Oracle Cloud Infrastructure IPAM Support on Avi Vantage

Overview

Starting with release 18.1.3, Avi Vantage supports integration with Oracle Cloud Infrastructure via Linux server cloud. For the integration, Avi Vantage uses the OCI IPAM feature. The following are a few limitations of the Oracle cloud integration with Avi Vantage:

  • Only active/standby high availability mode on Avi Vantage is supported.
  • The IP address of virtual services and SEs should be on the same subnet.
  • Since SEs are in active/standby mode, each SE group can have only two SEs, and both should be on the same subnet.
  • Scale out on Avi Vantage is not supported.

Note: Starting with Avi Vantage 18.2.6, Oracle hierarchical compartments are supported.

Configuring OCI with Avi Vantage

This section covers the following sections:

  • Configuring OCI credentials
  • Configuring OCI IPAM
  • Creating a Linux Server Cloud using OCI IPAM profile
  • Creating a virtual service

Note: The proxy configuration on the Avi Controller is optional. This should be configured when the Avi Controller is placed in a proxy environment.

Configuring OCI Credentials

An OCI user is created using the configure cloudconnectoruser <username> command.

Login to the shell mode of the Avi CLI, execute the configure cloudconnectoruser <username> command, and provide the following details:

  • oci_credentials to enter the mentioned submode
    • user – User OCID
    • key_content – Private key content for signing api (Replace every next line with \n character while copying the key content in quotes)
    • pass_phrase – Pass_phrase for the private key(only if key is encrypted)
    • fingerprint – Fingerprint generated after adding the public key at OCI console

Once the attributes are provided, apply the save command twice to save the changes.


admin@10-0-0-77:~$ shell
Login: admin
Password:

[admin:10-0-0-77]: > configure cloudconnectoruser ocuser
[admin:10-0-0-77]: cloudconnectoruser> oci_credentials
fingerprint   API key with respect to the Public Key                                                                                                                    
key_content   Private Key file (pem file) content                                                                                                                       
pass_phrase   Pass phrase for the key                                                                                                                                   
user          Oracle Cloud  Id for the User                                                                                                                             
[admin:10-0-0-77]: cloudconnectoruser> oci_credentials

Once the required attributes are provided, the output for the show cloudconnectoruser ocuser is as shown below:


admin@10-0-0-77:~$ shell
Login: admin
Password:

[admin:10-0-0-77]: > show cloudconnectoruser ocuser
+-----------------+----------------------------------------------------------------------------------+
| Field           | Value                                                                            |
+-----------------+----------------------------------------------------------------------------------+
| uuid            | cloudconnectoruser-76d0f3a2-0af1-4d9f-aba9-4c590bfcf714                          |
| name            | ocuser                                                                           |
| private_key     | <sensitive>                                                                      |
| public_key      | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDANj6Md4Hpd2jLipbUXW9V9EULhU0rUpZTZYRknQxy |
|                 | SB+FeyEcdyhSIMcf60QRAGEcaBnU8p9eNb+nuTS0Zo+SN8pLuGXzn16Bj5Uni4aqvbx+GQnZnjGoDfmT |
|                 | q7TruMzm23HBc2CWqBG/SnkgkLkg/O5BKJKbMap3T0o6RYRFfJ6VUfY5c7rKkAt4SWMxQYlEQmecmAxu |
|                 | Vz0sDdl3khiluGMKiuhRvTxNwdANTMqgx7kWLwbJ5QKGUuOolCjrxY9ybjUksYA+SZXGo0bCbLBb99pu |
|                 | WmZDq669Lcxi6IHT9970g9YWcrRTSxNKvWux42I11/2E2ChZ6KDmD9B+66RV root@10-0-0-77      |
|                 |                                                                                  |
| oci_credentials |                                                                                  |
|   user          | ocid1.user.oc1..aaaaaaaajrv3bnyvkgqstnjh6dhy7jgbayejmdrxwy4rzxjsklsouox2tuza     |
|   key_content   | <sensitive>                                                                      |
|   fingerprint   | <sensitive>                                                                      |
| tenant_ref      | admin                                                                            |
+-----------------+----------------------------------------------------------------------------------+
[admin:10-0-0-77]: >

Configuring OCI IPAM

Create the IPAM profile using the OCI user created in the previous section. Login to the Avi shell mode, execute the configure ipamdnsproviderprofile <profile name> command, and provide the value for the following attributes:

