Table of Contents
VMC on AWS is an easy way to consume VMware SDDC on the go. Spinning up infrastructure was never been so easy.
NSX-T is one of the critical pieces of the SDDC and equips customers to use core networking features such as
- Routing/Switching (North-South & East-West).
- Firewall (Gateway & Distributed).
- VPN (Policy & Route Based)
- Load Balancer (Edge Based)
Applications are becoming complex day by day. High availability and load balancing are a must for these complex applications.
Although NSX-T Edge based load balancer is pretty good, but it doesn’t offer the next generation load balancer features. There were competitors like F5 and Netscaler in the market who were providing advanced load balancing features with their products. VMware stepped into the next-gen load balancer arena via the acquisition of Avi Networks who were doing great work in this field. Avi Networks has been rebranded to NSX Advanced Load Balancer now.
Avi Load Balancer (NSX ALB) integration with VMC on AWS is fully supported now. In the last 2 blog posts, I demonstrated how to manually deploy Avi Load Balancer in VMC on AWS. You can read the articles from the below links:
1: Load Balancing With Avi Load Balancer in VMC on AWS-Part 1
2: Load Balancing With Avi Load Balancer in VMC on AWS-Part 2
In this post, I will introduce you to an awesome way of deploying the same in a fully automated way. Hang tight!!!
VMware released a fling last week named EasyAvi and this fling is developed by a joint effort from Nicolas Vibert Nicolas Bayle and Antoine Deleporte
An official announcement about this fling is published on Nicolas Vibert blog
For me, this fling just came out at the right time as I was testing Avi deployment in VMC on AWS. I am probably one of the first customers who used this fling.
I had few hiccups in using this fling initially, but I got in touch with Nicolas Bayle who helped me through the deployment and he was very kind enough to answer all my questions and very happy to take feedback from me.
Enough talks….let’s jump into the lab and see this awesome fling in action.
Pre-Requisites
Before attempting to deploy EasyAvi, please make sure the following pre-requisites are met.
- SDDC in VMC on AWS is deployed and firewall rules are configured for SDDC Access.
- API Token is generated.
- Logical Segments for Avi LB (Mgmt & VIP) and workloads are provisioned.
Generate VMC API Token
If you have not generated the token ever, then you can follow the below steps to do so.
Login to VMware Cloud Service Portal and navigate to My account > API Tokens and click on Generate a New API Token
- Provide a name for the token.
- Specify Token TTL.
- Define the scope for the token.
Make a note of the generated token as we need this in the EasyAvi configuration.
Deploy EasyAvi Appliance
EasyAvi is available in ova format and can be downloaded from here
EasyAvi ova deployment is pretty simple like any other VMware appliance, so I am not covering the deployment steps here.
Note: For ease of deployment, you can create a jump box in your SDDC so that you can access infrastructure components locally.
Once the EasyAvi appliance is deployed and boots up, connect to the appliance by typing https://<EasyAvi-FQDN or IP>/
Currently, EasyAvi can be used to deploy Avi LB in VMC on AWS only. Support for other cloud providers and On-Prem deployment will be coming out soon.
Click on the Deploy button to start.
On the credentials page, supply the API token that you generated earlier.
EasiAvi appliance authenticates against Cloud Service Portal via the API Token and discovers the Orgs that you are subscribed to.
Select the SDDC where you want to deploy Avi Load Balancer and hit next.
Configure Avi General Settings. I opted out to keep Avi Controllers on Public IP.
Customize Avi SE settings as per your need.
EasyAvi can deploy test applications (web server) for you to see the load balancer in action. If you don’t want to deploy test servers and want to deploy your own applications, you can turn off the “Deploy a test application” option and related settings.
On the Networking page, select the appropriate logical segments that you have created for your Avi deployment.
Important: Word of caution here if you are using DHCP on your VIP logical segment and have specified DHCP pool for this segment. The IP address pool that you select here should be excluded from the DHCP pool or you will run into an issue. I will explain this in the troubleshooting section to follow.
On the Avi Image management page, Accept EULA and hit submit button to start the deployment.
You also have to supply myvmware credentials to download the Avi software.
And immediately you will see EasyAvi in Action.
Click on Apply button so that the appliance configuration can be applied.
It takes roughly 30-40 minutes for the deployment to complete. What do you get in the end?
- Avi Controller deployed.
- Avi SE engines deployed.
- Server Pool created and Virtual Server configured with VIP address.
To test the deployment, hit the Application Public IP address and verify that you are hitting both the web servers that EasyAvi has deployed for you.
Troubleshooting EasyAvi Deployment
1: How do I clean up a failed deployment?
When I tried the deployment for the first time, it failed because an ova can’t be uploaded to the Content Library which EasyAvi automation creates. I tried the deployment workflow again and it failed and complained about items (Categories, Tags, Content Library) that already exist.
Sample Error
1 2 3 4 5 6 7 8 9 10 11 12 |
Error: error creating folder: ServerFaultCode: The name 'Avi-Controllers' already exists. on vsphere_infrastructure.tf line 36, in resource "vsphere_folder" "folderController": 36: resource "vsphere_folder" "folderController" { Error: error creating folder: ServerFaultCode: The name 'Avi-Apps' already exists. on vsphere_infrastructure.tf line 42, in resource "vsphere_folder" "folderApp": 42: resource "vsphere_folder" "folderApp" { Error: could not create category: 400 Bad Request: {"type":"com.vmware.vapi.std.errors.already_exists","value":{"error_type":"ALREADY_EXISTS","messages":[]}} on vsphere_infrastructure.tf line 65, in resource "vsphere_tag_category" "ansible_group_controller": 65: resource "vsphere_tag_category" "ansible_group_controller" { |
If you run into a failed deployment, don’t delete anything manually. EasyAvi has a cleanup script for you located in directory: /root/flingAviVmc/easyAvi/vmc/<sddc-id>/baseline.
You can run the destroy.sh script to cleanup failed/successful deployment.
2: Caution with DHCP Pool
If you have configured the DHCP pool on the logical segments that will be used for the Avi SE VIP configuration, then plan the pool carefully. This pool shouldn’t contain IP Addresses that you have provided as VIP pool in step-7 of the deployment wizard, else you are going to get an IP conflict in your deployment.
An example error has been shown below.
1 |
"\"Error 400 Msg {\"error\": \"Configured IP 192.168.36.100 is conflicting with SE interface ip of SE 192.168.35.13 (se-0050568355bf)\"}" |
3: Screen Freeze issue in 2nd deployment.
In my environment, my first deployment has failed and I have cleaned up the failed deployment to start over again. This time EasyAvi automation doesn’t download the Avi software from the portal again as it’s already downloaded. This is to speed up the deployment.
But once I clicked on submit button, the screen froze on the download page and nothing was happening. Then I ran journalctl -u easyavi -f command to see what’s going in the background.
There was no activity in the logs. So to fix this issue, I moved the controller-20.1.4.ova to an alternate location and kicked the deployment wizard again and this time everything went smoothly.
Update: Version 1.2.4 of the EasyAvi appliance has included fix of Problem# 1 & 2.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