NSX Advanced Load Balancer Linux Server Cloud deployment on native-VPC IBM Cloud

Overview

This guide explains the deployment details of NSX Advanced Load Balancer LSC on native-VPC IBM cloud.

The IBM marketplace has an NSX-ALB offering that uses Terraform to deploy a single Controller. However, you can deploy 3 of these in order to form a cluster, but in different AZs. Due to the different subnets in these AZs, you cannot use a floating IP for the cluster, similar to other public clouds.

The following are the limitations of IBM:

  • IBM only allows a single IP address per interface
  • IBM cloud VPC static routes can have up to two destinations but does not check to see if destination is available.

Because of the limitations of the cloud, you cannot use the traditional Avi methods of SE group HA. You need to reply on GSLB for application redundancy. The SE deployment will be done using Linux Server Cloud.

Prerequisites

The following are the base requirements per availability zone:

  • One subnet dedicated for SEs (configured in IBM cloud)

  • One virtual subnet that will be routed to the SE’s data NIC

  • One Linux VM deployed with Docker enabled. Refer to Ecosystem Support guide for more details.

  • You need to ensure that the base OS for both the Controllers and the Services Engines is kept

You should scale the Service Engines vertically since elastic HA is not possible in this environment. Refer to Sizing Service Engines guide for more information.

NSX Advanced Load Balancer Configuration

Configuring Cloud Connector

Once these requirements are deployed, you can configure a Linux Server Cloud in the Avi Controller, as shown below:

SE Group

A deployment needs to have an SE group dedicated to the VIP subnet you are using for the availability zone. This SEG should have buffer SE set to 0 and configured via CLI to set max_se to 1.

Configuring Network Object

You need to configure a network object for your VIP subnet that has a static IP address range.

Configuring IPAM

For a single cloud, you can use one IPAM template to deploy VIPs in any of the 3 AZs by configuring the IPAM template with all 3 network objects created.

Configuring Virtual Service

While configuring a virtual service, it is critical that the allocation IP range, SEG, and placement network are all configured correctly for the AZ you are deploying to.


You should configure Placement IPv4 Subnet field with the subnet and mask of the SE’s data NIC.

Configuring IBM Cloud Infrastructure

For traffic targeting the Avi VIPs, the static routes in the VPC route table will be utilized. There are two route tables in IBM cloud VPCs, such as, an ingress and an egress route table. Egress route tables will be used by devices in the same VPC to find the VIPs, and Ingress route tables will be used by devices in other VPCs or other external datacenters that are connected.

Configuration Examples:

Egress Route Table

Ingress Route Table