Deployment of Avi Service Engines in the First Region

Configuring Tenant on the Avi Controller for the First Workload Domain

Prerequisites

  • Avi Controller cluster is setup.

  • Workload domain is setup.

Procedure to create one Tenant on Avi Vantage for every Workload Domain

The following are the steps to create one tenant on Avi Vantage for every workload domain:

  1. Login to SSH to the Avi Controller via admin@sfo-m01-avic01.sfo.rainpole.io.

  2. Specify the Avi CLI by executing shell –user admin –password xxxx code.

  3. Configure the tenant for the workload domain by executing the following CLI commands:

    
 configure tenant {Workload-Domain} 
 config_settings 
 no se_in_provider_context 
 tenant_vrf 
 save 
 save

Configuring Cloud on the Avi Controller for the First Workload Domain

Prerequisites

  • Avi Controller cluster is setup.

  • Workload domain is setup.

Procedure to create one Cloud on Avi Vantage for every Workload Domain

The following are the steps to create one cloud on Avi Vantage for every workload domain. The cloud is created within the scope of the tenant dedicated for the workload domain.

  1. Navigate to the Avi Controller which has been initialized on your browser via  https://sfo-m01-avic01.sfo.rainpole.io.

  2. Switch to the appropriate tenant by clicking on admin. Select the {Workload-Domain} tenant.

  3. Navigate to Infrastructure > Clouds. Click on Create icon to create a new cloud.

  4. Select No Orchestrator option.

  5. Specify the Name of the cloud as {Workload-Domain}-Cloud.

  6. Click on Next option.

  7. Specify the following details to configure the cloud:
    Setting Value
    Use IPv4 DHCP Select (If using DHCP on the data networks)
    Use IPv6 DHCP Unselect
    Enable VIP Static Routes Unselect
    Prefer Static Routes Unselect

  8. Click on Save.

    You can attach the Default-Group SE Group as a template to the cloud. This will allow new SE Group creation and protect against versioning issues when a single Avi Controller cluster is managing multiple workload domains, each in different versions.

  9. Login to SSH to the Avi Controller via admin@sfo-m01-avic01.sfo.rainpole.io.

  10. Specify the Avi CLI by executing shell --user admin --password xxxx code.

  11. Configure the SE Group template on the cloud by executing the following CLI commands: 
    
switchto tenant {Workload-Domain} 
configure cloud {Workload-Domain}-Cloud 
se_group_template_ref Default-Group 
save

Configuring Service Engine Group on the Avi Controller for the First Workload Domain

Prerequisites

  • Avi Controller cluster is setup.

  • No Orchestrator Cloud for the workload domain is setup.

Procedure to create Service Engine Group on the Avi Controller for the First Workload Domain

The following are the steps to create Service Engine group on the Avi Controller for the first workload domain:

  1. Navigate to the Avi Controller which has been initialized on your browser via https://sfo-m01-avic01.sfo.rainpole.io.

  2. Switch to the appropriate tenant by clicking on admin and selecting the {Workload-Domain} tenant.

  3. Navigate to Infrastructure > Service Engine Group.

  4. Select the appropriate Cloud from the Select Cloud drop-down list and click on Create icon.

  5. Specify the following to configure the Basic Settings of the SE group:
    Setting Value
    Name Name the SE Group
    High Availability Mode Active/Active
    VS Placement across SEs Distributed

  6. Click on Advanced and specify the following details under Advanced HA & Placement window.

    Setting Value
    Buffer Service Engines 0
    Scale Per Virtual Service (Minimum) 2
    Scale Per Virtual Service (Maximum) 4
  7. Click on Save option.

Creating a Content Library for Avi Service Engine OVAs

You can create content library in the workload domain. One Avi no-orchestrator cloud creates one content library to host Avi Service Engine OVAs.

Prerequisites

  • vCenter is setup in the Workload Domain.

Procedure to create a content library in the workload domain:

The following are the steps to create a content library:

  1. Log in to the vCenter server of the corresponding workload domain.

  2. Navigate to Menu > Content Libraries.

  3. Click on + to add a new content library to host Avi Vantage Service Engine OVAs.

  4. Specify the following information in the Name and Location section:
    Setting Value
    Name sfo-w01-avise
    Notes Content Library created to host Avi Service Engine OVAs
    vCenter Server Select vCenter Server for the corresponding {WORKLOAD_DOMAIN}

  5. Click on NEXT button. 

  6. Specify the following details in the Configure content library section:

    Setting Value
    Local content library Select
    Enable publishing Select

  7. Click on NEXT option.

  8. In the Add Storage section, select the vSAN  datastore.

  9. Click on NEXT option.

  10. Review the data and click on FINISH option.

Deploying Avi Service Engine VMs in the first Workload Domain in Region A

The Avi Controllers package includes the Avi Service Engine OVA. All Clouds will share the same Avi Service Engine OVA. The Avi Service Engine version will be same as that of the Avi Controller.

