In the previous post of this series, I discussed Avi controller deployment and basic configuration. It’s time to integrate NSX-T with NSX ALB. High-level steps of NSX-T integration can be summarized as below:
- Create a Content Library in vCenter
- Deploy a Tier-1 gateway for Avi Management.
- Create Logical Segments in NSX-T for Avi SE VM’s.
- Create credentials for NSX-T and vCenter in Avi.
- Register NSX-T with Avi Controller.
- Create an IPAM profile.
Let’s get started.
Create a Content Library in vCenter
Deployment of Avi Service Engine VM’s is done automatically by Avi Controller when we create Virtual Service. For this to work, an empty content library needs to be created in vCenter server as the controller pushes Avi SE ova into the content library and then deploys the SE VM’s.
Deploy Tier-1 gateway for Avi Management
You can use the existing Tier-1 gateway or can deploy a new one (dedicated) for Avi management. In my lab I have deployed a new Tier-1 gateway.
For the newly created Tier-1 gateway, ensure that:
- It’s connected to the Tier-0 gateway.
- Tier-1 is instantiated on Edge Cluster.
- Connected Segments is selected for Route Advertisement.
Create Logical Segments for Avi SE VM’s
We need to create 2 new logical segments for Avi. One for Service Engine VM management and the other for data.
Avi SE Management network needs to be DHCP enabled, so we have to first create a DHCP profile.
DHCP profile can be created by navigating to Networking > IP Management > DHCP > Add DHCP Profile.
Provide a name for the DHCP profile and select the edge cluster. Leave Server IP Address blank as NSX-T will assign IP automatically.
Create a new logical segment for Avi SE VM management and:
- Attach it to the Tier-1 gateway which we created earlier.
- Connect the segment to the overlay transport zone.
- Click on Set DHCP Config to enable DHCP for this segment.
- Select DHCP type as ‘Local DHCP Server‘ and select the profile which we created in the previous step.
- Enable ‘DHCP Config’ option and provide the IP address of the DHCP server. This will be a free IP from the subnet you have configured for Avi SE Management LS.
- Specify DHCP range and DNS server. Avi SE VM’s when deployed will get their management IP address from this pool.
Create a new segment for the Avi SE VM Data path. This segment need not be DHCP enabled.
Below screenshot shows the two logical segments from my lab.
Create credentials for NSX-T and vCenter
Credentials for NSX-T and vCenter can be created on the fly when configuring NSX-T and vCenter integration with Avi Controller or they can be created in advance.
To create a new credential, login to Avi Controller web interface and navigate to Administration > User Credentials and click on Create.
Provide a name for the credential and select Credentials Type as vCenter. Punch in the credentials for the vCenter server that you wish to integrate with Avi Controller.
Repeat the process for creating NSX-T credentials.
Register NSX-T with Avi Controller.
To register NSX-T with Avi Controller, login to Avi Controller and navigate to Infrastructure > Clouds > Create > NSX-T Cloud.
- Provide a name for the NSX-T Cloud.
- Ensure DHCP is selected.
- Specify Object name prefix. Avi controller is going to create few objects in NSX-T using this prefix. Note that hyphen is not supported in prefix name.
- Provide NSX-T manager IP address and select the credentials which we created in the previous step.
After punching NSX-T related details, click on Connect.
- On a successful connection, you will get to choose the transport zone. Select overlay transport zone here.
- For the management network segment for Avi SE VM, select the Tier-1 gateway and the logical segment that we created previously.
- For Data Network, click on Add and again select Tier-1 gateway and correct logical segment.
To add vCenter server with Avi Controller, click on Add.
Provide name for the vCenter server. If we have vCenter already integrated with NSX-T, we should find vCenter IP address in the drop-down menu.
Select VC credentials that we created earlier and click on connect. After a successful connection, you will get to choose the content library that you created earlier.
Leave IPAM Profile empty as of now and hit save.
Note: IPAM profile needs to be populated later.
The status of the newly added NSX-T cloud will change to green in some time.
Configure Networks for IPAM
Navigate to Infrastructure > Network and select the NSX-T Cloud that you created earlier.
Select the SE data network and click on edit.
Click on Add Subnet to specify the IP subnet corresponding to this network.
Uncheck DHCP Enabled and IPv6 Auto Configuration check boxes.
Set IP subnet and specify IP Pool and hit save.
Hit save again.
Next, we have to add the default route for the SE Data/VIP. Navigate to the Routing tab and select the NSX-T CLOUD.
Select Static Route and click on create under the VRF Context of your Tier-1 gateway.
Specify Data Network gateway as next hop for all traffic.
Next, we have to create an IPAM profile.
Navigate to Templates > Profiles > IPAM/DNS Profiles > Create > IPAM Profile
Provide a name for the IPAM profile and select type as Avi Vantage IPAM. Ensure that ‘Allocate IP in VRF‘ is selected.
Click on Add Usable Network.
Select NSX-T Cloud and the logical segment corresponding to the Avi SE data network and hit save.
Now it’s time to populate the IPAM profile in the NSX-T cloud instance that we created earlier.
Navigate to Infrastructure > Clouds and edit the NSX-T Cloud instance.
Under IPAM profile, select the profile which we created in the previous step and hit save.
And that completes the integration between Avi Controller and NSX-T.
In the next post of this series, I will demonstrate a very basic load balancing functionality of Avi where I will load balance 2 apache servers that are connected to the overlay segment.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