This section covers details of supported clouds for NSX Advanced Load Balancer IPAM configuration.
The IPAM configuration is supported on the following clouds:
Containers (Mesos, OpenShift, Docker UCP, Rancher)
Linux Server Cloud (bare metal)
VMware
No Access
Configuring IPAM
NSX Advanced Load Balancer allocates IP addresses from a pool of IP addresses within the subnet configured as listed:
Navigate to .
You can select cloud from Select Cloud drop-down menu and click CREATE.
Specify the network name.
Under IP Address Management, select the check box for Enable DHCP and Enable IPv6 Auto Configuration.
Add IPv4 and IPv6 networks for IP address allocation.
Click ADD.
Specify the Subnet Prefix.
Select the Use Static IP Address for VIPs and SE check box. Specify the range of the pool under IP Address Range.
Click SAVE.
Repeat steps from 1 to 4 for each network used for IP address allocation.
Click SAVE.
Virtual service creation will fail if the static IP address pool is empty or exhausted.
For east-west IPAM, create another network with the appropriate link-local subnet and a separate IPAM/DNS profile.
NSX Advanced Load Balancer Kubernetes/ OpenShift cloud is not supported.
Addition or deletion of VIP or changing the
vip_id(for example when multiple VIPs are on a virtual service) is not supported on NSX Advanced Load Balancer IPAM.
Creating IPAM Networks using both IPv4 and IPv6 Subnets
The following is an instance of creating IPAM networks using both IPv4 and IPv6 subnets:
Navigate to and create a placeholder for IPAM.
You can assign one or more of the created networks to be the default usable network, if no specific network or subnet is provided in the virtual service configuration.
VRF-aware IPAM
You can enable the Allocate IP in the VRF checkbox for NSX Advanced Load Balancer to allocate IPs from networks in the virtual service’s VRF. This option is applicable only for NSX Advanced Load Balancer IPAM.
Selecting Network for IP Allocation
The selection of network for given allocated IP request is based on the following:
If a network and subnet are specified during virtual service creation, the system will allocate from that specific network/subnet. If that subnet does not have free static IPs, the API request will fail.
If no network/subnet is specified (only possible via CLI or API) during virtual service creation, the system will consider all networks in the Usable Networks of the IPAM/DNS profile and randomly select the one which has free IPs available.
For v4 requests, the system will check for free IPs in networks with v4 subnets before considering networks with v4 and v6 subnets.
For v6 requests, the system will check for free IPs in networks with v6 subnets before considering networks with v4 and v6subnets.
Any change in the VIP’s IPv4 or IPv6 address disrupt the virtual service. This can occur if the virtual service's auto allocate type is changed. For instance, if a virtual service’s IPv4 address was allocated using a network with both v4 and v6 subnets, and its auto_allocate_type is changed from v4 to v4_v6 with a corresponding v6 subnet selected, the system will attempt to allocate an IPv6 address for that virtual service. If the allocation is successful, a virtual service disruption will occur.
IPAM Support for User Preferred IP Address
NSX Advanced Load Balancer IPAM supports virtual service creation with a user-preferred IP address and or IPv6 address with auto allocation. To use this feature,
Set the
ip_addressorip6_addressfield(s) of theVsVipobject.Set the
auto_allocate_ipfield toTrueand theauto_allocate_ip_typefield set correspondingly.
The Controller allocates that specific IP address for the virtual service. If the IP address is unavailable, the virtual service creation will fail. The specified IP address must exist in a static pool that is already configured on a network or the subnet.
This feature supports all three auto allocation types, namely, v4, v6, and v4_v6. When creating a virtual service IP address with v4_v6 allocation, both IPv4 and IPv6 addresses must be specified, or both should be left empty. Additionally, updating an existing auto-allocated IP address to a different preferred IP address of the same type (v4 or v6) is not allowed.
The following are the list of allowed operations:
Creating a VIP with a preferred static IP, supported for v4, v6, and v4_v6.
Changing an existing VIP’s allocation type from v4 to v6 and specifying a preferred IPv6.
Changing an existing VIP’s allocation type from v4 to v4_v6 and specifying a preferred IPv6.
If the IPAM network and subnet are the same, the IPv4 address field must be either unset or kept the same (the existing IPv4 address will be preserved in both cases).
If the IPAM network or subnet is different, the IPv4 address field must be unset.
Changing an existing VIP’s allocation type from v6 to v4 and specifying a preferred IPv4.
Changing an existing VIP’s allocation type from v6 to v4_v6, and specifying a preferred IPv4.
If the IPAM network and subnet6 is the same, the IPv6 Address field must be either unset or kept the same (the existing IPv6 address will be preserved in both cases).
