Proxy Support for Cloud Deployment with Avi Load Balancer

When Avi Load Balancer is used to provide load balancing to applications residing in public cloud, the Avi Load Balancer Controller communicates with the public cloud provider’s API endpoints for configuration and ongoing operations.

In some cases, the communication between the Avi Load Balancer Controller and the public cloud endpoint may be required to traverse a proxy.

Avi Load Balancer supports HTTP proxy for the Controller - Public Cloud API endpoint communication with the following cloud connectors:

Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform

Configuring Proxy Support

Proxy support on an Avi Load Balancer Controller can be enabled by using the proxy_configuration knob under the configure systemconfiguration option.

You can add proxy to vCenter and NSX-T cloud by updating systemconfiguration option. However, you cannot have different proxy servers for different NSX/ vCenter communication.

This feature supports proxy servers configured with basic authentication, and without authentication. The following are the parameters which are configured while enabling proxy support:

Host – IP address of the proxy server.
Port – The port number over which the Avi Load Balancer Controller will communicate to the proxy server.
Username – Username of the proxy server (only if basic authentication is enabled on the proxy server).
Password – Password to access the proxy server (only if basic authentication is enabled on the proxy server).

Follow the steps mentioned below to enable the proxy support:

Login to the shell prompt of the Avi Load Balancer Controller.
Execute the proxy_configuration command under the configure systemconfiguration mode.

Provide the details of the required parameters for the proxy server as shown below.

[admin:10.1.1.1]: > configure systemconfiguration
Updating an existing object. Currently, the object is:
+----------------------------------+---------------------------------------+
| Field                            | Value                                 |
+----------------------------------+---------------------------------------+
| uuid                             | default                               |
| dns_configuration                |                                       |
|   server_list[1]                 | 10.10.0.100                           |
|   search_domain                  |                                       |
| ntp_configuration                |                                       |
|   community                      | <sensitive>                           |
|   sys_contact                    | [email protected]               |
|   version                        | SNMP_VER2                             |
| ssh_ciphers[1]                   | aes128-ctr                            |
| ssh_ciphers[2]                   | aes256-ctr                            |
| ssh_ciphers[3]                   | arcfour256                            |
| ssh_ciphers[4]                   | arcfour128                            |
| ssh_hmacs[1]                     | [email protected]         |
| ssh_hmacs[2]                     | [email protected]         |
| ssh_hmacs[3]                     | [email protected]              |
| ssh_hmacs[4]                     | hmac-sha2-512                         |
| default_license_tier             | ENTERPRISE_18                         |
+----------------------------------+---------------------------------------+
[admin:10-152-131-93]: systemconfiguration> proxy_configuration
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> host 10.20.1.1
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> port 3128
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> username admin
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> password admin
[admin:10-152-131-93]: systemconfiguration:proxy_configuration> save
[admin:10-152-131-93]: systemconfiguration> save
+----------------------------------+-------------------------------------------+
| Field                            | Value                                     |
+----------------------------------+-------------------------------------------+
| uuid                             | default                                   |
| dns_configuration                |                                           |
|   server_list[1]                 | 10.10.0.100                               |
|   search_domain                  |                                           |
| ntp_configuration                |                                           |
|   ntp_servers[1]                 |                                           |
|     server                       | 0.us.pool.ntp.org                         |
|   ntp_servers[2]                 |                                           |
|     server                       | 1.us.pool.ntp.org                         |
|   ntp_servers[3]                 |                                           |
|     server                       | 2.us.pool.ntp.org                         |
|   ntp_servers[4]                 |                                           |
|     server                       | 3.us.pool.ntp.org                         |
| portal_configuration             |                                           |
|   enable_https                   | True                                      |
|   redirect_to_https              | True                                      |
|   enable_http                    | True                                      |
|   sslkeyandcertificate_refs[1]   | System-Default-Portal-Cert                |
|   sslkeyandcertificate_refs[2]   | System-Default-Portal-Cert-EC256          |
|   use_uuid_from_input            | False                                     |
|   sslprofile_ref                 | System-Standard-Portal                    |
|   enable_clickjacking_protection | True                                      |
|   allow_basic_authentication     | True                                      |
|   password_strength_check        | False                                     |
|   disable_remote_cli_shell       | False                                     |
| global_tenant_config             |                                           | 
|   tenant_vrf                     | False                                     |
|   se_in_provider_context         | True                                      |
|   tenant_access_to_provider_se   | True                                      |
| email_configuration              |                                           |
|   smtp_type                      | SMTP_LOCAL_HOST                           |
|   from_email                     | [email protected]                   |
|   mail_server_name               | localhost                                 |
|   mail_server_port               | 25                                        |
|   disable_tls                    | False                                     |
| docker_mode                      | False                                     |
| snmp_configuration               |                                           |
|   community                      | <sensitive>                               |
|   sys_contact                    | [email protected]                   |
|   version                        | SNMP_VER2                                 |
| proxy_configuration              |                                           |
|   host                           | 10.20.1.1                                 |
|   port                           | 3128                                      |
|   username                       | admin                                     |
|   password                       | <sensitive>                               |
+----------------------------------+-------------------------------------------+