Avi and NSX-T Integration - Part 3: Installation Guide

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody my name is trevor spyers with howtonsx.com and today uh this is part three of a three-part series i'm going to take you through beginning to end the installation and initial configuration of the nsx advanced load balancer or avi networks and its integration with nsxt and vcenter so like i said this is the third video in a three-part series i'm going to get right into this one this is meant to be a an idiot proof guide for how to from beginning to end install configure and create your first vip in avi and how to integrate it with an sxt so i'm going to share my screen share my lab with you and we are going to get off to the races so just for for starters um baseline where you need to be before you even start considering this integration is that you need to have nsxt deployed right and you need to have overlay networking enabled and you need to have a vcenter server right there's a version compatibility you can check that in the installation guide that i've linked to in other videos but um that's the that's the bare minimum that you need okay what you're going to want to do is you need to download the obvi controller which i've already done i've downloaded the controller and i deployed the ova okay i'm going to assume you can take care of that part yourself all you need is to download the ova from the obvious website it needs to be version 20.1 or later and then you will install that here in your vcenter environment so all that is is you know right click deploy ovf template and then you would give this an ip address and that's all it is um the ip address needs to be something routable on your network because this controller is going to need to be able to talk and communicate with your nsx overlay networks so that way it can configure and talk to your avi service engines okay so that's all i've done so far um i've got i've got a fresh vcenter that's not really made for avi yet i haven't done any of the pre-work and same with nsx so um from the vcenter perspective all you need to do is configure and deploy the obj controller that you downloaded from the aubie website and you also need to do one thing that is you need to create a content library okay so the whole idea of this integration of that is that it's like extremely automated right so part of that automation is that the ovi controller automates the deployment of your service engines for you you don't need to deploy them manually avi does it all for you how it does that is by uploading them to a content library and then it pulls the ova from the content library once those are deployed so i'm just going to create a quick content library for us this is going to be avi s-e-c-l so i'm going to create the content library on my vcenter very good i am going to not change anything i'm just going to leave it at the default settings and i you just got to point it at some kind of storage somewhere i'm going to point it at one of my data stores that's it you don't do anything else i don't even need to upload it um the controller will upload the ova and do all that for me it just needs to be there i just need a bucket that way i can reference it later you'll see me reference this in a few minutes that is all you need to do in vcenter you just need to create the content library and deploy the controller okay in nsx you also don't need to do a lot but again i i i kind of have to assume that you've already got nsx running if you're watching this video if not you can reach out to me for help by setting up nsx but um there are a lot of other good content out there for how to install and configure and get nsx working this assumes that nsx is working in your environment this assumes that you have a configured a tier one gateway and if not you'll need to configure it to your one gateway okay in your tier one gateway what you need to do not not a whole lot of work to be done but you need to do one step is required and then the other step is optional so this the step that's required is you need to edit your tier one gateway and you need to be sure that you are advertising redistributing your static routes i've mentioned ad nauseam in my other videos that we accomplished ecmp through static routes with this configuration so you need to um definitely be redistributing those and um connected as well that's what the got the documents recommend and it's pretty standard distribute connected in nsx so that's all you need to do it is optional to configure dhcp i'm doing an all static deployment but if you'd like to know how to configure dhcp i have another video that you can reference on my youtube channel if you need to know how to configure that because you'd like to use dhcp in your environment so i'm gonna stop editing my tier one the other thing i need to do is i need to create a couple of overlay segments the minimum would be one you could technically just have one overlay segment and have management and your data all on the same one but it'll be best practice to split them apart so what you'll do is create a segment and then i've already created mine i have a management segment and i have a web segment um how you would do that though is simply click add segment you would these must be an overlay segment right so you're going to have to select an overlay transport zone whatever one is connected to um and working within that tier one that you have and then you're going to need to connect this to that tier one in my environment it's my tenant one tier one right you also need to give it an ip you need and this is going to be the default gateway for your your your service engines and um this is going to be your default uh or this is going to become your your way in and out of this segment so you know usually that's either a dot one or dot 254 