Page 1 of 19 - avinetworks.com · Vantage optimizes core web-site functions, including SSL...

Avi Networks — Technical Reference (16.3)Installing Avi Vantage for VMware vCenter

Copyright © 2018 Avi Networks, Inc. of 19

view onlineInstalling Avi Vantage for VMware vCenter

This guide describes how to integrate Avi Vantage into a VMware vCenter cloud. Starting with 16.3, a single Avi Controller cluster can support multiple concurrent vCenter clouds.

Avi Vantage is a software-based solution that provides real-time analytics as well as elastic application delivery services. Avi Vantage optimizes core web-site functions, including SSL termination and load balancing.

Note: * After completing the deployment process, click to learn how to create virtual services. * Avi Vantage may be heredeployed with a VMware cloud in either no access, read access, or write access mode. Each mode results in escalating functionality and automation, but also requires higher levels of privilege for the Avi Controller within VMware vCenter. For more information, please see . * Deployment in is recommended. It is the quickest and easiest this article write access modeway to deploy and offers the highest levels of automation between Avi Vantage and vCenter. * Prior to Avi Vantage 16.3, Service Engines deployed manually by the Avi administrator in No Orchestrator or VMware vCenter read access clouds required the user to download a unique copy of the Service Engine image for each cloud configured in the system. Starting from 16.3 release, the Avi administrator needs to download only one Service Engine image for each type of image needed (ova

). The same SE image can then be used to deploy Service Engines in any tenant and cloud configured in the /qcow2/docker

system. Read . * Avi Vantage currently doesn't support vMotion and recommends that its built-in this relevant article VS functionality be used instead.migration

How Avi Vantage Integrates into vCenterAvi Vantage runs on virtual machines (VMs) managed by VMware vCenter. When deployed into a vCenter-managed VMware cloud, Avi Vantage performs as a fully distributed, virtualized system consisting of the Avi Controller and Avi Service Engines (Avi SEs), each running as a VM.

Avi Vantage is deployed and runs as the following main components:

Avi ControllerAvi Service Engines (Avi SEs)

https://avinetworks.com/docs/16.3/installing-avi-vantage-for-vmware-vcenter/

https://avinetworks.com/docs/16.3//virtual-service-creation-vmware

https://avinetworks.com/docs/16.3//vantage-interaction-with-vcenter/

https://avinetworks.com/docs/16.3//manually-deploy-service-engines-in-non-default-tenantcloud/

https://avinetworks.com/docs/16.3//migrating-virtual-services/

https://avinetworks.com/docs/16.3//migrating-virtual-services/



Avi Controller

The Avi Controller provides a single point of control and management for the cloud. The Avi Controller runs on a VM and can be managed using its web interface, CLI, or REST API.

The Avi Controller stores and manages all policies related to services and management. Through vCenter, the Avi Controller discovers VMs, data centers, networks, and hosts. Based on this auto-discovered information, virtual services can quickly be added using the web interface. To deploy a virtual service, the Avi Controller automatically selects an ESX server, spins up an Avi SE (described below), and connects it to the correct networks (port groups).

Note: For this Controller-to-vCenter communication to work, Avi Controllers need access to the desired ESXi hosts (over port 443).

The Avi Controller also provides a management center for other cloud infrastructures, with the ability to manage resources in multiple infrastructures simultaneously. For example, the Avi Controller can be configured to communicate with both a VMware vCenter server and an OpenStack controller, to manage resources in each type of cloud.

The Avi Controller can be deployed as a single VM or as a high availability cluster of 3 Avi Controller instances, each running on a separate VM.

Avi Service Engine

Avi SEs provide the application delivery services to end-user traffic, and also collect real-time end-to-end metrics for traffic between end-users and applications.

Each Avi SE runs on its own VM. The Avi Controller manages the lifecycles of Avi SEs by creating, controlling, and deleting them. To deploy an Avi SE, the Avi Controller creates an Avi SE VM, plumbs it into a network, and provisions it with service policies as required to deploy virtual services.

Deployment PrerequisitesVirtual Machine Requirements

The lists the minimum requirements for the VMs on which the Avi Controller and Avi System Requirements: Hardware articleSEs are installed.

