In the first post of this series, I discussed the design patterns that are supported for NSX ALB integration with VCD.
In this post, I will share the steps of the NSX ALB & Infra configuration, before implementing the supported designs.
Step 1: Configure NSX-T Constructs
1a: Deploy a couple of new Edge nodes to place the Tier-0 gateway that you will be creating for the NSX ALB consumption.
Associate the newly deployed edge nodes with the existing Edge Cluster.
1b: Create a Tier-0 and configure BGP. Also, ensure that Tier-1 connected segments are allowed to be redistributed via BGP.
1c: Create a Tier-1 gateway and associate it with the Tier-o gateway that you created in the previous step.
Ensure that the tier-1 gateway is configured to redistribute connected routes to the tier-0 gateway.
1d: Create a DHCP-enabled logical segment for the Service Engine management and connect the segment to the tier-1 gateway which you created in the previous step.
Please note that for creating DHCP-enabled segments, you need to have a DHCP profile created in NSX-T and associated with the Tier-1 gateway. Instructions for configuring DHCP in NSX-T is documented here
Step 2: Deploy & Configure NSX Advanced Load Balancer
In this step, you have to configure the following tasks:
1a: Deploy NSX ALB Controller node.
2a: Configure Admin credentials for the controller nodes.
2c: Configure DNS settings for the controller nodes.
2d: Configure the Multi-Tenant option with the following settings:
- Share IP route domain across tenants.
- Service Engines are managed within the provider context.
- Tenant has Read Access to Service Engines.
2e: Configure licensing.
2f: Change NSX ALB default certificate. Steps are here
I am not including screenshots for the above steps as I had previously written a blog post on the NSX ALB initial configuration.
2g: Configure NSX-T cloud in the controller.
Navigate to Infrastructure > Cloud > Create > NSX-T Cloud
- Provide a name for the NSX-T Cloud.
- Ensure DHCP is selected.
- Specify Object name prefix.
- Provide NSX-T manager IP address and specify NSX-T credentials.
After punching NSX-T credentials, click on the connect button.
- On a successful connection, you will get to choose the transport zone. Select overlay transport zone here.
- For the management network segment for Avi SE VM, select the Tier-1 gateway and the logical segment that we created previously.
Add the compute vCenter Server in the NSX-T cloud. Leave the IPAM/DNS empty for now.
Step 3: Register NSX ALB in VCD
This section assumes that you have VCD deployed and the following items are already configured:
- vCenter is registered.
- PVDC is created.
- Network Pool/External Networks are created.
- NSX-T is registered in VCD.
- An organization for a tenant is provisioned and an Edge gateway is deployed with a routed network created for application connectivity with the outside world.
Login to VCD with System Admin credentials and navigate to Resources > Infrastructure Resources > NSX-ALB > Controllers and click on Add button.
Click on the Trust button to add the NSX ALB certificate in the trusted store of VCD.
Import NSX-T cloud in NSX ALB by navigating to Resources > Infrastructure Resources > NSX-ALB > NSX-T Cloud and clicking on the ADD button.
NSX ALB is now fully integrated with VCD.
The next step is to import Service Engine Groups in VCD. I’ll go over this in more detail in my next post, as I need to demonstrate the two design patterns that NSX ALB supports for VCD.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.
Pingback: Container Service Extension 4.0 on VCD 10.x – Part 2: NSX Advanced Load Balancer Configuration