Top of DLR with Avi Vantage for no SNAT for Web Tier
Note: Starting with Avi Vantage 20.1.3, support for NSX-V full access is deprecated, and the support for NSX-V full access will be removed in the upcoming releases. It is recommended to:
- Migrate to Avi’s NSX-T integration
- In case NSX-V support is still required, it is recommended to configure Avi with a no-orchestrator cloud.
In this topology the Avi SE is installed on top of NSX DLR. Physically, the Avi SE gets deployed on the ESXi on the Edge rack. This topology is popular on layer 3 physical fabrics, such as spine-leaf. The feature for this topology will be completely supported in future Avi Vantage releases.
Logically, the Avi SE is installed on top of NSX DLR. The SEs must be deployed in legacy HA (active/standby) mode. The SE connects to the External network (non-encapsulated) for front-end and Web-tier-01 VXLAN (encapsulated) for back-end. The default gateway for web, application and DBMS servers is DLR. The default gateway for DLR is a floating IP address on the SE in the Transit network. See IP Routing on Avi SE feature for more details. In this case the client IP is preserved.
Following the recommendation (refer to VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0), configure the SE group properties to physically deploy the SEs in the Edge racks where External network is available.
North-South Traffic Flow
Logical Traffic flows are:
- Client → Web VIP on Avi SE
- Avi SE → Web server via DLR
Physical traffic flows are as follows:
- Client on External network → ESXi hosting the SE → SE VM
- SE VM → VXLAN on ESXi kernel hosting the SE → ESXi kernel hosting the web VM
- ESXi kernel hosting the web VM → web VM
South-North Traffic Flow
Logical traffic flows originating from the servers:
- Server VM → DLR
- DLR → SE
- SE → External network
Physical traffic flows originating from the servers are:
- ESXi hosting the web/app/DBMS server → ESXi hosting the SE Note: DLR is not a step since it is distributed and done here in the ESXi hosting the web/app/DBMS kernel.
- From SE → External network
- No SNAT is required.
For more information on installing Avi Vantage on VMware with NSX, refer to refer to Installing Avi Vantage on VMware with NSX.