For added resiliency and redundancy, the Avi Controller can be deployed as a 3-node cluster. [See Overview of Avi Vantage .] In this case, a separate VM is needed for each of the 3 Avi Controller nodes. The requirements are the same High Availability

for each node.

Appropriate physical resources need to be present in the ESX Host. If appropriate resources are not present in the ESX host, SE creation will fail and manual intervention will be required.

Fine-Tuning the SE VM

RAM ? Add 1 GB of RAM to the SE configuration for each additional vCPU.CPU socket affinity ? If this option is selected, SEs within their group will have their vCPU cores allocation on the same CPU socket of a multi-socket CPU.Dedicated dispatcher CPU ? If this option is selected, SEs within their group will dedicate a single CPU thread for dispatching data flows to other vCPU threads. This makes the most sense for SEs having three or more vCPUs.Disk ? With 10 GB as an absolute minimum, set the disk value to at least (2 x RAM-size) + 5 GB.

For more details on any of the above, read the article.Service Engine Group

Software Requirements

https://avinetworks.com/docs/16.3//system-requirements-hardware/

https://avinetworks.com/docs/16.3//overview-of-vantage-high-availability/

https://avinetworks.com/docs/16.3//overview-of-vantage-high-availability/

https://avinetworks.com/docs/16.3//service-engine-group/#SERVICE_ENGINE_CAPACITY_AND_LIMIT_SETTINGS



Software Requirements

The following table lists the software requirements.

Component Version

Avi Controller 16.3, 16.4

VMware vCenter

5.1, 5.5, or 6.0

The Avi Controller OVA contains the images files for the Avi Controller and Avi SEs.

VMware vCenter is required for write access mode deployment or read access mode deployment.

IP Address Requirements

The Avi Controller requires one management IP address. Administrative commands enter the Controller via that address. It is also used to communicate with SEs. The management IPs of all Controllers within a cluster must be in the same subnet. See the article.Controller Cluster IP

Each Avi SE requires one management IP address, a virtual service IP address, and an IP address that faces the pool network.

For quickest deployment, DHCP rather than static assignment is recommended for allocating the Avi SE management and the pool network interface IP addresses.

Note: Use a static IP address for Avi Controller management unless your DHCP server can keep the assigned IP address permanently.

The virtual service IP address is specified manually during creation of a load-balanced application. It is also possible to automate the allocation of the virtual service IP address by integrating with an IPAM service. For more information, refer to

.IPAM and DNS Support

Traffic whose destination is the VIP address:port is load balanced by Avi Vantage across the members (servers) within the pool.

vCenter Account Requirement

During initial Avi Controller setup, a vCenter account must be entered to allow the Avi Controller to communicate with vCenter. The vCenter account must have privileges to create new folders in vCenter. This is required for SE creation, which in turn permits virtual service placement. The privileges required are depicted below.

https://avinetworks.com/docs/16.3//controller-cluster-ip/

https://avinetworks.com/docs/16.3//vip-allocation-using-ipam-or-dns



Deployment ModesAvi Vantage can be deployed into a VMware cloud in one of the following modes. Each mode differs depending on the level of vCenter access provided to Avi Vantage. Each access level determines the amount of automation and analytics Avi Vantage is able to provide, and accordingly has different requirements for deployment.

Write access mode ? Avi Controller automatically spins up Avi SEs as needed, and accesses vCenter to discover information about networks and VMs. This mode requires a vCenter user account with write privileges.



1. 2. 3. 4.

Read access mode ? Avi Controller accesses vCenter to discover information about networks and VMs. Avi SEs must be spun up and connected to networks by the Avi Vantage and the vCenter administrator (possibly you). This mode requires a vCenter user account with read privileges.No access mode ? Avi Controller does not access vCenter. The Avi Vantage and vCenter administrator manually deploys Avi SEs, defines networks and interface IP addresses, and maps the Avi SEs to the correct networks.

Deployment Example ? Write access with DHCP

The following example shows the recommended deployment topology: write access mode with DHCP.

The Avi Controller requires one management IP address. The Avi SE requires one management IP address, a virtual service IP address, and a pool-network-facing IP address. DHCP is recommended for allocation of the Avi SE management IP addresses and the pool-network-interface IP addresses. The virtual service IP address:port is specified manually as part of creating a load balancing policy. End-user requests are received by the virtual service IP and is load balanced across the members of the pool.

