
|   community                      | <sensitive>                           |
|   sys_contact                    | support@avinetworks.com               |
|   version                        | SNMP_VER2                             |
| ssh_ciphers[1]                   | aes128-ctr                            |
| ssh_ciphers[2]                   | aes256-ctr                            |
| ssh_ciphers[3]                   | arcfour256                            |
| ssh_ciphers[4]                   | arcfour128                            |
| ssh_hmacs[1]                     | hmac-sha2-512-etm@openssh.com         |
| ssh_hmacs[2]                     | hmac-sha2-256-etm@openssh.com         |
| ssh_hmacs[3]                     | umac-128-etm@openssh.com              |
| ssh_hmacs[4]                     | hmac-sha2-512                         |
| default_license_tier             | ENTERPRISE_18                         |
+----------------------------------+---------------------------------------+
[admin:10-152-131-93]: systemconfiguration> proxy_configuration
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> host 10.20.1.1
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> port 3128
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> username admin
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> password admin
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> save
[admin:10-152-131-93]: systemconfiguration> save
+----------------------------------+-------------------------------------------+
| Field                            | Value                                     |
+----------------------------------+-------------------------------------------+
| uuid                             | default                                   |
| dns_configuration                |                                           |
|   server_list[1]                 | 10.10.0.100                               |
|   search_domain                  |                                           |
| ntp_configuration                |                                           |
|   ntp_servers[1]                 |                                           |
|     server                       | 0.us.pool.ntp.org                         |
|   ntp_servers[2]                 |                                           |
|     server                       | 1.us.pool.ntp.org                         |
|   ntp_servers[3]                 |                                           |
|     server                       | 2.us.pool.ntp.org                         |
|   ntp_servers[4]                 |                                           |
|     server                       | 3.us.pool.ntp.org                         |
| portal_configuration             |                                           |
|   enable_https                   | True                                      |
|   redirect_to_https              | True                                      |
|   enable_http                    | True                                      |
|   sslkeyandcertificate_refs[1]   | System-Default-Portal-Cert                |
|   sslkeyandcertificate_refs[2]   | System-Default-Portal-Cert-EC256          |
|   use_uuid_from_input            | False                                     |
|   sslprofile_ref                 | System-Standard-Portal                    |
|   enable_clickjacking_protection | True                                      |
|   allow_basic_authentication     | True                                      |
|   password_strength_check        | False                                     |
|   disable_remote_cli_shell       | False                                     |
| global_tenant_config             |                                           | 
|   tenant_vrf                     | False                                     |
|   se_in_provider_context         | True                                      |
|   tenant_access_to_provider_se   | True                                      |
| email_configuration              |                                           |
|   smtp_type                      | SMTP_LOCAL_HOST                           |
|   from_email                     | admin@avicontroller.net                   |
|   mail_server_name               | localhost                                 |
|   mail_server_port               | 25                                        |
|   disable_tls                    | False                                     |
| docker_mode                      | False                                     |
| snmp_configuration               |                                           |
|   community                      | <sensitive>                               |
|   sys_contact                    | support@avinetworks.com                   |
|   version                        | SNMP_VER2                                 |
| proxy_configuration              |                                           |
|   host                           | 10.20.1.1                                 |
|   port                           | 3128                                      |
|   username                       | admin                                     |
|   password                       | <sensitive>                               |
+----------------------------------+-------------------------------------------+