Installing Avi Vantage for VMware vCenter

Overview

This guide explains how to integrate Avi Vantage into a VMware vCenter cloud. A single Avi Controller cluster supports multiple concurrent vCenter clouds.

Avi Vantage is a software-based solution that provides real-time analytics and elastic application delivery services. Avi Vantage optimizes core web functions, including SSL termination and load balancing.

Note: Starting with NSX Advanced Load Balancer version 22.1.1, network objects in NSX Advanced Load Balancer now sync with the name of the associated port group in vCenter. Previously, changing name of the port group and name of the network in NSX Advanced Load Balancer was independent of each other.

Points to Consider

  • Write access is the recommended deployment mode. It is the quickest and easiest way to deploy and offers the highest levels of automation between Avi Vantage and vCenter.
  • After completing the deployment process, click here for more information on creating virtual services.
  • Avi Vantage can be deployed with a VMware cloud in either no access, or write access mode. Each mode is associated with different functionality and automation, and also requires different levels of privileges for Avi Controller within VMware vCenter. For complete information, refer to Avi Vantage Interaction with vCenter.
  • The Avi Vantage administrator needs to download only one Service Engine image for each type of image needed (ova/qcow2/docker). The same Service Engine image can be then used to deploy Service Engines in any tenant and cloud configured in the system. For more information, refer to Manually Deploy Service Engines in Non-Default Tenant/Cloud.
  • It is recommended to use the built-in Virtual Service Migration functionality.

Integrating Avi Vantage with vCenter

Avi Vantage runs on virtual machines (VMs) managed by VMware vCenter. When deployed into a vCenter-managed VMware cloud, Avi Vantage performs as a fully distributed, virtualized system consisting of the Avi Controller and Avi Service Engines each running as a VM.

vmware-deploy1

The Avi Vantage Platform is built on software-defined architectural principles which separate the data plane and control plane. The product components include:

  • Avi Controller (control plane) The Avi Controller stores and manages all policies related to services and management. Through vCenter, the Avi Controller discovers VMs, data centers, networks, and hosts. Based on this auto-discovered information, virtual services can quickly be added using the web interface. To deploy a virtual service, the Avi Controller automatically selects an ESX server, spins up an Avi SE (described below), and connects it to the correct networks (port groups).

Note: Avi Controllers need access to the desired ESXi hosts (over port 443) to allow the Avi Controller-to-vCenter communication.

The Avi Controller can be deployed as a single VM or as a high availability cluster of 3 Avi Controller instances, each running on a separate VM.

  • Avi Service Engines (data plane) Each Avi Service Engine runs on its own virtual machine. The Avi SEs provide the application delivery services to end-user traffic, and also collect real-time end-to-end metrics for traffic between end-users and applications.

vCenter Integration Enhancements in 22.1.1

The Avi vCenter integration has been enhanced in 22.1.1 to,

Deployment Prerequisites

Virtual Machine Requirements

Refer to the Hardware Requirements document for the minimum hardware requirements required to install Avi Controller and Service Engines.

Avi Controller can also be deployed as a three-node cluster for redundancy. A separate VM is required for each of the three Avi Controller nodes. However, the requirements for each VM would remain the same. Refer to Overview of Avi Vantage High Availability for more information on High Availability. Ensure that the ESX host has the required physical resources. Service Engine creation will fail in the absence of these resources.

Note:

For optimal performance, Avi recommends that the Controller VM vCPU and Memory be reserved in vCenter.

Service Engine VM requirements

The following are the Service Engine VM requirements:

Requirement Description
RAM Add 1 GB of RAM to the SE configuration for each additional vCPU
CPU socket affinity Select this option for SEs within their group to allocate vCPU core to the same CPU socket as that of the multi-socket CPU
Dedicated dispatcher CPU Select this option for SEs within their group to dedicate a single CPU thread to dispatch data flows to other vCPU threads. This is relevant for SEs with three or more CPUs.
Disk Set the disk value to a minimum of (2*RAM_size) + 5 GB to ensure atleast 15GB.

For more details on the Service Engine VM requirements, refer to Service Engine Capacity and Limit Settings.

Note:

For optimal performance, Avi recommends that the Service Engine VM vCPU and Memory be reserved in vCenter.

