Parallel to NSX Edge Using Avi Vantage for North-South and East-West Load Balancing

Note: Starting with Avi Vantage 20.1.3, support for NSX-V full access is deprecated, and the support for NSX-V full access will be removed in the upcoming releases. It is recommended to:

In this topology the Avi SE is installed parallel to NSX Edge. Physically, the Avi SE gets deployed on any of the ESXi hosts on the edge rack. Though it is similar to topology 1, this topology is popular on layer 3 physical fabrics, such as spine-leaf. It also works on Layer 2 physical fabrics.

Logical and Physical View

Logically, the Avi SE(s) is(are) installed parallel to NSX Edge. The SEs may be deployed in elastic HA (active/active or N+M buffer) or legacy HA (active/standby) mode. The SE connects to the External network (non-encapsulated), Web-tier-01 VXLAN (encapsulated), and App-tier-01 VXLAN (encapsulated). The Web VIP is on the External network and the app VIP is on the web-tier-01. Traffic is SNATed by the SE. The default gateway for the web, app and DBMS servers  is DLR.

Logical View, Parallel to NSX Edge Using Avi for N-S Load Balancing Logical View, Parallel to NSX Edge Using Avi for North-South Load Balancing

 

Following the recommended design (refer to VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0), the recommendation is to configure the SE group properties to physically deploy the SEs in the Edge racks where external network is available.

 

Physical View, Parallel to NSX Edge Using Avi for N/S and E/W LB Physical View, Parallel to NSX Edge Using Avi for North-South and East-West LB

Avi Configuration

To deploy SEs for this topology, configure Avi as follows:

SE Group configuration:

  • Navigate to Infrastructure → Service Engine Group and edit the Default Group.
  • On Advanced tab, set “Host Scope Service Engine within” to Cluster.
  • Under Cluster select “Include” and select the edge cluster to deploy the SEs.

Screen Shot 2017-01-17 at 10.06.45 AM

Traffic Flows

North-South Traffic Flow

Logical traffic flows are:

  • Client → Web VIP on Avi SE
  • Avi SE → Web server

 

Logical View, North-South Traffic Flow Logical View, North-South Traffic Flow

Physical traffic flows are:

  • Client on External network → the ESXi hosting the SE → SE VM
  • SE VM → VXLAN on ESXi kernel hosting the SE → ESXi kernel hosting the web VM
  • ESXi kernel hosting the Web VM → Web VM
Physical View, North-South Traffic Flow Physical View, North-South Traffic Flow

East-West Traffic Flow

Logical traffic flows are as follows:

  • Web VM → app VIP on the Avi SE
  • Avi SE → app server
Logical View, East-West Traffic Flow Logical View, East-West Traffic Flow

 

Physical traffic flows are:

  • Web VM → VXLAN on the ESXi kernel hosting the Web VM
  • ESXi kernel hosting the Web VM → ESXi hosting the SE → SE VM
  • SE → VXLAN on ESXi kernel hosting the SE → ESXi kernel hosting the app VM

 

Physical View, East-West Traffic Flow Physical View, East-West Traffic Flow

South-North Traffic Flow

Logical traffic flows originating from the servers:

  • Server VM → DLR → Edge → External network

 

Logical View, South-North Traffic Flow Logical View, South-North Traffic Flow

 

Physical traffic flows originating from the servers are:

  • From ESXi hosting the web/app/DBMS server → ESXi hosting the Edge → External Note: DLR is not a step since it is distributed and done here in the ESXi hosting the web/app/DBMS kernel.

 

Physical View, South-North Traffic Flow Physical View, South-North Traffic Flow

VIP requirements

  • Web-VIP requires SNAT
  • App-VIP requires SNAT