If the IPAM network or subnet6 is different, the IPv6 Address field must be unset.
The IPv6 Address field must be kept the same to keep the IPAM network same, or left empty for changing the IPAM network.
The following operations are not supported in NSX Advanced Load Balancer.
Creating a VIP with v4_v6 allocation with only
ip_addressset or onlyip6_addressset.Both IP addresses must be set (preferred), or unset.
Updating an existing auto allocated IP address to a different preferred IP address of the same type (v4 or v6).
An existing VIP with
IPv4-Acannot be updated to a different preferredIPv4-B.If it is required to change the VIP’s allocation network or subnet, the ip_address/ip6_address fields must be left blank (Controller will pick the IP address for the user).
If a new preferred IP of the same type is needed, delete and recreate the VIP.
Configuring Virtual Service with Auto Allocate IP Address
Login to the CLI and use the configure vsvip <name> to set the auto allocate IP address.
[admin:10-79-108-162]: > show network network1 +----------------------------+----------------------------------------------+ | Field | Value | +----------------------------+----------------------------------------------+ | uuid | network-eea5aaa2-2225-40bd-b27d-60d7fe046d01 | | name | network1 | | vcenter_dvs | True | | dhcp_enabled | True | | exclude_discovered_subnets | False | | configured_subnets[1] | | | prefix | 10.10.10.0/24 | | static_ranges[1] | | | begin | 10.10.10.100 | | end | 10.10.10.150 | | vrf_context_ref | global | | synced_from_se | False | | ip6_autocfg_enabled | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+----------------------------------------------+ [admin:10-79-108-162]: > configure vsvip vsvip1 [admin:10-79-108-162]: vsvip> vip vip_id 1 New object being created [admin:10-79-108-162]: vsvip:vip> auto_allocate_ip [admin:10-79-108-162]: vsvip:vip> ip_address 10.10.10.120 [admin:10-79-108-162]: vsvip:vip> save [admin:10-79-108-162]: vsvip> save +-----------------------------+--------------------------------------------+ | Field | Value | +-----------------------------+--------------------------------------------+ | uuid | vsvip-54aa9247-d807-458d-b9e3-a8956bcb266a | | name | vsvip1 | | vip[1] | | | vip_id | 1 | | ip_address | 10.10.10.120 | | enabled | True | | discovered_networks[1] | | | network_ref | network1 | | subnet[1] | 10.10.10.0/24 | | auto_allocate_ip | True | | auto_allocate_floating_ip | False | | avi_allocated_vip | False | | avi_allocated_fip | False | | ipam_network_subnet | | | network_ref | network1 | | subnet | 10.10.10.0/24 | | auto_allocate_ip_type | V4_ONLY | | prefix_length | 32 | | vrf_context_ref | global | | east_west_placement | False | | tenant_ref | admin | | cloud_ref | Default-Cloud | +-----------------------------+--------------------------------------------+
Allocating different IPAM Ranges for SEs and Virtual IPs
You can specify whether a set of static IPs is used for SE vNIC only, or for VIP only or for both. For any given subnet, only the following configurations are supported:
IP range(s) for VIP and/or IP range(s) for SE
IP range(s) for both
The system will display an error message if a subnet contains an IP range for both and an IP range for either VIP or SE.
Using the UI
The following are the steps to allow separate IP range configurations for VIP and SE:
From the NSX Advanced Load Balancer UI, navigate to .
Click Edit.
In the Edit Network Settings screen, disable Use Static IP Address for VIPs and SE option. If you select this option, the IP ranges will be used for both VIPs and SE.
In the Networks Overview page, click an existing network to show the various configured static IP ranges. The combined free/total IP counts of all the
ip_range_runtimesin the subnet are shown next to the subnet prefix.
Using the CLI
Specify a static IP address range in the static_ip_ranges field and also how the IP ranges will be allocated.
The following is the static_ip_ranges configuration:
configure network vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026 [admin:1234]: network> configured_subnets prefix 100.64.34.0/24 [admin:1234]: network:configured_subnets> static_ip_ranges New object being created [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.100 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end 100.64.34.110 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_vip [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets> static_ip_ranges [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.140 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.150 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_vip [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets> static_ip_ranges [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.240 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.250 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_se [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets> static_ip_ranges [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.195 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.195 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_se [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges>save [admin:1234]: network:configured_subnets>save
Within
ip_range_runtimes, the allocated IPs are stored inside theallocated_ipsfield (previously named asip_allocated).Inside an allocated IP, the
macfield has been renamed toobj_infoand these_reffield has been renamed toobj_ref.By default, the option
STATIC_IPS_FOR_VIP_AND_SEis configured as the type of allocation. When upgrading the NSX Advanced Load Balancer, all existingstatic_ipsandstatic_rangeswill be converted tostatic_ip_rangeswith typeSTATIC_IPS_FOR_VIP_AND_SE.The fields
static_ipsand static_ranges are deprecated.The field
typeis introduced, to specify how the IP range will be allocated.
