The NSX Advanced Load Balancer is also known as VMware® Avi™ Load Balancer. From NSX Manager you can form an Avi controller cluster comprising of three NSX Advanced Load Balancer appliances. Objects, such as virtual services, profiles, pools and pool groups, that you later create in the Avi Load Balancer UI will need access to a management network. Use the controller cluster to provide these objects access to a management network.

The VMware NSX Advanced Load Balancer is a distributed and highly scalable cloud-native application distribution solution. Starting with NSX version 3.2, you can deploy and configure the NSX Advanced Load Balancer (AVI) using NSX Manager. The existing NSX Load balancer will be deprecated. The NSX Manager UI provides a single UI to install and manage all NSX components.

Important: NSX Advanced Load Balancer(Avi Load Balancer) does not support deploying an appliance using an IPv6 address through the NSX Manager UI. However, you can deploy the controller appliance using an IPv6 address directly from a vCenter Server.

Prerequisites

  • Supported Avi controller versions: 20.1.7, 21.1.2 or later versions
  • Reserve four IP addresses (same subnet) in the management network to be assigned to the three controller appliances and one to the Virtual IP of NSX Advanced Load Balancer appliance cluster.
  • Cluster VIP and all controllers management network must be in same subnet.
  • Download the controller OVA from Broadcom Support page. To know more about downloading the controller OVA image, see https://kb.vmware.com/s/article/82049.

Procedure

  1. From a browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address> or https://<nsx-manager-fqdn>.
    Note: You must log in with enterprise privileges. You cannot install NSX Advanced Load Balancer controller nodes with only load balancer privileges.
  2. Select System > Appliances > NSX Advanced Load Balancer.
  3. Click Set Virtual IP and enter the VIP for the cluster. It is mandatory to set a VIP for the cluster.
    Note: Verify that the virtual IP address you set is correct. If you set an incorrect cluster virtual IP address, then NSX Manager, API clients and end users cannot access the NSX Advanced Load Balancer controller. The only workaround is to delete all appliances and reconfigure the cluster with correct virtual IP address before proceeding with deployment.
  4. Click Save.
  5. Select the Add NSX Advanced Load Balancer card.
  6. Choose the Upload OVA File or Remote OVA Link option.
  7. Enter the URL and click Upload. Wait for the upload to finish.
    Note:
    • If instead of the Upload OVA File option, the active bundle version is seen with a message to log in to the appliance, then directly log in to the appliance to upload the load balancer.
    • OVA upload can fail if the OVA file version being uploaded is different from the already deployed OVA files. For example, the second or third OVA deployment version is different from the first OVA deployment.
  8. In the Add Appliance wizard, enter the deployment parameters for the first NSX Advanced Load Balancer apppliance.
  9. Click Upload.
  10. On the Add Appliance window, configure these fields:
    Field Description
    Hostname Enter a valid hostname or FQDN (preferred) for the appliance. To enter a hostname that resolves to a FQDN, contact the DNS owner.
    Management IP/Netmask Enter a static IP address for the management IP address and netmask.

    For example, 192.168.1.2/22
    Management Gateway Enter a static IP address for the management gateway. The management gateway is used by NSX Advanced Load Balancer controller to communicate with NSX Manager and other NSX objects.
    DNS Server Enter the IP address of the DNS server.
    NTP Server Enter the IP address of the NTP server.
    Node Size Select the node size you want to deploy based on the requirements of your network.
    Supported node sizes are:
    • Small: 8 vCPU, 24 GB RAM, 128 GB storage
    • Medium: 16 vCPU, 32 GB RAM, 256 GB storage
    • Large: 24 vCPU, 48 GB RAM, 512 GB storage
  11. Click Next.
  12. On the Configuration window, configure these fields:
    Field Description
    Compute Manager Select a compute manager that registers the appliance.
    Compute Cluster Select a compute cluster where appliance will be deployed.
    Resource Pool (Optional) Select a resource pool that will be used during appliance deployment.
    Host Select a host where appliance will be deployed.
    Note: Select either a host or a resource pool as storage location for deployment.
    Datastore Select a datastore that will be provide storage capacity for appliance.
    Virtual Disk Format By default, the Thin Provision format is selected.

