This section discusses NSX Advanced Load Balancer’s IPAM configuration that is supported on the following clouds:

  • Linux Server Cloud (bare metal)

  • VMware

  • No Access

Configuring IPAM

NSX Advanced Load Balancer allocates IP addresses from a pool of IP addresses within the subnet configured as listed:

  1. Navigate to Infrastructure > Network.

  2. You can select cloud from Select Cloud drop-down menu and click Create.

  3. Specify the network name.

  4. Under IP Address Management, click the required option for DHCP Enabled and IPv6 Auto Configuration.

  5. Add IPv4 and/or IPv6 networks for IP address allocation.

    1. Click Add Subnet.

    2. Specify the subnet address under IP Subnet.

    3. Enable Add Static IP Address Pool to specify the pool of IP addresses. Specify the range of the pool under IP Address Pool.

    4. Click Save.

    5. Repeat steps from 1 to 4 for each network used for IP address allocation.

  6. Click Save.

Note:
  • Virtual service creation will fail if the static IP address pool is empty or exhausted.

  • For east-west IPAM, create another network with the appropriate link-local subnet and a separate IPAM/DNS profile.

  • Addition or deletion of VIP or changing the vip_id (use-case being multiple VIPs on a virtual service) is not supported on NSX Advanced Load Balancer IPAM.

Creating IPAM Networks using both IPv4 and IPv6 Subnets

The following is an instance of creating IPAM networks using both IPv4 and IPv6 subnets:

Navigate to Templates > IPAM/DNS Profiles and create a placeholder for IPAM.

You can assign one or more of the created networks to be the default usable network, if no specific network and/or subnet is provided in the virtual service configuration.



VRF-aware IPAM

You can enable the Allocate IP in the VRF checkbox for NSX Advanced Load Balancer to allocate IPs from networks in the virtual service’s VRF. This option is applicable only for the IPAM.

Selecting Network for IP Allocation

The selection of network for given allocated IP request is based on the following:

  1. If a network and subnet are specified during virtual service creation, the system will allocate from that specific network/subnet. If that subnet does not have free static IPs, the API request will fail.

  2. If no network/subnet is specified (only possible via CLI or API) during virtual service creation, the system will consider all networks in the Usable Networks of the IPAM/DNS profile and randomly select the one which has free IPs available.

    1. For v4 requests, the system will check for free IPs in networks with v4 subnets before considering networks with v4 and v6 subnets.

    2. For v6 requests, the system will check for free IPs in networks with v6 subnets before considering networks with v4 and v6subnets.

Note:

Any change in the VIP’s IPv4 or IPv6 address disrupt the virtual service. This can occur if the virtual service's auto allocate type is changed. For instance, if a virtual service’s IPv4 address was allocated using a network with both v4 and v6 subnets, and its auto_allocate_type is changed from v4 to v4_v6 with a corresponding v6 subnet selected, the system will attempt to allocate an IPv6 address for that virtual service. If the allocation is successful, a virtual service disruption will occur.

IPAM Support for User Preferred IP Address

NSX Advanced Load Balancer IPAM supports virtual service creation with a user-preferred IP address and or IPv6 address with auto allocation. To use this feature,

  • Set the ip_address or ip6_address field(s) of the VsVip object.

  • Set the auto_allocate_ip field to True and the auto_allocate_ip_type field set correspondingly.

The Controller allocates that specific IP address for the virtual service. If the IP address is unavailable, the virtual service creation will fail. The specified IP address must exist in a static pool that is already configured on a network or the subnet.

This feature supports all three auto allocation types, namely, v4, v6, and v4_v6. When creating a virtual service IP address with v4_v6 allocation, both IPv4 and IPv6 addresses must be specified, or both should be left empty. Additionally, updating an existing auto-allocated IP address to a different preferred IP address of the same type (v4 or v6) is not allowed.

The following are the list of allowed operations:

  1. Creating a VIP with a preferred static IP, supported for v4, v6, and v4_v6.

  2. Changing an existing VIP’s allocation type from v4 to v6 and specifying a preferred IPv6.

  3. Changing an existing VIP’s allocation type from v4 to v4_v6 and specifying a preferred IPv6.

    1. If the IPAM network and subnet are the same, the IPv4 address field must be either unset or kept the same (the existing IPv4 address will be preserved in both cases).

    2. If the IPAM network or subnet is different, the IPv4 address field must be unset.

  4. Changing an existing VIP’s allocation type from v6 to v4 and specifying a preferred IPv4.

  5. Changing an existing VIP’s allocation type from v6 to v4_v6, and specifying a preferred IPv4. If the IPAM network and subnet6 is the same, the IPv6 Address field must be either unset or kept the same (the existing IPv6 address will be preserved in both cases).

    1. If the IPAM network or subnet6 is different, the IPv6 Address field must be unset.

The IPv6 Address field must be kept the same to keep the IPAM network same, or left blank for changing the IPAM network.