Software Requirements

For further details on system requirements, refer to Ecosystem Support guide.

The Avi Controller OVA contains the images files for the Avi Controller and Avi SEs.

VMware vCenter credentials are required for write access mode deployment.

Note: In a single Controller cluster, if you need to have both vCenter and NSX-T cloud types, then it is recommended to have a dedicated content library for vCenter and NSX-T clouds respectively.

IP Address Requirements

The Avi Controller requires one management IP address. Administrative commands are configured on the Controller by accessing it using this IP address. The management IP address is also used by the Controller to communicate with other Service Engines. This IP address for all Controllers within a cluster should belong to the same subnet. For more information, refer to the Controller Cluster IP document.

Each Avi Service Engine require one management IP address, a virtual service IP address, and an IP address that faces the pool network.

For quick deployments, DHCP is recommended over static assignment for Avi SE management and the pool network IP address allocation.

Note: Use a static IP for Avi Controller management address, unless your DHCP server can preserve the assigned IP address permanently.

The virtual service IP address is provided as input while creating the load balancing application. You can automate the virtual service IP address allocation by integrating it with an IPAM service. For more information, refer to IPAM and DNS Support.

Avi Vantage load balances the traffic with VIP address:port as its destination across the members (servers) within the pool.

Changing vCenter IP in existing vCenter Cloud

Note: You can change the Vcenter IP by setting the Cloud to No access.

The following are the steps to change vCenter IP in existing vCenter cloud on NSX Advanced Load Balancer:

  1. Disable the virtual services. When you disable the virtual service, the SEs are getting idle. Hence, you need to delete the same before the Cloud is set to No access.
  2. Delete the old vCenter configuration in the Cloud, by setting the Cloud to No Access from GUI.
  3. Configure the new vCenter in the same Cloud.
  4. Modify the SE group/ Network objects to the new Cloud.
  5. Enable the virtual service.

Note: If virtual service/ pool has placement networks then you need to point it to the new network object. You can check this in the virtual service or from avi_config file in show techsupport.

If virtual service/ Pool has placement networks then you need to go to each virtual service/ pool and change it after the new cloud comes up.

vCenter Account Requirements

During the initial Controller setup, a vCenter account must be entered to allow communication between the Controller and the vCenter. The vCenter account must have the privileges to create new folders in the vCenter. This is required for Service Engine creation, which then allows virtual service placement.

For complete information on VMware user role and privileges, refer to VMware User Role for Avi Vantage.

Modes of Deployment

Depending on the level of vCenter access provided, Avi Vantage can be deployed in a VMware cloud in the following modes:

  • Write access mode – This mode requires a vCenter user account with write privileges. Avi Controller automatically spins up Avi Service Engines as needed, and accesses vCenter to discover information about the networks and VMs.
  • No access mode – Avi Controller does not access vCenter. The Avi Vantage and vCenter administrator manually deploy Avi Service Engines, define networks and interface IP addresses, and map the Service Engines to the correct networks.

Note: IPv6 is supported for VMware vCenter in Avi Vantage.

Deploying Avi Vantage in Write Access Mode

Follow the steps given below to deploy Avi Vantage in a vCenter managed VMware cloud in write access mode:

  1. Deploying Avi Controller OVA
  2. Performing the Avi Controller initial setup
  3. (For static IP assignment) Configuring IP address pools
  4. Verifying Installation

Note: It is mandatory for No Access clouds on vCenter environments, that the AVISETYPE ovf parameter contains NETWORK_ADMIN,AVICLOUD_UUID: <cloud-uuid> in a scenario where a write access cloud is also pointing to the same vCenter.

Deploying Avi Controller OVA in Write Access

Log into the vCenter server through a vCenter client. Use the client to deploy Avi Controller OVA file by following the steps mentioned below:

  1. Click on File in the top menu and choose Deploy OVF Template.
  2. Follow the Deploy OVA Template wizard instructions:
    • Choose Thick Provision Lazy Zeroed for disk format.
    • Choose a port group for Destination Networks in Network Mapping. This port group will be used by the Avi Controller to communicate with vCenter.
    • Specify the management IP address and default gateway. In the case of DHCP, leave this field empty.
  3. Power on the VM.