Deploying in Write Access ModeThis section provides the steps for deploying Avi Vantage in write access mode.

Deployment Steps

Deployment of Avi Vantage into a vCenter-managed VMware cloud in write access mode requires the following procedure. Detailed steps for each part of the procedure are provided.

Deploy the Avi Controller OVA file.Perform initial Avi Controller setup.If using static IP assignment, configure the IP address pools for the networks where the Avi SEs will run.Verify installation.

Deploy Avi Controller OVA



1. 2.

3.

1.

2.


Through a vCenter client, log into the vCenter server. Using the vCenter client, deploy the Avi Controller OVA file.

Click File on the top menu and choose Deploy OVF Template.Follow the instructions of the Deploy OVA Template wizard.

Choose Thick Provision Lazy Zeroed for disk format.Choose a port group for Destination Networks in Network Mapping. This port group will be used by the Avi Controller to communicate with vCenter.Specify the management IP address and default gateway. Or, leave them empty if using DHCP.

Power on the VM.


Perform Initial Setup of Avi Controller

This section shows how to perform initial configuration of the Avi Controller using its deployment wizard.

You can change or customize settings following initial deployment using the Avi Controller?s web interface.

To start, use a browser to navigate to the Avi Controller.

While the system is booting up, a blank web page or 503 status code may appear. In this case, wait for 5 to 10 minutes; Note:then follow the instructions for the the setup wizard.

Configure basic system settings:Administrator accountDNS and NTP server informationEmail/SMTP information

Set the infrastructure type to VMware:



2.

3. Enter vCenter settings:

vCenter credentials (The vCenter account must have privileges to create new folders in vCenter. This is required for SE creation.)

vCenter IP addressPermissions (Select .)WriteIntegration with Cisco APIC (Leave unselected/disabled.)Data center (where Avi Vantage will be deployed)IP allocation method for the networks where the pools and virtual services will be located: DHCP or Static. (Wizard screen example below shows DHCP.)



3.

4.

5.

Configure Avi SE settings:Management networkIP allocation method for management networkSupport Multiple Tenants (Select .)No

One of the Avi SE's 10 vNICs is for connection to the management network. The other vNICs are data vNICs. For the IP allocation method, if static address assignment is used, enter a subnet address and a range of host addresses within the subnet. Avi Vantage assigns addresses from this range to the Avi SE data interfaces.



5. To verify installation, navigate to Infrastructure > Clouds, click Default-Clouds, then click the Status button. If the status is green, installation is a success.

If the management and pool networks use DHCP, the deployment procedure is complete. If static address allocation is used, an additional set of steps is required: .configure IP address pools for networks

Verify Controller-to-VMware Communications

The Avi Controller must be able to communicate with vCenter and all ESX hosts that contribute to the deployment. Failing such, the Avi Controller will not be able to spawn SEs. In the same vein, if the ESX hosts have DNS names, then the Avi Controller should point to the very same DNS server used by the ESX hosts, to avoid names resolving to different IP addresses.

Deploying in Read / No Access ModeThis section provides the steps for deploying Avi Vantage in read access mode or no access mode. In these modes:

In read access mode, the Avi Controller can discover networks and VMs and provide analytics related to the properties . However, it does not automate the deployment of Avi SEs or connect them to networks.of the SE VM

The Avi Controller does not access vCenter in no access mode and does not automate the deployment of Avi SEs or connect them to networks. Instead, all aspects of the Avi SE deployment and network placement are performed by the Avi Vantage and vCenter administrators.No access mode does not provide the analytics related to the . However, it does continue VM properties of the SE VMto provide analytics.virtual serviceIn read access mode, to enable SEs to connect to the correct Controller cluster, vCenter's OVF property "Controller Cluster UUID for Avi Controller" must be set. The Controller cluster UUID may be retrieved by navigating to Infrastructure > Clouds and clicking on the key icon, circled in red below.

Note the appearance of the Controller UUID, highlighted in red in the below screenshot of the OVF settings for an Avi SE named .The OVF parameter can be left blank in no access mode. Avi-se-umxxb



1. 2. 3. 4.