    However, you can select a format that is feasible in your environment.
    Network Click Select Network to select the port group that will provide network connectivity to the appliance.
    Note: If incorrect compute manager details are provided, deployment fails. As a workaround, you must force delete the deployment and redeploy the appliance by providing the correct compute manager details.
  13. Click Next.
  14. On the Access & Credentials window, enter an admin password that complies with the required complexity.
    Important: Enter the same password when deploying all the controllers.
  15. (Optional) In the SSH Key field, enter the private key of the SSH key pair to access controller using SSH key.
  16. Click Install Appliance.

    Do not try to delete the controller when NSX is registering the controller.

  17. Follow steps 1-14 to deploy the second and third appliance.
    Note: Cluster formation only happens after the third appliance is deployed.
  18. If clustering fails on the deployed controller nodes, the NSX Advanced Load Balancer displays an error message. Click Start Clustering to retrigger clustering of the deployed controller nodes. If clustering still fails, force delete the controller and reinstall it again.
    NSX forms a cluster of the deployed controller nodes.

Results

NSX Advanced Load Balancer appliance controller cluster is deployed successfully and UI shows cluster status as Stable. Verify that the NSX Advanced Load Balancer controller cluster UI is accessible using its VIP, https://<vip-fqdn>.

What to do next

(Optional) Install portal certificate for ALB controllers.

  • Run the following API to create a portal Certificate Signing Request (CSR) for ALB controller.

POST /alb/controller-nodes/certificate/csr

Payload:
{
      "common_name": "avi",
      "email": "[email protected]",
      "organization": "vm",
      "organization_unit": "VM",
      "locality": "BLR",
      "country": "IN",
      "state_name": "KA",
      "subject_alt_names": [
          "10.50.50.28"
      ],
      "algorithm": "SSL_KEY_ALGORITHM_RSA",
      "key_size": "SSL_KEY_2048_BITS"
}

Response:
{
      "name": "System-Portal-Cert-e8abab64",
      "csr": "-----BEGIN CERTIFICATE REQUEST -------- END CERTIFICATE REQUEST-----"
}

  • (Optional) Run the following API to install and update portal certificate in ALB Controller.

POST /alb/controller-nodes/certificate/install

Payload:
{
      "name": "System-Portal-Cert-e8abab64",
      "cert": "-----BEGIN CERTIFICATE -------- END CERTIFICATE-----"
}
Response:
{
      "name": "System-Portal-Cert-14:58:30",
      "cert": "-----BEGIN CERTIFICATE -------- END CERTIFICATE-----"
}

After successfully deploying NSX Advanced Load Balancer appliance cluster, configure a NSX Cloud Connector in the AVI UI and then configure virtual services that will load balance traffic across servers.

For troubleshooting installation issues related to NSX Advanced Load Balancer appliance cluster, see Troubleshooting NSX Advanced Load Balancer Controller Issues.

To know the best practices to install and run NSX Advanced Load Balancer, see the following link, https://communities.vmware.com/t5/VMware-NSX-Documents/NSX-Advanced-Load-Balancer-by-Avi-Networks-NSX-T-Integration/ta-p/2890567.

Note: Starting with NSX 3.2.2, you can deploy NSX Advanced Load Balancer controller from the NSX Manager. However, you need to log in to the AVI controller to configure and consume load balancer services.

In upgraded environments such as 3.2.0 or 3.2.1 to 3.2.2 or higher with advanced load balancer activated, deactivate the NSX Advanced Load Balancer by clicking Deactivate NSX-T ALB in the banner message on the UI. For more detals, see the NSX Administration Guide.

If the environment is running NSX Load Balancer, use NSX to Avi Migration Tool to migrate from NSX LB to NSX Advanced Load Balancer. See the AVI documentation.