Note: After you install the OVA and before you power the Controllers on, edit the hardware resources and change the CPU, memory and disk to the minimum recommended values for production. Refer to Controller Sizing guide for more details.

Performing the Avi Controller Initial setup

You can change or customize settings following initial deployment using the Avi Controller’s web interface.

Navigate to the Avi Controller on your browser.

Note: While the system is booting up, a blank web page or a 503 status code may appear. Wait for about 5 to 10 minutes and then follow the instructions below:

Step 1: Configure the basic system settings:

  • Administrator account

    controller-setup-1-create-admin-account

  • DNS and NTP server information

    controller-setup-2-configure-system-settings

  • Email or SMTP information

    controller-setup-3-email-smtp

  • Multi tenant information

    controller-setup-4-multi-tenancy


After specifying the necessary details, click Save. The Controller window will be displayed.

Step 2: Configure the VMware vCenter/vSphere ESX cloud by selecting that option in Create drop-down list.

vcenter-cloud-create-1-cloud-page

  • Specify the name of the cloud and enable DHCP checkbox accordingly.

    vcenter-cloud-create-2-configure-cloud-name

  • Configure vCenter credentials. Specify the necessary details and click Connect and then specify the data center value.

    vcenter-cloud-create-3-configure-vcenter-credentials-1

  • Select the content library checkbox and click SAVE & RELAUNCH.

    vcenter-cloud-create-5-configure-content-library

  • The Management Network will be enabled after saving and relaunching. Specify the Management Network details. You can also provide the IPAM and DNS details as per configuration requirements. Click Save.

    vcenter-cloud-create-6-configure-management-network

Step 3: vCenter Cloud Configuration

  • Navigate to Infrastructure > Clouds to configure VMware vCenter/vSphere ESX cloud. Click Create and follow the steps accordingly.

    One vNIC out of the 10 Avi Service Engine vNIC is for management network connection. The other 9 vNICs are data vNICs.

    Prior to NSX Advanced Load Balancer version 22.1.1, a dummy Avi Internal port group was utilized for attaching the unused data vNICs referred to as parking vNIC. Starting with NSX Advanced Load Balancer version 22.1.1, for a new Service Engine deployed, the nine data vNICs will also be attached to the management port-group (Network) in the disconnected state. Avi Internal port-group will not be used for new Service Engines. The Service Engines upgraded from earlier versions to 22.1.1 will still retain the Avi Internal port-group, but post any vNIC update (removal/additional), the updated vNIC will be attached to the NSX Advanced Load Balancer SE management port-group (Network).

    You need to plan and ensure to have appropriate number of unused ports in the Port-group allocated as Service Engine Management Network starting with NSX Advanced Load Balancer version 22.1.1.

    For IP allocation method, enter a subnet address and a range of host addresses within the subnet, in the case of static address assignment. Avi Vantage will assign addresses from this range to the Avi Service Engine data interfaces.

If the management and pool networks use DHCP, the deployment procedure is complete with this step. In case of static IP address allocation, you need to configure an IP address pool.

Verifying the Configuration

To verify the installation, navigate to Infrastructure > Clouds and click on Default-Clouds. Click on the Status button. If the status is green, then the installation is a success.

vcenter-cloud-verify

Controller and VMware Communication

The Avi Controller must be able to communicate with vCenter and all ESX hosts that contribute to the deployment. If the communication fails, then the Avi Controller will not be able to spawn Service Engines.

Similarly, if the ESX hosts have DNS names, then the Avi Controller must point to the DNS server used by the ESX hosts to avoid the names resolving to different IP addresses.