The static_ip_ranges configuration is as shown below:
configure network vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026 [admin:1234]: network> configured_subnets prefix 100.64.34.0/24 [admin:1234]: network:configured_subnets> static_ip_ranges New object being created [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.100 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end 100.64.34.110 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_vip [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets> static_ip_ranges [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.140 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.150 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_vip [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets> static_ip_ranges [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.240 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.250 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_se [admin:1234]: network:configured_subnets:static_ip_ranges> save [admin:1234]: network:configured_subnets> static_ip_ranges [admin:1234]: network:configured_subnets:static_ip_ranges> range begin 100.64.34.195 [admin:1234]: network:configured_subnets:static_ip_ranges:range> end end 100.64.34.195 [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges> type static_ips_for_se [admin:1234]: network:configured_subnets:static_ip_ranges:range> save [admin:1234]: network:configured_subnets:static_ip_ranges>save [admin:1234]: network:configured_subnets>save
The following is the configured network:
+----------------------------+--------------------------------------------------------------+ | Field | Value | +----------------------------+--------------------------------------------------------------+ | uuid | dvportgroup-233-cloud-4b5fd097-0a9a-444f-b328-1f016eb99987 | | name | vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026 | | vcenter_dvs | True | | vimgrnw_ref | vxw-dvs-34-virtualwire-33-sid-2140032-wdc-02-vc14-avi-dev026 | | dhcp_enabled | True | | exclude_discovered_subnets | False | | configured_subnets[1] | | | prefix | 100.64.34.0/24 | | static_ip_ranges[1] | | | range | | | begin | 100.64.34.100 | | end | 100.64.34.110 | | type | STATIC_IPS_FOR_VIP | | static_ip_ranges[2] | | | range | | | begin | 100.64.34.200 | | end | 100.64.34.210 | | type | STATIC_IPS_FOR_VIP | | static_ip_ranges[3] | | | range | | | begin | 100.64.34.140 | | end | 100.64.34.150 | | type | STATIC_IPS_FOR_SE | | static_ip_ranges[4] | | | range | | | begin | 100.64.34.240 | | end | 100.64.34.250 | | type | STATIC_IPS_FOR_SE | | static_ip_ranges[5] | | | range | | | begin | 100.64.34.195 | | end | 100.64.34.195 | | type | STATIC_IPS_FOR_SE | | vrf_context_ref | global | | synced_from_se | True | | ip6_autocfg_enabled | False | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+--------------------------------------------------------------+
The subnet_runtime field under Network runtime has also been modified. The IP allocation and IP count information will be stored inside ip_range_runtimes field. The fields ip_alloced, total_ip_count, used_ip_count, and free_ip_count under subnet_runtime are deprecated. Each ip_range_runtimes entry will contain the combined IP allocation and count information for all static IP ranges of a particular type (SE, VIP, or both).
Internal IPAM for VIP Labels
You can use specific sets of networks from the IPAM profile for VIP allocation. Labels are added to both the usable networks in the IPAM profile and the vsvip.
This feature is currently supported only through the CLI/ API.
The usable networks and vsvip are matched as shown below:
A
vsvipwith label X can only use networks in the IPAM profile with label X.A
vsvipwith no labels can use any network in the IPAM profile (with and without labels).
The labels for the networks in the IPAM profile is configured inside the profile’s usable_networks field. The labels on the vsvip is configured inside the ipam_selector field.
Log in to the Controller and configure internal IPAM for VIP labels as shown below:
[admin:1234]: > configure vsvip vsvip1 [admin:1234]: vsvip> vip vip_id 1 New object being created [admin:1234]: vsvip:vip> auto_allocate_ip [admin:1234]: vsvip:vip> save [admin:1234]: vsvip> ipam_selector [admin:1234]: vsvip:ipam_selector> type selector_ipam [admin:1234]: vsvip:ipam_selector> labels New object being created [admin:1234]: vsvip:ipam_selector:labels> key key2 [admin:1234]: vsvip:ipam_selector:labels> value value2 [admin:1234]: vsvip:ipam_selector:labels> save [admin:1234]: vsvip:ipam_selector> save [admin:1234]: vsvip> save
The usable_networks_refs field under internal_profile has been deprecated. To add networks, use the usable_networks field.
Changing an existing usable network’s labels or vsvip’s labels is allowed, and does not affect existing allocations. The new labels will be applicable for new allocations.
Only one label will be supported per usable network and per vsvip.
