Container Ingress
Traffic Management and Kubernetes
Ingress for Containerized Applications

As enterprises modernize and build containerized Kubernetes applications, they are confronted with a lab-to-production gap that requires a very different set of requirements on app availability, observability, on-demand elasticity, multi-cloud deployments and more. Networking and operations teams find that they need to piece together a mishmash of legacy or open-source container management tools that are disjointed and complicate their ability to deploy and manage modern applications at scale.

Diagram showing current disparate tools and lab projects then a gap before desired consolidated services made up of production clusters and container ingress services

 

VMware NSX Advanced Load Balancer delivers multi-cloud application services such as load balancing for containerized applications with microservices architecture through dynamic service discovery, application traffic management, and web application security. Container  Ingress provides scalable and enterprise-class Kubernetes ingress traffic management, including local and global server load balancing (GSLB), web application firewall (WAF) and performance monitoring, across multi-cluster, multi-region, and multi-cloud environments. Avi integrates seamlessly with Kubernetes for container and microservices orchestration and security.

Universality

  • Multi-Infra: Traditional and cloud-native apps in VMs/bare metal/containers
  • Multi-Cluster: Inter/intra container cluster management and secure gateways
  • Multi-Region: GSLB for multiple regions and geo-ware load balancing
  • Multi-Cloud: Across on-premises data centers and multi-region public clouds

Traffic Routing

  • Advanced ingress gateway with integrated IPAM/DNS
  • L4-7 load balancing with SSL/TLS offload
  • Automated service discovery
  • North-south traffic management with content switching, redirection, caching, and compression
  • CI/CD and application upgrades using Blue-Green or canary

Security

  • Zero trust security model and encryption
  • Distributed WAF for application security
  • Single sign-on (SSO) integration for enterprise-grade authentication and authorization
  • Positive security model and application learning for automated allowlist/denylist policies

Observability

  • Real-time application and container performance monitoring with tracing
  • Big data and machine learning driven connection log analytics
  • Machine learning-based insights and app health analytics

How Enterprises Deploy Container Ingress Today

Global & Local Traffic Management

NSX ALB pod is running in the Kubernetes/OpenShift GSLB leader cluster and follower clusters, enabling multi-cluster application deployment, mapping the same application deployed on multiple clusters to a single GSLB service, extending application ingresses across multi region and multi availability zone deployments. Enterprise-class application services for containerized applications, orchestrated by platforms like Kubernetes, include:

  • Load balancing, health monitoring, TLS/SSL offload, certificate management, session persistence, content/URL switching
  • Redirecting requests to the appropriate site/region based on the availability, locality of the user to the site, site persistence and load
  • Content/URL switching, redirection, error page, caching, compression and on-demand autoscaling

Application & Container Monitoring and Analytics

Analytics is the foundation for intent-based systems to collect, aggregate, accumulate, store, and rollup metrics and logs, especially for containerized applications with a microservices framework. NSX ALB provides the following container ingress traffic management capabilities without having to instrument each application:

  • Application Map:

    Real-time dynamic map of communications between microservices available as a dependency map. Operators can extract critical metrics such as latency, bandwidth, request rate, etc. across microservices deployment architectures.

  • Analytics Dashboard:

    An end-to-end latency view of all transactions in addition to real-time and historic views of critical metrics such as requests/transaction/connection rate/throughput.

  • Log File Analytics:

    Logs of every significant transaction including errors and excessive latencies with built-in analytics by pool member, response time, device type and more.

  • Client Analytics:

    Aggregated page load times, dimensional analytics such as device type, country, and detailed resource timing information for every page in the application via JavaScript.

  • Security Analytics:

    A breakdown of TLS/SSL versions, transaction rate, health score based on SSL security profiles and certificates, DDoS analytics including type of attacks, and detection on bots attacks.

Dynamic Service Discovery

Service discovery bridges the gap between a service’s name and access information (IP address) by providing a dynamic mapping. NSX ALB provides an authoritative DNS server for users’ devices and other services to map host/domain names to virtual IP addresses (VIPs) to automate service discovery, including:

  • Built-in IPAM for virtual IP address allocation
  • A variety of DNS configuration options and the ability to add static A and CNAME records to the DNS server
  • Continuous Integration and Delivery (CI/CD) and application upgrades using a Blue-Green or canary deployment models

Deliver Elastic Kubernetes Ingress Controller and Services
A single platform for consolidated traffic management, security, and observability

Services such as traffic management, service discovery, container monitoring, analytics and security remain a critical component for enterprises to deploy containers in production.

NSX ALB provides proven Kubernetes ingress services to deploy and secure container-based applications workloads in production Kubernetes clusters.

Deliver Elastic Kubernetes Ingress Controller and Services

Interested in learning more about NSX ALB?

Schedule a Demo

Advanced Kubernetes Ingress Controller

Learn More