address so it would be something like 10.10.50.1 24. all right and that would be your default gateway for this segment and that's it so you just gotta do that and you click save and create it again i'm not using this one because i already have my management network and my web network configured all right and those are both connected to my tenant one tier one already again that's in nsx that's the only pre-work you need to do the only thing i'll caution you of that it's not in the documents but but be aware if you're leveraging distributed firewall or gateway firewalls you're going to want to make sure that you uh have traffic allowed and they're not denying the underlying like management and control plane traffic that you would need for the system to operate so just make sure that if you have a deny policy that um you are ready to come in and either write allow rules or white list the hobby components okay that's it for nsx manager really not a whole lot of upfront configuration required now is the fun part now most of the rest of this work is going to be done in the audio controller so first thing you do is create an admin account so you just give it a password don't be confused like me this is actually a new password there is no default password you just create it that's the first thing you do i was googling for like 20 minutes what's the default password and it turns out you create the default password it's not something that's included so and again i'm i forgot to mention i already deployed this remember that i said you need to deploy an ova you need to deploy an ova it needs to be reachable and then the initial configuration of obvi is done by navigating to the ip address of the audio controller um in a https session okay and then you're going to give it the kind of standard stuff that you would put in for most initial configurations for your system i'm going to give it dns information there is the option to do backups so you create like a secret to kind of encrypt your backups and finally ntp they have a bunch of defaults in here but i have my own ntp server you can leave it to the defaults if you don't have one but i have my own that's in tp um localhost i'm going to leave this as the default now actually i'm going to change it so this would be they just want to know if we send any default email notifications um what the what the email address what it would be coming from this is how you would how you would do that you can leave it in default but i'll change mine and then that's it you could configure an orchestrator here i'm going to go ahead and say this obvious controller is only really going to be using nsx so i'm going to say no orchestrator mode um because you see here i have a lot of options but nsx is not built into this part of the gui yet it has to be configured after you finish the initial setup so i'm going to click no orchestrator mode and this part this is something that is tbd in the documents it says select no but i believe it will probably work if you select yes i just don't know for sure and according to the documentation you have to select no so this is something that maybe you you can test on your own and find out let me know if you do multiple tenants and it works but i'm going to follow the documents because i don't have a multi-tenancy requirement but if you do just note that this would be something you might want to select yes on but confirm that it actually works it's not documented all right so i i said no on multi-tenancy and it's just going to pop me right in to my interface right it throws me right smack dab into um the area where i need to configure and manage my hobby controller so um from here what do i do right what are the first few steps to get this thing up and running with this clean obvi config well the first thing i'm gonna do is this i am going to go into my infrastructure and then i'm going to go to my clouds because this is where you're going to add nsxt into avi and i'm going to need to move my little my beautiful face down here so i can configure this all right so um all you got to do is go to clouds and then here's where you create like you know uh the controller automates everything right that's what's cool about it is it's very hands-off it it automates the deployment spin up spin down and everything in order for it to do that you have to point it towards the thing you want it to automate so in this case that's nsxt for me right so i'm gonna get i'm gonna name it in sxt cloud and then do some initial configurations all i really need to do is give it a an account for my nsx manager and also for my vcenter and then point it at them now um there are there is least privilege information on the audio website if you'd like to follow leads privilege and configure a service account that's probably what i would recommend in production but i'm just going to give it my local admin account for now just note take these they do have permission requirements so make sure you meet those requirements so my nsx manager ip is 192.168.110. what is it 15 and my credentials we're gonna be just my default credentials for nsx manager and this is going to be unique to you but i'm just going to put in my username and password click save and you have the option to enable dhcp here i choose not to if you do enable dhcp you need to be sure that you've configured your tier one router and the associated segments in nsx to support it otherwise it's not going to work okay so just make sure that if you do that that you have those prerequisites done again i'm not doing it so i'm not going to um and they also ask you to create a prefix name so i mentioned this is going to be automating vcenter and automating nsx through the api so um all the it creates a bunch of objects it creates some some security groups it creates some you know the service engines it