Top of DLR with Avi Vantage for no SNAT for Web Tier

Note: Starting with Avi Vantage 20.1.3, support for NSX-V full access is deprecated, and the support for NSX-V full access will be removed in the upcoming releases. It is recommended to:

• Migrate to Avi’s NSX-T integration
• In case NSX-V support is still required, it is recommended to configure Avi with a no-orchestrator cloud.

In this topology the Avi SE is installed on top of NSX DLR. Physically, the Avi SE gets deployed on the ESXi on the Edge rack. This topology is popular on layer 3 physical fabrics, such as spine-leaf. The feature for this topology will be completely supported in future Avi Vantage releases.

Logical and Physical View

Logically, the Avi SE is installed on top of NSX DLR. The SEs must be deployed in legacy HA (active/standby) mode. The SE connects to the External network (non-encapsulated) for front-end and Web-tier-01 VXLAN (encapsulated) for back-end. The default gateway for web, application and DBMS servers is DLR. The default gateway for DLR is a floating IP address on the SE in the Transit network. See IP Routing on Avi SE feature for more details. In this case the client IP is preserved.

 

Logical View, Parallel to NSX Edge Using Avi for North-South Load Balancing

 

Following the recommendation (refer to VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0), configure the SE group properties to physically deploy the SEs in the Edge racks where External network is available.

 

Physical View, Parallel to NSX Edge Using Avi for North-South Load Balancing

Traffic Flows

North-South Traffic Flow

Logical Traffic flows are:

• Client → Web VIP on Avi SE
• Avi SE → Web server via DLR

 

Logical View, North-South Traffic Flow

Physical traffic flows are as follows:

• Client on External network → ESXi hosting the SE → SE VM
• SE VM → VXLAN on ESXi kernel hosting the SE → ESXi kernel hosting the web VM
• ESXi kernel hosting the web VM → web VM

 

Physical View, North-South Traffic Flow

South-North Traffic Flow

Logical traffic flows originating from the servers:

• Server VM → DLR
• DLR → SE
• SE → External network

Logical View, South-North Traffic Flow

 

Physical traffic flows originating from the servers are:

• ESXi hosting the web/app/DBMS server → ESXi hosting the SE Note: DLR is not a step since it is distributed and done here in the ESXi hosting the web/app/DBMS kernel.
• From SE → External network

 

Physical View, South-North Traffic Flow

VIP requirements

• No SNAT is required.

Additional Information

• For more information on installing Avi Vantage on VMware with NSX, refer to refer to Installing Avi Vantage on VMware with NSX.

• Parallel to NSX Edge Using Avi Vantage for North-South Load Balancing

• Parallel to DLR using VXLAN or VLANs with Avi Vantage for East-West Load Balancing

• Parallel to NSX Edge Using VXLAN Overlays with Avi Vantage for both North-South and East-West Load Balancing Using Transit-Net

• Parallel to NSX Edge Using Avi Vantage for North-South and East-West Load Balancing