page 1 of 13 - avi networks
TRANSCRIPT
Page 1 of 13
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 2 of 13
view onlineAvi Vantage Integration with VMware Cloud on AWS
OverviewAvi Vantage is installed in mode on VMWare cloud on AWS (VMC). The deployment of Service Engines on No OrchestratorVMC is manual. Once VMC is integrated with Avi Controller, virtual service placement and scaling can be handled centrally from the Avi Controller.
The screenshot shown below depicts a typical Avi Vantage deployment with VMC.
The following are the observations from the above diagram:
For Avi Service Engines
Avi Service Engines (SEs) are deployed as virtual machines (VMs) on VMC.SEs are connected to the logical networks. The following are the two types of logical networks:Routed network ? over IPsec VPN
Extended network ? over L2 VPN
The SEs connect to the Avi Controller over the management network, which is the logical network connection to the vNIC0 of the SE VM.
For Avi Controller
The Avi Controller cluster is dedicated to the VMC environment or is used for load balancing local vCenters.
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 3 of 13
Considering the monetary cost of resources on VMC and its ephemeral nature, it is recommended to deploy Avi Controller cluster outside of the VMC environment. However, this is not a restriction.
The following diagram depicts the deployment of Avi Controller cluster and SEs on the VMC infrastructure.
High Availability
The following are the options currently supported for high availability (in the order of recommendation): * N+M in tunnel mode. * Active/active with reverse tunnel option enabled. The reverse tunnel option needs to be enabled to allow large uploads for asymmetric traffic. * Active/standby with MAC masquerade disabled. SNAT is required for this and the default gateway mode is not supported.
ConfigurationSE VMs require manual creation. The lack of automation on VMC is because the user does not have all [email protected] permissions to read/write to vCenter API and there is no access to the ESX management plane. The access to the ESX management plane is required for Avi automated deployment in on-prem vCenter.
This section covers the following: * Downloading SE image * Uploading SE image to Content Library * Deploying SE VM
Downloading SE Image
Log in to Avi UI as the user.adminNavigate to > . Download the SE OVA image using the download icon on the cloud. Use the Infrastructure Cloud
or create a new cloud. Use the following steps to create a new cloud using the Default-Cloud No Orchestrator No option.Orchestrator
Downloading OVA using the Default-Cloud
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 4 of 13
Downloading OVA from a CloudNo Orchestrator
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 5 of 13
1.
2.
Uploading SE Image to Content Library
The downloaded file is used directly to create an SE VM, but this requires uploading the image to vCenter every time a .OVAnew VM needs to be created. For faster deployment, the SE image is uploaded to the content library on VMC and can be used multiple times.
Follow the below steps to upload the SE image to the content library:
Login to vCenter and select the option to create a new content library. Provide the name and select the desired vCenter server as shown below.
Select a storage location for the library contents.
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 6 of 13
3.
4.
Content library accepts and files as VM templates. files are treated as general files. Before uploading .ova .vmdk .ovafiles to the content libraries, the file to get and files.untar .ova .ovf .vmdk
tar -xvf se.ova
x se.ovf
x se.mf
x se-disk1.vmdk
Select the option available on vSphere client and upload the and files as shown below.Import Item .ovf .vmdk
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 7 of 13
1.
Deploying SE VM
Prerequisites
The following data are required for deploying SE VM. * Avi Controller IP address * Authentication token and cloud UUID. Navigate to > , select the required cloud, and click on the key icon to the generate cloud UUID and the Infrastructure Cloudauthentication token as shown below.
Management IP address, subnet, and subnet mask. This is required only if DHCP is not enabled on management logical network.
VM Creation
Log in to the vSphere client, select the option, and click on the to create a new Templates New VM from this templateVM as shown below.
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 8 of 13
2. Select a VM location as shown below.
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 9 of 13
2.
3.
4.
Optional step: Create a new folder under to place all the SEs.Workloads
Click on the option to select the resource pool for the deployment.Select a compute resource
Click on the option to select the required datastore.Select storage
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 10 of 13
4.
5. Click on the option to configure the required networks.Select network
The network label (vNIC0) is mapped to the management logical network. The remaining network labels (Data ManagementNetwork 1 ? 9) is connected to any of the front-end virtual service's network or back-end server's logical network as required. It is left disconnected if not required.
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 11 of 13
6.
7.
8.
Select the option to create vApp properties. Provide Avi Controller IP address details, the Cluser Customize templateUUID, and the authentication token as described in the section.Prerequisites
Review and click on .Finish
Powered on the deployed VM.
Configuring Tunnel Mode
You can configure tunnel mode from Avi Controller shell by executing the following command:
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 12 of 13
configure serviceenginegroup *serviceenginegroupname*
serviceenginegroup> se_tunnel_mode 1
serviceenginegroup> save
Note: The tunnel mode setting will take effect only after rebooting the respective Service Engines in the Service Engine group.
Additional InformationTo check the newly deployed SE, navigate to > tab on the Avi UI.Infrastructure Service Engine
If the SE VMs are switched on but not connected to the Avi Controller, check firewall ports configured on the Compute option in VMC console. This option is used to allow management traffic from the SE to the Avi Controller. Gateway
For more information on the required ports and protocols, refer to Protocol Ports Used by Avi Vantage for Management .Communication
Note: The SEs open TCP connections to the Avi controller, so the firewall rules should allow outgoing traffic. Since the firewall is stateful, the reverse traffic is automatically allowed.
Avi Networks — Technical Reference (18.1)Avi Vantage Integration with VMware Cloud on AWS
Copyright © 2020 Avi Networks, Inc. Page 13 of 13
If the Avi Controller is accessed using public IP address (for example, when it is deployed on another VPC on AWS or if Avi SaaS offering is being used), add NAT rules to allow SE traffic over the internet.