creates a few different things so um you know this is just a prefix that you would put on to the name of anything that is created so you call whatever you want but just make just it helps us know hey this object in nsx or in vcenter was created by the object controller not by an admin right so that that's really what it what it comes down to so i'll i'll just call mine obvi demo i'm going to click connect on my nsx manager and so once you connect actually the controller is going to authenticate your nsx manager and once that authentication is successful you're going to get presented with your your transport zones from nsx so you're going to want to select whatever transport zone that the overlay segments the service engines will run on will be deployed to for me it's my site a transport zone but again every environment's different that's something that's going to be specific to you so it learns the transform zone you select that it's also going to learn about my tier ones so i need to select the tier one gateway and this is going to be the tier one that i want my service engines to be deployed to so i'm selecting my tenant one tier one and then the first network i select is my management network so all i have to do is it's going to automatically fill the segments that are connected to this nsx transport zone and i just gotta select my management network that i created in s access pre-work to this installation today only manual uh segment configuration is is supported later automatic will be which is pretty cool but right now you still must select these manually so this is the management interface now for the data interface and the interface where you put your vips i also need to add that below so i'm going to go ahead and do that it's the same idea i select my tier one router and i'm going to do my web overlay segment because that's where the servers i want to load balance to are located so that's that you could add multiples here but i'm just going to do one and kind of keep it simple the only other thing i'm going to do is i'm going to add vcenter so again this could be your vcenter ip and i'm going to i believe it does accept fqdn it says hostname i'm using ip though and again i'm going to add click create and add credentials and so i'm going to call these vcenter creds i'm going to select the credential type of listener and then this is going to be my vcenter username and password okay so that's it and i'm going to click save hopefully i typed it right and click connect make sure everything is popping i gotta give this a name too it says it could not connect i i've found usually when it can't connect it's because i've configured the credentials raw so i'll reconfigure these credentials i had that happen a few times so i will go ahead and add my vcenter again and then and i'll okay i typed it right that time administrator at vsphere.local save connect okay good it connected that time so i had a type o there so i'm remember i created that content library earlier so once i punch in my vcenter ip and credentials and i i validate those and i connect it's going to automatically learn about all my content libraries so all i'm going to do is specify the content library i want my service engine ovf to go to and deploy from so again it's going to learn that automatically it's really really simple stuff um setting this up is easy and fast it's just a matter of knowing the pre-work of how to accomplish that so i'm gonna click done that is it i'll do a quick review here but i think i've got everything i need i got my nsx information i've got my vcenter information so i'm going to go ahead and click oh the only other thing this is optional you could configure an ipam or a dns profile i'm not but you could do that so just you know another nice thing you could do which i believe the dns if you do that i think maybe it will automatically update dns as you're creating vips so that's that's a pretty cool feature and ipam i believe that that would just allow us to consume ippools from an ipam that already exists but i'm not doing that i don't have those systems in my lab so i'm just going to leave those turned off click save and now my nsx cloud is being created okay it's going to learn about it it's going to make sure everything's good hopefully i get a nice green yep so everything is up and running it's in in progress so this means that it's starting to do the necessary configurations um in my environments but mostly right now it's just connecting to my vcenter and my nsx manager so i'm almost ready to create my first vip i only need to do two more small things one thing i'm gonna do this is kind of optional i'm going to go to my service engines group and you need to do a drop down to that new nsx cloud you just created all right and there's going to be a service engine group there you create a new one i'm just going to edit the default though like i say this is optional um for my lab to tune this i'm gonna not uh reserve memory and um by default the minimum number of service engines is two i just wanna change mine to i'm sorry the minimum is one i'm i just want to change mine to two and that is because i want this to be operating active active to me that's that's the way i want this to operate this way i want to be showing it to people so i'm changing that to two i'm changing the buffer to zero that's strictly because i have a lab with limited resources and i don't want to deploy extra service engines but if this was a production environment for you you would want to just determine how much buffer space you would like and you would have buffer service engines those are basically like stand-by service engines ready to take over um if there's a failure somewhere for for whatever reason and so i've got that set to two and if you don't do this if you don't set it to two then you won't really get