  • type – Set the value as IPAMDNS_TYPE_OCI
  • oci_profile
    • tenancy $ndash; tenancy OCID
    • region – OCI region name
    • cloud_credentials_ref –The reference to the cloud connector user created in the previous section. Use the tab keystroke to list the users.
    • vcn_compartment_id – compartment OCID of the the VCN
    • vcn_id – VCN OCID
admin@10-0-0-77:~$ shell
Login: admin
Password:
[admin:10-0-0-77]: > configure ipamdnsproviderprofile ocprof
[admin:10-0-0-77]: > configure ipamdnsproviderprofile ocprof2
[admin:10-0-0-77]: ipamdnsproviderprofile> type ipamdns_type_oci
cloud_credentials_ref   Credentials to access oracle cloud                                                                                                              
region                  Region in which Oracle cloud resource resides                                                                                                   
tenancy                 Oracle Cloud Id for tenant aka root compartment                                                                                                 
vcn_compartment_id      Oracle cloud compartment id in which VCN resides                                                                                                
vcn_id                  Virtual Cloud network id where virtual ip will belong                                                                                         

Once the required attributes are provided, the output of the show ipamdnsproviderprofile <profile name> command is as shown below:

[admin:10-0-0-77]: > show  ipamdnsproviderprofile prof1
+-------------------------+----------------------------------------------------------------------------------+
| Field                   | Value                                                                            |
+-------------------------+----------------------------------------------------------------------------------+
| uuid                    | ipamdnsproviderprofile-d67ad96c-8bbf-48ff-ab40-5580621c1c69                      |
| name                    | prof1                                                                            |
| type                    | IPAMDNS_TYPE_OCI                                                                 |
| oci_profile             |                                                                                  |
|   tenancy               | ocid1.tenancy.oc1..aaaaaaaay7s6icq755xqlytpl33i7ysjzzb2kv3vk3itg5ilsxanrzqmsaha  |
|   region                | us-phoenix-1                                                                     |
|   cloud_credentials_ref | ocuser                                                                           |
|   vcn_compartment_id    | ocid1.compartment.oc1..aaaaaaaa5trt72k3smsky7fz27gqlucbfa2lmynshky4hl4r7gom6wcph |
|                         | mrq                                                                              |
|   vcn_id                | ocid1.vcn.oc1.phx.aaaaaaaangx3fookzumnhck3st5obrruwsmxiqgtx2ic7zoharlhwi262gla   |
| allocate_ip_in_vrf      | False                                                                            |
| tenant_ref              | admin                                                                            |
+-------------------------+----------------------------------------------------------------------------------+
[admin:10-0-0-77]: >

Creating a Linux Server Cloud Using OCI IPAM Profile

Create a Linux server cloud, and associate the OCI IPAM profile (prof1) created in the previous section to the cloud configuration.
For configuring a Linux server cloud, refer to Installing Avi Vantage for Linux Server Cloud.

Creating a Virtual Service

Before creating a virtual service, make sure that the active/standby high availability mode must be set for the SE Group in which the virtual service will be placed.
Login to the shell mode for the Avi CLI, execute the configure virtualservice <virtual service name> command, and provide the following attributes::

  • pool_ref – pool name/reference. Use tab for listing the pools.
  • vip – This is used to enter submode
    • auto_allocate_ip – Set the value as true
    • auto_allocate_ip_type – Provide the value as v4_only
    • subnet_uuid: Subnet for the OCID
      Use the Avi REST API mentioned below to get the available subnets in the configured VCN.
      
      https://<controller_ip>/api/networksubnetlist/?include_name&sort=name&auto_allocate_only=true&cloud_uuid=<cloud_uuid>&fip_capable=false&page_size=8&page=1&
      
    • save
  • services
    • port – port number
    • save
  • cloud-ref
  • se-group-ref
[admin:10-0-0-77]: > configure virtualservice vs2
[admin:10-0-0-77]: virtualservice> pool_ref pool1
[admin:10-0-0-77]: virtualservice> vip auto_allocate_ip
auto_allocate_ip            Auto-allocate VIP from the provided subnet.                                                                                                 
auto_allocate_ip_type       Specifies whether to auto-allocate only a V4 address, only a V6 address, or one of each type
[admin:10-0-0-77]: virtualservice> vip auto_allocate_ip
auto_allocate_ip            Auto-allocate VIP from the provided subnet.                                                                                                 
auto_allocate_ip_type       Specifies whether to auto-allocate only a V4 address, only a V6 address, or one of each type
[admin:10-0-0-77]: virtualservice> vip subnet_uuid 
[admin:10-0-0-77]: virtualservice> save
[admin:10-0-0-77]: virtualservice> services port 80
[admin:10-0-0-77]: virtualservice> save
[admin:10-0-0-77]: virtualservice> save

