In the previous post of this series, I discussed Avi controller deployment and basic configuration. It’s time to integrate NSX-T with NSX ALB. High-level steps of NSX-T integration are summarized below:
- Create a Content Library in vCenter
- Deploy a Tier-1 gateway for Avi Management.
- Create Logical Segments in NSX-T for Avi SE VMs.
- Create credentials for NSX-T and vCenter in Avi.
- Register NSX-T with Avi Controller.
- Create an IPAM profile.
Let’s get started.
Create a Content Library in vCenter
Deployment of Avi Service Engine VMs is done automatically by the Avi Controller when we create a Virtual Service. For this to work, a content library must be created in the vCenter server as the controller pushes the Avi SE OVA into the content library and then deploys the SE VMs.
Deploy Tier-1 gateway for Avi Management
You can use the existing Tier-1 gateway or deploy a new one (dedicated) for Avi management. In my lab, I have deployed a new Tier-1 gateway.
For the newly created Tier-1 gateway, ensure that:
- It’s connected to the Tier-0 gateway.
- Tier-1 is instantiated on the Edge Cluster.
- Connected Segments is selected for Route Advertisement.
Create Logical Segments for Avi SE VMs
We need to create 2 new logical segments for Avi—one for service engine VM management and the other for data.
The Avi SE Management network needs to be enabled for DHCP, so we first need to create a DHCP profile.
A DHCP profile can be created by navigating to Networking > IP Management > DHCP > Add DHCP Profile.
Provide a name for the DHCP profile and select the edge cluster. Leave the server IP address blank as NSX-T will assign an IP automatically.
Create a new logical segment for Avi SE VM management and:
- Attach it to the Tier-1 gateway that you created earlier.
- Connect the segment to the overlay transport zone.
- Click on Set DHCP Config to enable DHCP for this segment.
- Select the DHCP type as ‘Local DHCP Server‘ and select the profile that you created in the previous step.
- Enable the ‘DHCP Config’ option and provide the IP address of the DHCP server. This will be a free IP from the subnet you have configured for Avi SE Management LS.
- Specify the DHCP range and DNS server. Avi SE VMs, when deployed, will get their management IP address from this pool.
Create a new segment for the Avi SE VM Data path. This segment need not be DHCP enabled.
The screenshot shows the two logical segments from my lab.
Create credentials for NSX-T and vCenter
Credentials for NSX-T and vCenter can be created on the fly when configuring NSX-T and vCenter integration with Avi Controller, or they can be created in advance.
To create a new credential, login to the Avi Controller web interface, navigate to Administration > User Credentials, and click Create.
Provide a name for the credential and select Credentials Type as vCenter. Punch in the credentials for the vCenter server that you wish to integrate with the Avi Controller.
Repeat the process for creating NSX-T credentials.
Register NSX-T with Avi Controller.
To register NSX-T with Avi Controller, login to Avi Controller and navigate to Infrastructure > Clouds > Create > NSX-T Cloud.
- Provide a name for the NSX-T Cloud.
- Ensure DHCP is selected.
- Specify the object name prefix. The Avi controller is going to create a few objects in NSX-T using this prefix. Note that a hyphen is not supported in the prefix name.
- Provide the NSX-T manager IP address and select the credentials that you created in the previous step.
Click Connect.
- On a successful connection, you will get to choose the transport zone. Select the overlay transport zone here.
- For the management network segment for the Avi SE VM, select the Tier-1 gateway and the logical segment that we created previously.
- For the Data Network, click on Add and again select Tier-1 gateway and the correct logical segment.
To add a vCenter server with the Avi Controller, click on Add.
Provide a name for the vCenter server. If we have vCenter already integrated with NSX-T, we should find the vCenter IP address in the drop-down menu.
Select the VC credentials that we created earlier and click on connect. After a successful connection, you will get to choose the content library that you created earlier.
Leave the IPAM profile empty as of now and hit save. The IPAM profile must be attached later.
The status of the newly added NSX-T cloud will change to green in some time.
Configure Networks for IPAM
Navigate to Infrastructure > Network and select the NSX-T Cloud that you created earlier.
Select the SE data network and click on edit.
Click on Add Subnet to specify the IP subnet corresponding to this network.
Uncheck the DHCP Enabled and IPv6 Auto Configuration check boxes.
Set the IP subnet and specify the IP pool, and hit save.
Hit save again.
Next, we have to add the default route for the SE Data/VIP. Navigate to the Routing tab and select the NSX-T CLOUD.
Select Static Route and click on Create under the VRF Context of your Tier-1 gateway.
Specify the Data Network Gateway as the next hop for all traffic.
Next, we have to create an IPAM profile.
Navigate to Templates > Profiles > IPAM/DNS Profiles > Create > IPAM Profile
Provide a name for the IPAM profile and select the type as Avi Vantage IPAM. Ensure that ‘Allocate IP in VRF‘ is selected.
Click on Add Usable Network.
Select NSX-T Cloud and the logical segment corresponding to the Avi SE data network and hit save.
Now it’s time to populate the IPAM profile in the NSX-T cloud instance that we created earlier.
Navigate to Infrastructure > Clouds and edit the NSX-T Cloud instance.
Under the IPAM profile, select the profile that we created in the previous step and hit save.
And that completes the integration between Avi Controller and NSX-T.
In the next post of this series, I will demonstrate the load-balancing functionality of Avi, where I will load balance 2 Apache servers that are connected to the overlay segment.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.