an active active deployment off the bat it would be more of an active standby because you would just have the one and then you'd have the buffer right so i like to have the minimum of two but again this is totally optional you do not have to change this configuration and it will still work all right so i've updated my service engine group i only have to do one more thing i hope unless i've forgotten something in order to configure um my first vip and for all this automated stuff to be happening and that is i need to go to my networks and i you'll i'm automatically already here on my nss cloud because that's where i was in the last screen and i mentioned that um and you probably might remember during the setup there was an option to select dhcp i'm not going to do dhcp if you choose not to do dhcp either you have to go in and define the ip pools that you want avid to use for the overlay segments that you specified all right and this is not in the documentation but you need to do it so i'm going to come right in here and this would be checked if i had enabled dhcp or you wanted to enable dhcp after the fact you would enable it here for me i am going to um do two things i need to come in here change my routing context to tenant one right because this is going to be a 10 one network i'm going to add a subnet and the subnet is going to be this is the subnet for my management stuff because this is my hobby management and i'm going to add a pool and this is going to be the pool that when my controllers are deployed they're given management ips this is going to be the pool that those managing ips come from right so i'll create a pool of 100 ips that's a way too many for my environment but um that's i got a bunch of eyepieces to spare so here we go that is all i need to do so i will go ahead and click save here and just verify everything is good i've got the right routing context i've selected my tier one my ips my pool all good i'll select save and save so that's it right now you can see i've got 101 ips in my pool to use i'm going to do the same thing for my web so let me just do that real quick uh tenet one routing context i'm gonna have subnet i'm going to make my subnet 172.16.10.04 and this one because that's a different subnet and then add my pool excellent click save save boom and now i've got my two pools configured again this is a step that's not in the docks but it's very important because if you're not using dhcp those ip's got to come from somewhere so if you're not using dhcp it either comes from here or probably you can do it from the ipam as well but i'm not using that so i needed to come in here and configure that all right let me check my notes but i believe that's it all right i i went through uh content library oh i didn't miss one small thing i'm so glad i checked so there's one other thing that you're gonna need to do before you can configure virtual service all right and this is you don't have to do this but i think this is the best way to do it um if you're if you're already an nsx user so i'll go back to applications but in my nsx manager uh there's this concept of security i'm sorry of groups in nsx um so i want to load balance my web servers right so this is a security group that i've created and inside of the security group i have my web servers added so i can even show you that here that my web servers um web 01a and then web o2a those are the web servers that i've created and that i'm going to be using as the back end um to my advanced load balancer so um these are um this is one way to do that i could also punch in the ips manually but i prefer to do it this way because now if the web server changes or something it'll be updated automatically within hobby so let me close this um my final step is to create a virtual service this is where i make my stinking vip all right so what i'm going to do is create my very first virtual service so this is your how you create a vip in hobby it's under application so i'll say i'm gonna do a very basic setup because i just want this to go um quickly you can do an advanced setup and have all kinds of crazy persistence profiles and wife and all these cool advanced settings but for me i'm just going to make it now you know pretty straightforward so i'm going to say this is my first bit and i'm going to give it an ip you do it you do got to give your vip an ip so so i've created a vip it's 17216 10.21 and what's cool is you'll notice um and i'm going to select my tier one gateway i don't need to tell this what network to put that on right because obvious smart enough to know well in the networks pane um this subnet this broadcast domain is associated with the web network so it is smart enough to know well i need to just put that on the web network right a lot of systems would make you specify the network or the vlan or whatever um to me that's kind of like it doesn't now that i've seen avi do it this way it's like well why would i just not have this be automated within the tool so that's something that's pretty cool about avi so all i need to do is create the vip i select my port protocol information i'll just leave it on port 80 for my web servers and uh to select the back-end servers i'm going to go to security groups you have the option to punch in the ips manually but if i use security groups then i can actually consume nsx objects so i have my web network right this is my web network that we looked at in a sec and a second has my web servers inside of it i'll select that and that's going to automatically put my two web servers in as the back end for my vip i'm sorry it's back in for my uh virtual service right so i'm getting a pool so um i've selected my web server i've done this initial configuration i'm just going to click save and that's that's it right as far the pre-work takes a few minutes but to actually configure