Alternatively, the Controller cluster UUID may be retrieved via the REST API call . The below GET /api/cluster

example returns a cluster UUID of . GET /api/cluster cluster-005056b093d0

REST API : GET /api/cluster

Data :

nodes: [

{

ip:

{ type: "V4", addr: "10.10.25.223" }

,

vm_hostname: "node1.controller.local",

vm_uuid: "005056b69265",

name: "xyz",

vm_mor: "vm-abc"

}

],

tenant_uuid: "admin",

uuid: "cluster-005056b093d0",

name: "cluster-0-1"

}

Deployment Process

Deployment of Avi Vantage into a vCenter-managed VMware cloud in read or no access mode requires the following procedure.

Deploy the Avi Controller OVA.Perform initial Avi Controller setup.Download the Avi SE OVA file from the Avi Controller.Deploy the Avi SE OVA file. (This step is required twice, to create 2 Avi SEs. At least two instances of the Avi SE are required for high availability.)



5.

6. 7.

1. 2.

3.

1.

Connect the Avi SEs to port groups to allow them to access the management network, virtual service network, and server network.Verify Avi SE discovery.Verify the discovery of VMware resources.


Through a vCenter client, log into the vCenter server. Then use the vCenter client to deploy the Avi Controller OVA file.

In vCenter, click File on the top menu and choose Deploy OVF Template.Follow the instructions of the Deploy OVA Template wizard.

Choose Thick Provision Lazy Zeroed for disk format.Choose a port group for Destination Networks in Network Mapping. This port group will be used by the Avi Controller to communicate with vCenter.Specify the management IP address and default gateway. Or, leave them empty if using DHCP.

Power on the VM.


Perform Initial Setup of Avi Controller

This section shows how to perform initial configuration of the Avi Controller using its deployment wizard.

You can change or customize settings following initial deployment using the Avi Controller?s web interface.

To start, use a browser to navigate to the Avi Controller.

While the system is booting up, a blank web page or 503 status code may appear. In this case, wait for 5 to 10 minutes; Note:then follow the instructions for the the setup wizard.

Configure basic system settings:Administrator accountDNS and NTP server informationEmail/SMTP information



1.

2. Set the infrastructure type:No access mode: select No Orchestrator to finish the wizard. No more information is required.Read access mode: select VMware and continue with this procedure.



2.

3. Enter vCenter settings (read access mode):vCenter credentials (username and password)vCenter IP addressPermissions (Select .)ReadIntegration with Cisco APIC (leave unselected/disabled)Data center (where Avi Vantage will be deployed)IP allocation method for the networks where the pools and virtual services will be located



3.

4. To verify discovery by the Avi Controller of all vCenter resources, navigate to Administration > Settings > Infrastructure. The discovery status should be 100% complete. (See example above.)


Install Service Engine

Deployment in read access mode or no access mode requires the user to download and deploy the Avi SE to install it. (Avi SE installation in write access mode is automatic.)

Download Avi SE OVA

The OV image file for Avi SEs is embedded in the Avi Controller image. The Avi SE OV image can be downloaded through the web interface or the API. To download:

Using the Web Interface: Navigate to Infrastructure > Cloud, click the button, and select se.ova to download the Avi SE ova.



1. 2.

3.

4.

Using the API: Navigate to , where avi-ctlr-ip is the IP address of the Avi http://avi-ctlr-ip/api/fileservice/seovaController.

Deploy Avi SE OVA

After you download the Avi SE OVA from the Avi Controller, use the following steps to deploy it.

By default, deployment requires a minimum of two Avi SEs, for the sake of high availability.Note:

In vCenter, click File on the top menu and choose Deploy OVF Template.Follow the instructions of the Deploy OVA Template wizard.