The following operations are not supported in NSX Advanced Load Balancer 20.1.2:

  1. Creating a VIP with v4_v6 allocation with only ip_address set or only ip6_address set.

    1. Both IP addresses must be set (preferred), or unset.

  2. Updating an existing auto allocated IP address to a different preferred IP address of the same type (v4 or v6).

    1. An existing VIP with IPv4-A cannot be updated to a different preferred IPv4-B.

    2. If it is required to change the VIP’s allocation network or subnet, the ip_address/ip6_address fields must be left blank (Controller will pick the IP address for the user).

    3. If a new preferred IP of the same type is needed, delete and recreate the VIP.

Configuring Virtual Service with Auto Allocate IP Address

Login to the CLI and use the configure vsvip <name> to set the auto allocate IP address.

[admin:10-79-108-162]: > show network network1
+----------------------------+----------------------------------------------+
| Field                      | Value                                        |
+----------------------------+----------------------------------------------+
| uuid                       | network-eea5aaa2-2225-40bd-b27d-60d7fe046d01 |
| name                       | network1                                     |
| vcenter_dvs                | True                                         |
| dhcp_enabled               | True                                         |
| exclude_discovered_subnets | False                                        |
| configured_subnets[1]      |                                              |
|   prefix                   | 10.10.10.0/24                                |
|   static_ranges[1]         |                                              |
|     begin                  | 10.10.10.100                                 |
|     end                    | 10.10.10.150                                 |
| vrf_context_ref            | global                                       |
| synced_from_se             | False                                        |
| ip6_autocfg_enabled        | True                                         |
| tenant_ref                 | admin                                        |
| cloud_ref                  | Default-Cloud                                |
+----------------------------+----------------------------------------------+
[admin:10-79-108-162]: > configure vsvip vsvip1

[admin:10-79-108-162]: vsvip> vip vip_id 1
New object being created
[admin:10-79-108-162]: vsvip:vip> auto_allocate_ip
[admin:10-79-108-162]: vsvip:vip> ip_address 10.10.10.120
[admin:10-79-108-162]: vsvip:vip> save
[admin:10-79-108-162]: vsvip> save
+-----------------------------+--------------------------------------------+
| Field                       | Value                                      |
+-----------------------------+--------------------------------------------+
| uuid                        | vsvip-54aa9247-d807-458d-b9e3-a8956bcb266a |
| name                        | vsvip1                                     |
| vip[1]                      |                                            |
|   vip_id                    | 1                                          |
|   ip_address                | 10.10.10.120                               |
|   enabled                   | True                                       |
|   discovered_networks[1]    |                                            |
|     network_ref             | network1                                   |
|     subnet[1]               | 10.10.10.0/24                              |
|   auto_allocate_ip          | True                                       |
|   auto_allocate_floating_ip | False                                      |
|   avi_allocated_vip         | False                                      |
|   avi_allocated_fip         | False                                      |
|   ipam_network_subnet       |                                            |
|     network_ref             | network1                                   |
|     subnet                  | 10.10.10.0/24                              |
|   auto_allocate_ip_type     | V4_ONLY                                    |
|   prefix_length             | 32                                         |
| vrf_context_ref             | global                                     |
| east_west_placement         | False                                      |
| tenant_ref                  | admin                                      |
| cloud_ref                   | Default-Cloud                              |
+-----------------------------+--------------------------------------------+

Allocating different IPAM Ranges for SEs and Virtual IPs

You can specify whether a set of static IPs is used for SE vNIC only, or for VIP only or for both. For any given subnet, only the following configurations are supported:

  • IP range(s) for VIP and/or IP range(s) for SE

  • IP range(s) for both

The system will display an error message if a subnet contains an IP range for both and an IP range for either VIP or SE.

Using the UI

The following are the steps to allow separate IP range configurations for VIP and SE:

  1. From the NSX Advanced Load Balancer UI, navigate to Infrastructure > Networks.

  2. Click Edit.

  3. In the Edit Network Settings screen, disable Use Static IP Address for VIPs and SE option. If you select this option, the IP ranges will be used for both VIPs and SE.

  4. In the Networks Overview page, click an existing network to show the various configured static IP ranges. The combined free/total IP counts of all the ip_range_runtimes in the subnet are shown next to the subnet prefix.



Via the CLI

Specify a static IP address range in the static_ip_ranges field and also how the IP ranges will be allocated.

The following is the static_ip_ranges configuration:

configure network vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026
[admin:1234]: network> configured_subnets prefix 100.64.34.0/24
[admin:1234]: network:configured_subnets> static_ip_ranges
New object being created
[admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.100
[admin:1234]: network:configured_subnets:static_ip_ranges:range> end 100.64.34.110
[admin:1234]: network:configured_subnets:static_ip_ranges:range> save
[admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_vip
[admin:1234]: network:configured_subnets:static_ip_ranges> save
[admin:1234]: network:configured_subnets> static_ip_ranges
[admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.140
[admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.150
[admin:1234]: network:configured_subnets:static_ip_ranges:range> save
[admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_vip
[admin:1234]: network:configured_subnets:static_ip_ranges> save
[admin:1234]: network:configured_subnets:static_ip_ranges> save
[admin:1234]: network:configured_subnets> static_ip_ranges
[admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.240
[admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.250
[admin:1234]: network:configured_subnets:static_ip_ranges:range> save
[admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_se
[admin:1234]: network:configured_subnets:static_ip_ranges> save
[admin:1234]: network:configured_subnets> static_ip_ranges
[admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.195
[admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.195
[admin:1234]: network:configured_subnets:static_ip_ranges:range> save
[admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_se
[admin:1234]: network:configured_subnets:static_ip_ranges:range> save
[admin:1234]: network:configured_subnets:static_ip_ranges>save
[admin:1234]: network:configured_subnets>save
Note:
  • Within ip_range_runtimes, the allocated IPs are stored inside the allocated_ips field (previously named as ip_allocated).