Deploying Avi Vantage in No Access Mode

In no access mode,

  • The Controller does not access vCenter and does not automatically deploy Avi SEs or connect them to the networks.
  • The SE deployment and network placement are performed by Avi Vantage and vCenter administrators.
  • The Controller does not provide the VM properties of the SE VM analytics. However, it continues to provide virtual service analytics.
  • vCenter’s OVF property Controller cluster UUID for Avi Controller must be set.

vCenterOVFSetting

Follow the steps given below to deploy Avi Vantage in a vCenter managed VMware cloud in no access mode:

  1. Deploying Avi Controller OVA
  2. Performing initial Avi Controller setup
  3. Installing Avi Service Engine
  4. Downloading Avi Service Engine on OVA
  5. Deploying Avi Service Engine OVA file
  6. (For no access mode) Configuring Service Engine interfaces
  7. (For static IP assignment) Configuring IP address pools for networks

Deploying Avi Controller OVA in No Access Mode

Log into the vCenter server through a vCenter client. Use the client to deploy Avi Controller OVA file by following the steps mentioned below:

  1. Click on File in the top menu and choose Deploy OVF Template.
  2. Follow the Deploy OVA Template wizard instructions:
    • Choose Thick Provision Lazy Zeroed for disk format.
    • Choose a port group for Destination Networks in Network Mapping.
      This port group will be used by the Avi Controller to communicate with vCenter.
    • Specify the management IP address and default gateway. In the case of DHCP, leave this field empty.
  3. Power on the VM.

Note: After you install the OVA and before you power the Controllers ON, edit the hardware resources and change the CPU, memory, and disk to the minimum recommended values for production. Refer to Avi Controller Sizing for more details.

Performing the Avi Controller Initial Setup

You can change or customize settings following initial deployment using the Avi Controller’s web interface.

Navigate to the Avi Controller on your browser.

Note: While the system is booting up, a blank web page or a 503 status code may appear. Wait for about 5 to 10 minutes and then follow the instructions below for the setup wizard.

The steps are similar to the ones mentioned for write access in the above section.

In the cloud setup, navigate to Infrastructure > Clouds. Click Create and select No Orchestrator option from the drop-down list.

Follow the similar steps mentioned in the above section for write access.

  1. To verify vCenter resources discovery by Avi Controller, navigate to Administration > Settings > Infrastructure. The discovery status should be 100% complete.

If the management and pool networks use DHCP, then the deployment procedure is complete. If static address allocation is used, then an additional step as explained at Configuring IP address pools for networks is required.

Installing Avi Service Engine

Service Engine installation in write access mode is automatic. Download and deploy the Avi Service Engine to install it.

Downloading Avi Service Engine on OVA

The OVA image file for Service Engines is embedded in the Avi Controller image. The Avi SE OVA image can be downloaded using the web interface or the API.

  • Using the web interface – Navigate to Infrastructure > Cloud, click on the button (as shown in the screenshot below) and select se.ova to download the OVA image.

no-access-cloud-4-download-se-ova

  • Using the API – Navigate to http://avi-ctrl-ip/api/fileservice/seova, where avi-ctrl-ip is the IP address of the Avi Controller.

Deploying Avi Service Engine OVA file

Note: For high availability, use a minimum of two Avi Service Engines for deployment.

  1. In vCenter, click on File in the top menu and choose Deploy OVF Template.

  2. Follow the Deploy OVA Template wizard instructions:
    • Choose Thick Provision Lazy Zeroed for disk format.

    • Choose the port groups for the Avi SE network connections. The Avi SE has ten vNICs. Connect the first vNIC to the management network. Connect the other vNICs to the respective data network.

    • For the management connection, choose a port group that will allow the Avi SEs to communicate with the Avi Controller. An Avi SE can be connected to up to nine data networks. Choose a port group in the destination networks for each source network, where you can host the virtual services and pools. The Avi Controller expects the Avi SE’s data vNICs to be connected to virtual service and pool networks.

    • Specify the Avi Controller IP address.

    • Enter the Avi Controller’s authentication token key:
      1. Log into Avi Controller.
      2. Navigate to Infrastructure > Cloud
      3. Click on the key icon to view the authentication token key.
      4. Copy the authentication token.
      5. Paste the authentication token key into the Authentication Token for Avi field.
    • Specify the management IP address and default gateway. In the case of DHCP, leave this field empty.
  3. In the VM properties menu, connect the Avi SE data vNICs that are required to reach a virtual service network and pool network to the port groups. Leave the unused vNICs disconnected.

  4. (For no access mode only) Note down the following information:
    • MAC address of the vNICs
    • IP subnet of the port group

    This information will be used to identify the Avi SE interfaces, as the Controller does not have access to vCenter and so cannot associate the Avi SE’s interface names with VMware’s interface names.

    no-access-se-deployment-1-configure-networks

  5. Power on the VM.

Repeat the above steps for at least one more Service Engine. By default, two Avi SEs are required for deploying a virtual service.