The following are the step to create a new Avi Service Engine:

  1. Identify the Avi Controller which manages the workload domain into which the Avi Service Engines will be created.

  2. Download the Avi Service Engine OVA. This step is required only when you deploy the Avi Service Engine for the first time.

  3. Upload the Avi Service Engine OVA to the Avi Service Engine content library.  This step is required only when you deploy the Avi Service Engine for the first time.

  4. Generate an authentication token for the Avi Service Engine from the cloud.

  5. Deploy an Avi Service Engine VM using the Avi Service Engine OVA.

Prerequisites

  • The Avi Controller cluster is setup.

  • No-Orchestrator cloud for the workload domain is setup.

  • SE Group to host the Service Engine is setup.

  • The content library is created to host the Avi Service Engine OVAs.

Procedure to deploy Avi Service Engine VMs in the first Workload Domain

Avi Service Engines should be associated with the Avi Controller that will be managing the compute workload domain where the Avi Service Engines will be created.

As each compute workload domain is managed by a unique NSX-T instance, and as for every NSX-T instance there will be an Avi Controller cluster created, every compute workload domain would be managed by a unique Avi Controller cluster

Downloading AVI Service Engine OVA

The following are the steps to download Avi Service Engine OVA:

  1. Navigate to the Avi Controller which has been initialized on your browser via  https://sfo-m01-avic01.sfo.rainpole.io.

  2. Switch to the appropriate tenant by clicking on admin option and selecting the {Workload-Domain} tenant.

  3. Navigate to Infrastructure > Cloud and click on the (download) button on the {Workload-Domain}-Cloud object and select OVA. This will generate and download the Avi Service Engine OVA to the admin’s workstation.

  4. The Avi Service Engine image will be downloaded as se.ova. Rename the image from se.ova to Avi-Service-Engine-v18.2.9.ova.

Uploading the Avi Service Engine OVA to the Content Library

The following are the steps to upload the Avi Service Engine OVA to the content library:

  1. Log in to the vCenter Server of the Management domain.

  2. Navigate to Menu > Content Libraries and click on sfo-w01-avise.

  3. In the Templates section, click on Actions and then select Import Item.

  4. Select the Source → Source file from Local file and click on Upload File option.

  5. Select Avi-Service-Engine-v18.2.9.ova and click on Open option.

  6. Specify Destination → Item name as Avi-Service-Engine-v18.2.9.ova.

  7. Click on Import option.

Generating an Authentication Token for the Avi Service Engine from the Cloud

  1. Navigate to the Avi Controller which has been initialized on your browser via  https://sfo-m01-avic01.sfo.rainpole.io.

  2. Switch to the appropriate tenant by clicking on admin and selecting the {Workload-Domain} tenant.

  3. Navigate to Infrastructure > Cloud.

  4. Generate a one-time authentication token by clicking on the key symbol on the {Workload-Domain}-Cloud row to which the Avi Service Engine should be placed in.

  5. Copy the {AVICNTRL_AUTHTOKEN} displayed in a box and keep it handy.

Deploying an Avi Service Engine VM

The following are the steps to deploy Avi Service Engine VM:

  1. Log in to the vCenter Server of the appropriate Workload domain.

  2. Navigate to Menu > Content Libraries and click on sfo-w01-avise.

  3. Navigate to Templates.

  4. Right click on Avi-Service-Engine-v18.2.9.ova and select New VM from this Template….

  5. Specify the Virtual machine name as avi-se-{WORKLOAD_DOMAIN}-{VARIABLE} and select the Workload Domain DC and click on NEXT.

  6. In the Select a compute resource field, select a specific host or a cluster as per requirement and then click on NEXT.

  7. Review the details and click on NEXT.

  8. Specify the following details in the Select Storage section:
    Setting Value
    VM Storage Policy vSAN Default Storage Policy
    Select virtual disk format As defined in the VM storage policy
    Datastore Storage compatible vSAN datastore

  9. Click on Next option.

  10. Choose the port groups for the Avi SE network connections. The Avi SE has ten vNICs. Specify the following details for the source and destination network mapping:
    Setting Value
    IP Address of the Avi Controller IP Address of the Avi Controller
    Authentication token for Avi Controller {AVICNTRL_AUTHTOKEN}
    Management Interface IP Address Specify a static IP address or leave blank if using DHCP
    Management Interface Subnet Mask Enter the network mask if using static IP address
    Default Gateway Enter the default gateway is using static IP address

  11. Click on Next option.

  12. Review the information in the Ready to complete page and click on FINISH icon.

  13. Navigate to the ESXi host where the Avi Service Engine VM is going to be hosted and click on  Summary > Hardware  and record the CPU {base clock speed}. You can use this to reserve CPU.