Once the values of all the required attributes are provided and saved, the output for the show virtualservice <virtual service name> is as shown below:

[admin:10-0-0-77]: > show virtualservice vs1
+------------------------------------+----------------------------------------------------------------------------------+
| Field                              | Value                                                                            |
+------------------------------------+----------------------------------------------------------------------------------+
| uuid                               | virtualservice-431ef6ae-4734-4a68-8739-d97592093f90                              |
| name                               | vs1                                                                              |
| enabled                            | True                                                                             |
| services[1]                        |                                                                                  |
|   port                             | 80                                                                               |
|   enable_ssl                       | False                                                                            |
|   port_range_end                   | 80                                                                               |
| application_profile_ref            | System-HTTP                                                                      |
| network_profile_ref                | System-TCP-Proxy                                                                 |
| pool_ref                           | pool1                                                                            |
| se_group_ref                       | Default-Group                                                                    |
| network_security_policy_ref        | vs-vs1-Default-Cloud-ns                                                          |
| analytics_policy                   |                                                                                  |
|   full_client_logs                 |                                                                                  |
|     enabled                        | False                                                                            |
|     duration                       | 0 min                                                                            |
|     all_headers                    | False                                                                            |
|     throttle                       | 10 per_second                                                                    |
|   client_insights                  | NO_INSIGHTS                                                                      |
|   metrics_realtime_update          |                                                                                  |
|     enabled                        | False                                                                            |
|     duration                       | 0 min                                                                            |
|   udf_log_throttle                 | 10 per_second                                                                    |
|   significant_log_throttle         | 10 per_second                                                                    |
|   enabled                          | True                                                                             |
| vrf_context_ref                    | global                                                                           |
| enable_autogw                      | True                                                                             |
| analytics_profile_ref              | System-Analytics-Profile                                                         |
| weight                             | 1                                                                                |
| delay_fairness                     | False                                                                            |
| max_cps_per_client                 | 0                                                                                |
| limit_doser                        | False                                                                            |
| type                               | VS_TYPE_NORMAL                                                                   |
| cloud_type                         | CLOUD_LINUXSERVER                                                                |
| use_bridge_ip_as_vip               | False                                                                            |
| flow_dist                          | LOAD_AWARE                                                                       |
| ign_pool_net_reach                 | False                                                                            |
| ssl_sess_cache_avg_size            | 1024                                                                             |
| remove_listening_port_on_vs_down   | False                                                                            |
| close_client_conn_on_config_update | False                                                                            |
| bulk_sync_kvcache                  | False                                                                            |
| tenant_ref                         | admin                                                                            |
| cloud_ref                          | Default-Cloud                                                                    |
| east_west_placement                | False                                                                            |
| scaleout_ecmp                      | False                                                                            |
| active_standby_se_tag              | ACTIVE_STANDBY_SE_1                                                              |
| flow_label_type                    | NO_LABEL                                                                         |
| vip[1]                             |                                                                                  |
|   vip_id                           | 0                                                                                |
|   ip_address                       | 10.0.0.89                                                                        |
|   enabled                          | True                                                                             |
|   network_ref                      | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
|                                    | a                                                                                |
|   port_uuid                        | ocid1.vnic.oc1.phx.abyhqljsijfqpsfw4rrcm4ddacwlsxatfn45xzghbntwyjzl2ednurevibzq  |
|   subnet_uuid                      | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
|                                    | a                                                                                |
|   subnet                           | 10.0.0.0/24                                                                      |
|   auto_allocate_ip                 | True                                                                             |
|   auto_allocate_floating_ip        | False                                                                            |
|   avi_allocated_vip                | True                                                                             |
|   avi_allocated_fip                | False                                                                            |
|   ipam_network_subnet              |                                                                                  |
|     network_ref                    | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
|                                    | a                                                                                |
|     subnet                         | 10.0.0.0/24                                                                      |
|     subnet_uuid                    | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
|                                    | a                                                                                |
|   auto_allocate_ip_type            | V4_ONLY                                                                          |
| vsvip_ref                          | vsvip-CDvjAK                                                                     |
| use_vip_as_snat                    | False                                                                            |
| traffic_enabled                    | True                                                                             |
+------------------------------------+----------------------------------------------------------------------------------+
[admin:10-0-0-77]: >