Configuring Avi Service Engine Interfaces

Note: This step is applicable only for no access mode.

Avi Service Engine requires an IP address in each of the virtual service networks and server networks. This process is automatic in write access mode. For no access mode, follow the steps below:

  1. On Avi UI, navigate to Infrastructure > Cloud Resources > Service Engine, and select the Avi SE that was deployed in the previous section.
  2. Find the interface that matches the list of MAC addresses that were noted down during the Avi SE deployment.
  3. Enable the DHCP option for the interface, if it is available. Otherwise, provide a static IP address as explained in the next section.

Repeat the above steps for all connected interfaces of the virtual service and server networks.

vmware-deploy10

Starting with Avi Vantage release 18.1.2, IPv6 addressing is supported for Service Engine interfaces. The following screenshot displays an example of configuring the interfaces with both IPv4 and IPv6 addresses.

ipv4-v6-se-interfaces

Configuring IP address pools

Note: This section is applicable only for static IP address allocation.

Each Avi SE deployed in a VMware cloud has 10 vNICs. The first vNIC is the management vNIC using which the Avi SE communicates with the Avi Controller. The other vNICs are data vNICs and are used for end-user traffic.

After spinning up an Avi SE, the Avi Controller connects the Avi SE’s management vNIC to the management network specified during initial configuration. The Avi Controller then connects the data vNICs to virtual service networks according to the IP and pool configuration of the virtual services.

The Avi Controller builds a table that maps port groups to IP subnets. With this table, the Avi Controller connects Avi SE data vNICs to port groups that match virtual service networks and pools.

After a data vNIC is connected to a port group, it needs to be assigned an IP address. For static allocation, assign a range of IP addresses to the applicable port group. The Avi Controller selects an IP address from the specified range and adds the address to the data vNIC connected to the port group.

Configure IP address pools for networks hosting Avi Service Engines by following the steps mentioned below:

  1. Navigate to Infrastructure > Clouds > Default-Cloud. Click on edit icon. Select Network tab in Default Cloud window.

    networks tab

  2. Find a port group and IP subnet on which the DHCP service is not available.
  3. Select the port group by clicking on the edit icon.
  4. Select Static under Network IP Address Management.
  5. Select the IP Subnet by clicking on the edit icon.
  6. Enter the static IP address or the range of IP addresses.

vmware-deploy5

Considerations for vCenter Cloud while upgrading from prior releases to 22.1.1

  1. vCenter Read Access mode is not supported starting with NSX Advanced Load Balancer 22.1.1. The deprecation was announced in 21.1.3 Release Notes. Any upgrade to 22.1.1 with vCenter Read Access mode cloud configuration will fail and get rolled back.

  2. The Service Engine management network (Port-group) needs to be provisioned with required free ports as per the planned number of Service Engines multiplied by 10. For instance, if the administrator plans to deploy 50 Service Engines, then the management network/ port-group allocated from Avi Service Engine should have at least 500 unused ports (50 Service Engines * vNICs per Service Engine).

    Note: Avi Internal Port group is not used starting with NSX Advanced Load Balancer 22.1.1. The upgraded Service Engines from prior release will retain the vNICs attached to Avi Internal Port-group but any vNIC updated later will start using the Service Engine management network/ port-group.

  3. Starting with NSX Advanced Load Balancer 22.1.1, the vCenter cloud configuration has a new option use_content_lib to utilize the content library for storing the Service Engine ova instead of storing on respective ESXi host. Post upgrade to 22.1.1 version, for new Service Engine deployment, you can configure the content library as part of vCenter cloud configuration. Once this option is configured, it cannot be disabled.

  4. Starting with NSX Advanced Load Balancer 22.1.1, the existing vCenter APIs and CLIs are modified. Refer to vCenter Cloud API CLI guide.

Additional Information

Document Revision History

Date Change Summary
April 02, 2019 Added note on vCPU and memory reservation
July 15, 2022 Revamped the entire KB, along with removing Read Access details for 22.1.1