Container Ingress
Traffic Management and Kubernetes
Ingress for Containerized Applications
Ingress for Containerized Applications
As enterprises modernize and build containerized Kubernetes applications, they are confronted with a lab-to-production gap that requires a very different set of requirements on app availability, observability, on-demand elasticity, multi-cloud deployments and more. Networking and operations teams find that they need to piece together a mishmash of legacy or open-source container management tools that are disjointed and complicate their ability to deploy and manage modern applications at scale.
VMware NSX Advanced Load Balancer delivers multi-cloud application services such as load balancing for containerized applications with microservices architecture through dynamic service discovery, application traffic management, and web application security. Container Ingress provides scalable and enterprise-class Kubernetes ingress traffic management, including local and global server load balancing (GSLB), web application firewall (WAF) and performance monitoring, across multi-cluster, multi-region, and multi-cloud environments. Avi integrates seamlessly with Kubernetes for container and microservices orchestration and security.
Universality
- Multi-Infra: Traditional and cloud-native apps in VMs/bare metal/containers
- Multi-Cluster: Inter/intra container cluster management and secure gateways
- Multi-Region: GSLB for multiple regions and geo-ware load balancing
- Multi-Cloud: Across on-premises data centers and multi-region public clouds
Traffic Routing
- Advanced ingress gateway with integrated IPAM/DNS
- L4-7 load balancing with SSL/TLS offload
- Automated service discovery
- North-south traffic management with content switching, redirection, caching, and compression
- CI/CD and application upgrades using Blue-Green or canary
Security
- Zero trust security model and encryption
- Distributed WAF for application security
- Single sign-on (SSO) integration for enterprise-grade authentication and authorization
- Positive security model and application learning for automated allowlist/denylist policies
Observability
- Real-time application and container performance monitoring with tracing
- Big data and machine learning driven connection log analytics
- Machine learning-based insights and app health analytics
How Enterprises Deploy Container Ingress Today
Global & Local Traffic Management
NSX ALB pod is running in the Kubernetes/OpenShift GSLB leader cluster and follower clusters, enabling multi-cluster application deployment, mapping the same application deployed on multiple clusters to a single GSLB service, extending application ingresses across multi region and multi availability zone deployments. Enterprise-class application services for containerized applications, orchestrated by platforms like Kubernetes, include:
- Load balancing, health monitoring, TLS/SSL offload, certificate management, session persistence, content/URL switching
- Redirecting requests to the appropriate site/region based on the availability, locality of the user to the site, site persistence and load
- Content/URL switching, redirection, error page, caching, compression and on-demand autoscaling
Application & Container Monitoring and Analytics
Analytics is the foundation for intent-based systems to collect, aggregate, accumulate, store, and rollup metrics and logs, especially for containerized applications with a microservices framework. NSX ALB provides the following container ingress traffic management capabilities without having to instrument each application:
-
Application Map:
Real-time dynamic map of communications between microservices available as a dependency map. Operators can extract critical metrics such as latency, bandwidth, request rate, etc. across microservices deployment architectures.
-
Analytics Dashboard:
An end-to-end latency view of all transactions in addition to real-time and historic views of critical metrics such as requests/transaction/connection rate/throughput.
-
Log File Analytics:
Logs of every significant transaction including errors and excessive latencies with built-in analytics by pool member, response time, device type and more.
-
Client Analytics:
Aggregated page load times, dimensional analytics such as device type, country, and detailed resource timing information for every page in the application via JavaScript.
-
Security Analytics:
A breakdown of TLS/SSL versions, transaction rate, health score based on SSL security profiles and certificates, DDoS analytics including type of attacks, and detection on bots attacks.
Dynamic Service Discovery
Service discovery bridges the gap between a service’s name and access information (IP address) by providing a dynamic mapping. NSX ALB provides an authoritative DNS server for users’ devices and other services to map host/domain names to virtual IP addresses (VIPs) to automate service discovery, including:
- Built-in IPAM for virtual IP address allocation
- A variety of DNS configuration options and the ability to add static A and CNAME records to the DNS server
- Continuous Integration and Delivery (CI/CD) and application upgrades using a Blue-Green or canary deployment models