your vip it's it's as easy as specifying those three or four fields and what's going to happen now is this is going to start automatically automating all the necessary components to build that vip out on your nsx network and deploy the service engines into your vcenter so i can actually see it happening probably if i go over here and i look at my recent tasks you're going to see oh look at this vcenter i didn't do anything right this isn't me this is the audi controller that's logged into vcenter and has began deploying the ovf template so it's it's uploaded that's the content library it's going to start pushing it down as soon as it can so this process because it's my very very first vip uh when i did it the first time it took a few minutes so i'm just going to let this thing run and start deploying ah okay good i started to get a little worried about where my second service engine was at but i guess it just needed a couple minutes to think okay cool so uh as you can see here my second service engine is being deployed now uh it just took like i said it does take a few minutes especially when you're running a nested lab like myself so this is going to be spun up very soon and we're going to see that appear in our obvi controller as a result of that of course now the second service engine is coming up and it's going to be booting and then connecting to avi and then once that's done my application will be up and running in fact the app already is partially up and running right it's it's got poor health because it just came up it's still i'm trying to get a hold of my back end servers and it's still waiting for that second service engine to come up but so i'm going to wait and let this turn and do its thing we're going to come back in a few minutes and then we're going to take a look at this fully functional vip that's been automated and completely i'm kind of hands off deployed by nsxt okay everybody i stepped away for a few minutes i i haven't really i haven't touched anything i've just been letting these things deploy and right now you can see both of my service engines the active active pair are showing as up so that these have been completely automatically deployed the health will stabilize soon right when you first deploy it it shows poor health because it misses the first uh you know few minutes of time where they're rebooting everything but these will be all green here soon and if i go to my application i'll see both of my service engines are enabled underneath my app my health score is is decent it's going to start improving and i can see from beginning to end my vip go into my pool all the way to my back in the servers that i'm load balancing over port 80 right so that's really it everybody i mean uh it's load balancing to a web page on these two servers i didn't have to do anything other than um click deploy uh in the application i had to create a basic virtual service the pre-work like like you saw maybe takes 20 minutes or so to get everything up and running but after the pre-work is done it's easy and now from this point now that my service engines are deployed i can just be i can start deploying uh new services like crazy you know i can go nuts i can start configuring these things all day long and they'll be spinning up spinning down i can even scale them up and down within the interface i can come in and say hey i'd like to scale this out add some more service engines i like to remove some service engines it's all at my fingertips now the power of avi is is now whatever i can do within the configuration of avi and my service engines and my vips i can do here it is just a matter of configuring it so i am going to stop sharing my screen so uh again that was part three the final video in this three-part series covering the integration of the nsxt platform and the avi networks or nsxt advanced load balancer platform um getting them to play together that we can have automated elastic flexible advanced um load balancing and wife within your nsxt environment for east to west and north south load balancing so i hope this has been educational i believe i covered everything uh in these last three videos that you could possibly need to get this up and running and understand the concepts of course if there's anything that's unclear i i urge you to comment below i keep an eye on those so if you comment i will probably get back to you within a couple days if you're on my blog watching this video or reading a post you can of course comment in the blog also my contact information is on my blog howtonsx.com so um just reach out if there's anything else i can do for you or if there's anything else you'd like to see right this is a lot of fun for me to make i learned a lot in the process so if there's any other videos or blog posts that you'd like to see within the world of networking and security uh let me know and i will take a crack at it all right so i hope this has been helpful again this is a really exciting advancement in my view really exciting advancement for the nsx core platform as well as an advancement for the avi networks for advanced load balancer platform it's just a cool additional point of integration um that's been added in this most recent release so i hope this has been helpful i hope it's been educational for you um thank you very much for sticking with me and watching the videos and happy load balancing all right i'll talk to you all maybe never or maybe soon if you know me alright bye everybody

Info

Channel: Trevor Spires

Views: 1,142

Rating: undefined out of 5

Keywords: load balancer, load balancing, avi, avi networks, nsx-t, nsx, nsxt, vmware, load balance, integration, virtual cloud network, nsxalb, nsx alb, nsx advanced load balancer, vcenter

Id: I6hgTJlTNYE

Channel Id: undefined

Length: 33min 17sec (1997 seconds)

Published: Mon Aug 17 2020