  • Inside an allocated IP, the mac field has been renamed to obj_info and the se_ref field has been renamed to obj_ref.

  • By default, the option STATIC_IPS_FOR_VIP_AND_SE is configured as the type of allocation. When upgrading to NSX Advanced Load Balancer version 20.1.3, all existing static_ips and static_ranges will be converted to static_ip_ranges with type STATIC_IPS_FOR_VIP_AND_SE.

The following is the configured network:

+----------------------------+--------------------------------------------------------------+
| Field                      | Value                                                        |
+----------------------------+--------------------------------------------------------------+
| uuid                       | dvportgroup-233-cloud-4b5fd097-0a9a-444f-b328-1f016eb99987   |
| name                       | vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026 |
| vcenter_dvs                | True                                                         |
| vimgrnw_ref                | vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026 |
| dhcp_enabled               | True                                                         |
| exclude_discovered_subnets | False                                                        |
| configured_subnets[1]      |                                                              |
|   prefix                   | 100.64.34.0/24                                               |
|   static_ip_ranges[1]      |                                                              |
|     range                  |                                                              |
|       begin                | 100.64.34.100                                                |
|       end                  | 100.64.34.110                                                |
|     type                   | STATIC_IPS_FOR_VIP                                           |
|   static_ip_ranges[2]      |                                                              |
|     range                  |                                                              |
|       begin                | 100.64.34.200                                                |
|       end                  | 100.64.34.210                                                |
|     type                   | STATIC_IPS_FOR_VIP                                           |
|   static_ip_ranges[3]      |                                                              |
|     range                  |                                                              |
|       begin                | 100.64.34.140                                                |
|       end                  | 100.64.34.150                                                |
|     type                   | STATIC_IPS_FOR_SE                                            |
|   static_ip_ranges[4]      |                                                              |
|     range                  |                                                              |
|       begin                | 100.64.34.240                                                |
|       end                  | 100.64.34.250                                                |
|     type                   | STATIC_IPS_FOR_SE                                            |
|   static_ip_ranges[5]      |                                                              |
|     range                  |                                                              |
|       begin                | 100.64.34.195                                                |
|       end                  | 100.64.34.195                                                |
|     type                   | STATIC_IPS_FOR_SE                                            |
| vrf_context_ref            | global                                                       |
| synced_from_se             | True                                                         |
| ip6_autocfg_enabled        | False                                                        |
| tenant_ref                 | admin                                                        |
| cloud_ref                  | Default-Cloud                                                |
+----------------------------+--------------------------------------------------------------+
Note:

The IP allocation and IP count information will be stored inside ip_range_runtimes field. The fields ip_alloced, total_ip_count, used_ip_count, and free_ip_count under subnet_runtime are deprecated. Each ip_range_runtimes entry will contain the combined IP allocation and count information for all static IP ranges of a particular type (SE, VIP, or both).

Internal IPAM for VIP Labels

You can use specific sets of networks from the IPAM profile for VIP allocation. Labels are added to both the usable networks in the IPAM profile and the vsvip.

Note:

This feature is currently supported only via the CLI/API.

The usable networks and vsvip are matched as shown below:

  • A vsvip with label X can only use networks in the IPAM profile with label X

  • A vsvip with no labels can use any network in the IPAM profile (with and without labels)

The labels for the networks in the IPAM profile is configured inside the profile’s usable_networks field. The labels on the vsvip is configured inside the ipam_selector field.

Log in to the Controller and configure internal IPAM for VIP labels as shown below:

[admin:1234]: > configure vsvip vsvip1
[admin:1234]: vsvip> vip vip_id 1
New object being created
[admin:1234]: vsvip:vip> auto_allocate_ip
[admin:1234]: vsvip:vip> save
[admin:1234]: vsvip> ipam_selector
[admin:1234]: vsvip:ipam_selector> type selector_ipam
[admin:1234]: vsvip:ipam_selector> labels
New object being created
[admin:1234]: vsvip:ipam_selector:labels> key key2
[admin:1234]: vsvip:ipam_selector:labels> value value2
[admin:1234]: vsvip:ipam_selector:labels> save
[admin:1234]: vsvip:ipam_selector> save
[admin:1234]: vsvip> save
Note:

The usable_networks_refs field under internal_profile has been deprecated. To add networks, use the usable_networks field.

Changing an existing usable network’s labels or vsvip’s labels is allowed, and does not affect existing allocations. The new labels will be applicable for new allocations.

Only one label will be supported per usable network and per vsvip.