  14. Navigate to the Avi Service Engine VM Summary page and click on ACTIONS → Edit Settings icon. 

  15. Set the appropriate number of vCPUs, memory and disk for the Avi Service Engine VM.

    Setting Value
    CPU Set the appropriate vCPUs; set reservation to # vCPUs*{base clock speed}
    Memory Set the appropriate Memory; set reservation equal to the memory allocated for this VM
    Hard disk 1 Increase the disk size to what is desired in accordance with the Avi Service Engine sizing guide
    Network adapters Connect all used network adapters and disconnect all unused network adapters

  16. Click on OK.

  17. Click on ACTIONS > Power > Power On to power on the VM.

  18. Note down the MAC address ↔ Port Group mapping details. You can use this to configure the IP addresses on the data networks of the Avi Service Engine from the Avi Controller.

Configuring Avi Service Engines in the first Workload Domain in Region A

As Avi Controllers do not have access to the vCenter Server in No-Orchestrator cloud mode, Avi Service Engines spawned in such a cloud needs to be manually configured.

Prerequisites

  1. Tenant for the Workload domain is setup.

  2. No-Orchestrator cloud for the workload domain is setup.

  3. SE Group to host the Service Engine is setup.

  4. Default-Group SE group does not have any applications (Virtual Services).

  5. Avi Service Engine VM is deployed and powered on from vCenter Server.

  6. DHCP for data networks is not configured in the cloud or is not available for particular data networks that are used on this Avi Service Engine VM.

Procedure to create Avi Service Engine in first Workload Domain

The following are the steps to create Avi Service Engine in first workload domain:

  1. Navigate to the Avi Controller which has been initialized on your browser via  https://sfo-m01-avic01.sfo.rainpole.io.

  2. Switch to the appropriate tenant by clicking on admin and selecting {Workload-Domain} tenant.

  3. Navigate to Infrastructure > Service Engine.

  4. Select the appropriate {Workload-Domain}-Cloud from the Select Cloud drop-down list.

  5. The Avi Service Engine object with name equal to the management IP of the VM will show up. You need to wait for the Status to change to Up.

  6. Click on the Pencil icon to configure the data networks IPs and define the SE Group for this Avi Service Engine.

  7. From the SE Group drop-down, select the desired SE Group for the Avi Service Engine.

  8. Use the MAC address ↔ Port Group mapping captured during the Avi Service Engine deployment stage and configure the intended IPv4 and/or IPv6 IPs for the corresponding interfaces.

  9. Click on Save option.

Note:  The Avi Service Engine’s services will restart as moving the SE Groups causes the status to reinitialize.

Creating an Anti-affinity Rule for Avi Service Engines in the first Workload Domain in Region A

You can create Anti-affinity VM or host rule to keep Avi Service Engines VMs distributed on the available ESXi hosts.

Prerequisites

  • vCenter is setup in the workload domain.

  • The cluster where Avi Service Engine VMs will be deployed is configured.

  • At least 1 Avi Service Engine VM is deployed and configured.

Procedure to create an Anti-affinity Rule

The following are the steps to create an anti-affinity rules:

  1. Log in to the vCenter server of the corresponding workload domain.

  2. Navigate to the vCenter cluster configuration where the Avi Service Engine VMs are going to be deployed vCenter > DataCenter > Cluster > Configure.

  3. Under the VM/Host rules, click on + icon to add a new VM/Host rules to create an anti-affinity rule for Avi Service Engine VMs.

  4. Specify the following information in the Create VM/Host Rule section.

    Setting Value
    Name sfo-w01-avise
    Type Separate Virtual Machines

  5. Click on + to add the Avi Service Engine .

  6. Search for Avi Service Engine VMs by entering sfo-w01-avise in the search filter.

  7. Click on OK to add the Avi Service Engine VMs to the rule.

  8. Click on OK button to save the configuration.

Note: You need to add a new Avi Service Engine VMs to this rule.

Creating VM Override Rules for Avi Service Engine VMs in the Workload Domain in Region A

VM Override rules are programmed for the Avi Service Engine VMs to guarantee priority recovery.

Prerequisites

  • Avi Service Engine VMs are deployed in the first workload domain in Region A.

Procedure to create VM Override Rules for Avi Service Engine VMS in the Workload Domain

The following are the steps to create VM override rules for Avi Service Engine VMs in the Workload Domain:

  1. Log in to the vCenter Server of the first compute Workload Domain.

  2. Navigate to the cluster where Avi Service Engine VMs are hosted and click on Configure > VM Overrides.

  3. Click on + to add a new VM Override rule.

  4. Select the Avi Service Engine VMs from the list and click on Next.

  5. Specify the following information in the Add VM Override section.
    Setting Value
    VM Restart Priority Select override and set to ‘High’
    Host isolation response Select override and set to Disabled
  6. Click on FINISH.
Previous Page
Next Page