Network Segment

In the network design for the NSX Advanced Load Balancer users are required to provide three types of connectivity:

  1. Management connectivity for the Controllers.



  2. Management connectivity between the Controllers and the Service Engines and:

    1. NSX Advanced Load Balancer Service Engines connected to an NSX-T Managed Overlay network.



    2. NSX Advanced Load Balancer Service Engines connected to an VLAN-backed NSX segments.



  3. Data connectivity to service load-balanced application traffic for the Service Engines.

Table 1. Design Decisions for the Networking Design for VMware NSX Advanced Load Balancer

Decision ID

Design Decision

Design Justification

Design Implication

AVI-VI-VC-010

Deploy the Controller cluster nodes on the VMware Cloud Foundation management network.

Allows for ease of management for the Controllers.

Allows for configuring a floating cluster VIP; a single IP address that will be assigned to the cluster leader.

Administrative tasks, connectivity to the Service Engines and connectivity to network services will all use this network.

None

AVI-NSX-004

Configure a management network to deploy the Service Engines. Management network needs to be NSX segment and could be either of:

  1. VLAN-backed NSX segment

  2. Overlay-backed NSX segment connected to a Tier-1 router

Note:

This network should have connectivity to the IP addresses of each of the Controllers.

This is required to configure the Controller NSX-T Cloud Connector.

None

AVI-NSX-005

Configure one or more data network(s) for the Service Engines to service load-balanced applications.

Data networks need to be NSX-T managed and could be either of:

  1. VLAN-backed NSX segment, or,

  2. Overlay-backed NSX segment connected to a Tier-1 router

Note:

For overlay-backed NSX segments, one logical segment is required per Tier-1 router.

The Service Engines require data networks to provide access for load-balanced applications.

None

AVI-CTLR-024

Latency between the Controllers must be <10ms.

The Controller quorum is latency sensitive.

Note:

The Control plane might go down if latency is high.

None

AVI-CTLR-025

Latency between the Controllers and the Service Engines should be <75ms.

Required for correct operation of the Service Engines.

Note:

May lead to issues with heartbeats and data synchronization between the Controller and the Service Engines.

None

IP Addressing Scheme

You can assign an IP address to Avi using static or dynamic allocation based on the network configuration of your environment. It is recommended to reserve an IP address from the selected local network segment and statically assign it to the corresponding Controller instance.

Table 2. Design Decisions for the IP Addressing Scheme for VMware NSX Advanced Load Balancer

Decision ID

Design Decision

Design Justification

Design Implication

AVI-CTLR-026

Use static IPs or DHCP with reservation ensuring a permananet lease for the Controllers.

The Controller cluster uses management IPs to form and maintain quorum for the control plane.

Note:

The Controller control plane might go down if the management IPs of the Controller change.

None

AVI-VI-001

Reserve an IP in the management subnet to be used as the cluster IP for the Controller cluster.

A floating IP that will always be accessible regardless of a specific individual Avi cluster node.

None

AVI-NSX-006

Configure DHCP on the networks/ logical segments used for data traffic.

Having DHCP enabled for data networks makes the Service Engine configuration simple.

Note:

Alternatively, operators could use static IPs, but can have to program IP pools for the data networks to be used by the Service Engines and also add a static route for the data network's gateway on the Controller .

None

Name Resolution

Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN), this makes it easier to remember and connect to components across the SDDC. Each IP address assigned to the Controller instance must have valid DNS forward (A) and reverse (PTR) records.

Table 3. Design Decisions for the Name Resolution for VMware NSX Advanced Load Balancer

Decision ID

Design Decision

Design Justification

Design Implication

AVI-VI-002

Configure DNS A records for the three Controllers and cluster VIP.

The Controllers are accessible by an easy to remember FQDN as well as directly by IP address.

Assumes DNS infrastructure is available .

Time Synchronization

Time synchronization provided by the Network Time Protocol (NTP) is important to ensure that all components within the Software-Defined Data Center are synchronized to the same time source.

Table 4. Design Decisions for the Time Synchronization for VMware NSX Advanced Load Balancer

Decision ID

Design Decision

Design Justification

Design Implication

AVI-VI-003

Configure time synchronization by using an NTP time for the Controller.

Note:

Recommendation is to use the same source as SDDC Manager, vCenter Server and NSX Manager cluster.

Prevents from time synchronization issues.

Not required to provide connectivity to an external NTP server.

An operational NTP service must be available in the environment.

Ensure that NTP traffic between the Controllers, the Service Engines and the NTP servers is allowed on the required network ports and not firewalled.