Planning and Preparation for Load Balancing as a Service in VMware Cloud Director #
Introduction #
Before you start implementing the Load Balancing as a Service in VMware Cloud Director solution, you must set up an environment that has a specific compute, storage, and network configuration and that provides external services to the components of the solution.
Requirements #
Software #
To implement load balancing as a service with VMware Cloud Director, your software versions must meet the requirements specified in the VMware Product Interoperability Matrix.
Resources #
Before you deploy NSX Advanced Load Balancer, you must provide sufficient compute and storage resources to meet the footprint requirements of the Controller cluster and the Service Engines.
Networking #
This load balancing as a service solution is based on several management virtual appliances that require to be deployed in a management infrastructure. Latency requirements are critical to guarantee proper functioning and performance:
- Latency among Avi controllers – Less than 10 ms
- Latency between any Avi SE to any Avi Controller – Less than 75 ms recommended
- Latency between Avi Controller and NSX-T Manager – Less than 10 ms recommended
- Best practice is to co-locate in the same port group/management infrastructure as NSX-T
- Latency between Avi Controller and VMware Cloud Director – Best practice is to have have VCD cells in the same management infrastructure as NSX-T manager and Avi Controller
The Avi Controller and service engines use several ports for management and control communication: Protocol Ports Used by Avi Vantage for Management Communication.
The firewall should allow traffic for these ports.
Preparation #
The solution comprises of the Avi Controller which uses APIs to interface with the NSX-T manager and vCenter to discover the infrastructure. It also manages the lifecycle and network configuration of the service engines.
The NSX-T Cloud is the object that permits the integration with the NSX-T manager and the vCenter server(s).
The user accounts configured on the Avi Controller require the following roles and permissions for the integration to work successfully:
vSphere #
When using an NSX-T Cloud, the Avi Controller uploads the service engine image to the content library on the vCenter server and uses this to create new virtual machine every time a new service engine is required. The content library must be created on vCenter before configuring the NSX-T cloud.
NSX-T #
The first network adapter of the service engine VM is reserved for management connectivity, and the remaining 9 data interfaces (network adapter 2 to 10) for the service engine VM to the VIP or data segment.
The Avi SE management interface can be connected to an overlay (recommend) or a VLAN logical segment. When connected to an overlay segment, it also needs a tier-1 gateway to provide external connectivity to be able to reach the Avi controller management IP. It is recommended to have a dedicated tier-1 gateway and segment for Avi service engine management.
If VLAN-backed logical segments are used instead of overlay transport zone for the management network in the NSX-T Cloud, refer to this page: NSX-T VLAN Logical Segment.
Regardless of the solution (overlay or VLAN segment for the SE management network), the NSX-T topology must be created upfront the NSX-T Cloud configuration. In the case of overlay segment for the SE management network:
- Create a tier-1 gateway that will be used to connect the SE management network.
- Create 2 overlay segments: one for the management network, and one as a dummy data network segment.
- Enable DHCP Server at the tier-1 gateway level and configure DHCP on the management segment.
More details here: Configuring Management Networking for SE.
Next Steps #
One the environment is ready, you can proceed with the VMware NSX Advanced Load Balancer deployment and configuration in combination with VMware Cloud Director to provide Load Balancing as a Service: Load Balancing as a Service in VMware Cloud Director.