Network Services in AVS

The following diagram demonstrates high-level network architecture of AVS Private Cloud VMware Network services:

From the diagram,

• AVS is pre-provisioned with the following NSX-T network configurations:

  • Tier-0 Gateway configured in Active/Active mode for ECMP

  • Northbound connectivity through BGP on Tier-0 Gateway

  • Pre-provisioned Tier-1Gateway for workload segment connectivity

  • Route advertisement enabled on pre-provisioned Tier-1 Gateway

  • Route redistribution enabled on Tier-0 Gateway

  • Default Internet Access for SDDC workloads with an option to enable/disable

• AVS allows customers to add the following NSX-T network configurations:

  • Create overlay segments and connect workloads

  • Deploy additional Tier-1 Gateways

  • Deploy distributed services such as Distributed Fire Wall (DFW)

  • Deploy stateful services such as Load Balancer, Gateway Firewall (GFW), DNS and DHCP on Tier-1 Gateway

NSX Advanced Load Balancer for AVS

NSX Advanced Load Balancer provides load balancing for applications running in AVS SDDC. NSX Advanced Load Balancer integrates as a second party load balancing solution, with communication between the NSX Advanced Load Balancer Controller, NSX Manager and VMware vCenter within AVS. This integration enables NSX Advanced Load Balancer to deploy and manage Service Engines automatically based on demand, providing for an elastic, automated approach to load balancing.

NSX Advanced Load Balancer leverages the NSX-T Cloud Connector mode of operation in AVS as well. This is facilitated by the similarity in the VMware infrastructure between an on-premises NSX-T deployment as well as AVS deployment, as far as objects of interest for NSX Advanced Load Balancer are concerned.

Key Points from the Deployment shown above:

• The NSX Advanced Load Balancer Controller is a cluster of three control plane VMs. The NSX Advanced Load Balancer Controller can run within the AVS SDDC, or outside it in your on-premises datacenter / Azure native VNet. The Controllers need IP reachability from the Service Engines.

• The Controller connects with the NSX-Manager and VMware vSphere vCenter within AVS and discovers the VMware objects such as Port groups, clusters, NSX T1, Segments etc.

• The Controller automatically deploys an NSX Advanced Load Balancer Service Engine, which is the data path instance. The NSX Advanced Load Balancer SE is a virtual machine running within the AVS SDDC.

• The Controller ensures that the NSX-T DFW is programmed correctly to allow traffic.

• NSX Advanced Load Balancer allows for various deployment configurations of the underlying NSX system, such as shared segment for the Virtual Service front-end IP (VS IP) and pool members, as well as dedicated segments for each.

• NSX Advanced Load Balancer also supports the default Tier 1 gateway as well as additional Tier 1 gateways created within AVS by the customer.

• While NSX Advanced Load Balancer supports various VLAN backed segment topologies, these are not applicable in the context of AVS as AVS supports overlay segments created by customers.

Installing NSX Advanced Load Balancer in AVS

Licensing

• NSX Advanced Load Balancer only supports Enterprise Edition license for Google Cloud VMware Engine integration. To know more about the Enterprise Edition license, see License Management on NSX Advanced Load Balancer in VMware NSX Advanced Load BalancerAdministration guide.

• NSX Advanced Load Balancer Licenses can be added to the Controller at any time as per the requirement. The licenses are available at my.vmware.com. Login to your account at my.vmware.com to access the VMware serial key(DLF).

• NSX Advanced Load Balancer Controllers manage licenses and central capacity pool for NSX ALB Service Engines.

• NSX Advanced Load Balancer allows for a 10% overage of the total license capacity.

Role Requirements

The NSX Advanced Load Balancer Controller requires:

• The NSX Network Engineer role or higher if you are running NSX-T Data Center 3.0.x, or the NSX Network Admin role or higher if you are running NSX-T Data Center 3.1.x or later.

• VMware vCenter permissions as defined in Configuring Roles and Permissions for vCenter and NSX-T Users.

• You can use the cloudadmin user and credential provided for AVS. This user has a role which is a superset of the required permissions and is sufficient for the integration.

• For information on setting the content library, see the the Creating a Content Library section of the Installing NSX Advanced Load Balancer in VMware NSX-T Environments.

• For information on deploying the Controller OVA, see Deploying the NSX Advanced Load Balancer Controller OVA.

• For information on setting up the Controller, see Setting up the Controller.

Creating an NSX-T Cloud

To create an NSX-T cloud, log in in to the NSX Advanced Load Balancer Controller and follow the steps given below:

1. From the NSX Advanced Load Balancer UI, navigate to Administration > User Credentials. Click Create.

2. Provide a Name.

3. Select NSX-T as the Credentials Type.

4. Enter the Username and Password.

5. Click Save. Similarly, create vCenter Credentials.

For information on configuring the NSX-T Cloud, see Creating an NSX-T Cloud.

Creating a Virtual Service

1. From the NSX Advanced Load Balancer UI,

2. Go to Applications.

3. Click Create Virtual Service > Basic Setup.

4. Select the NSX-T cloud which was created.

5. Enter the details related to the virtual service IP, Pool members, Tier 1 Logical Router, and more as required.

6. Click Save to create the virtual service.

On successful creation of a Service Engine, the Virtual Service comes up and becomes ready to process traffic.