Choose Thick Provision Lazy Zeroed for disk format.Choose the port groups for the Avi SE network connections. The Avi SE has 10 vNICs. Connect the first vNIC to the management network. Connect the other vNICs to the data networks.For the management connection, choose a port group that will allow the Avi SEs to communicate with the Avi Controller. An Avi SE can be connected to up to 9 data networks. For each Source Network, choose a port group in Destination Networks where you plan to have virtual services and pools. The Avi Controller expects the Avi SE?s data vNICs to be connected to virtual service and pool networks.Specify the Avi Controller IP address.Enter the Avi Controller?s authentication token key:

<li>Log into the Avi Controller.</li>

<li>Navigate to Infrastructure > Clouds.</li>

<li>Click on <img class="alignnone size-full wp-image-3558" src="img/security-key-icon.png" alt="edit-icon-2" width="13" height="12"> to view the authentication token key.</li>

<li>Copy the authentication token. <img title="Image call" src="img/security-copy-token.png" alt="security-copy-token"></li>

<li>Paste the authentication token key into the Authentication Token for Avi field.</li>

<li>Specify the management IP address and default gateway. Or, leave them empty if using DHCP.</li>

<li><a href="img/vmware-deploy7.png"><img class="alignnone size-medium wp-image-3739" src="img/vmware-deploy7.png" alt="vmware-deploy7" width="528" height="499"></a></li>

</ol> </li>

On the VM Properties menu, connect the Avi SE data vNICs to the port groups needed to reach a virtual service network and pool network.

Leave any unused vNICs disconnected.Note: Write down the following information:(no access mode only)

MAC addresses of the vNICsIP subnet of the port group

This information will be used to identify the Avi SE interfaces because the Avi Controller does not have access to vCenter and therefore cannot associate the Avi SE?s interface names with VMware?s interface names.

http://avi-ctlr-ip/api/fileservice/seova



4.

5.

1. 2. 3.

This step is required only for no access mode, not for read access mode.Note:

Power on the VM.

Repeat to deploy at least one more Avi SE. By default, 2 Avi SEs are required for deployment of a virtual service, for the sake of high availability.


Note: The Avi SE must be connected to the management network, virtual service networks, and pool (back-end server) networks.

(no access mode only) Configure Avi SE Interfaces

Each Avi SE requires an IP address in each of the virtual service networks and server networks. If deploying in write access mode or read access mode, this process is automatic. If deploying in no access mode, the Avi Vantage user must perform the following steps:

Navigate to Infrastructure > Service Engines, and select the Avi SE that was deployed in the previous section.Find the interface that matches the list of MAC addresses written down during Avi SE deployment.If DHCP is available for address assignment, enable the DHCP option for the interface. Otherwise, provide a static IP

.address

Repeat for each connected interface, for virtual service and server networks.



(Static IP only) Configure IP Address Pools for Networks

These steps are required only if static IP address allocation is used. If the management and pool networks use DHCP, skip this section.

Each Avi SE deployed in a VMware cloud has 10 vNICs. The first vNIC is the management vNIC through which the Avi SE communicates with the Avi Controller. The other vNICs are data vNICs and are used for end-user traffic.

After spinning up an Avi SE, the Avi Controller connects the Avi SE?s management vNIC to the management network specified during initial configuration. The Avi Controller then connects the data vNICs to virtual service networks according to the IP and pool configurations for the virtual services.

To perform this network plumbing automatically, the Avi Controller builds a table that maps port groups to IP subnets. With this table, the Avi Controller connects Avi SE data vNICs to port groups that match virtual service networks and pools.

After a data vNIC is connected to a port group, it needs to be assigned an IP address. For static allocation, assign a range of IP addresses to the applicable port group. The Avi Controller selects an IP address from the specified range and adds the address to the data vNIC connected to the port group.



1. 2. 3.

4. 5.

6.

Use the following steps to assign an IP address pool to port groups:

Navigate to Infrastructure > Cloud > Default-Cloud > Network.Find a port group and IP subnet on which a DHCP service available.is notSelect the port group by clicking the edit icon:

Check Static for Network IP Address Management.Select the IP subnet by clicking the edit icon:

Enter a static IP address or a range.

If deploying in no access mode, is required. If deploying in write access or read access mode, the one final setup itemprocedure is complete! Now Avi Vantage is ready for .creation of virtual services

Recommended Reading

Creating a Virtual ServiceTroubleshooting

https://avinetworks.com/docs/16.3//virtual-service-creation-vmware

https://avinetworks.com/docs/16.3//virtual-service-creation-vmware/

https://avinetworks.com/docs/16.3//troubleshooting-vmware-deployment/

Page 1 of 19 - avinetworks.com · Vantage optimizes core web-site functions, including SSL...

Documents

Transcript of Page 1 of 19 - avinetworks.com · Vantage optimizes core web-site functions, including SSL...