Oracle Cloud Infrastructure IPAM Support on Avi Vantage
Overview
Starting with release 18.1.3, Avi Vantage supports integration with Oracle Cloud Infrastructure via Linux server cloud. For the integration, Avi Vantage uses the OCI IPAM feature. The following are a few limitations of the Oracle cloud integration with Avi Vantage:
- Only active/standby high availability mode on Avi Vantage is supported.
- The IP address of virtual services and SEs should be on the same subnet.
- Since SEs are in active/standby mode, each SE group can have only two SEs, and both should be on the same subnet.
- Scale out on Avi Vantage is not supported.
Note: Starting with Avi Vantage 18.2.6, Oracle hierarchical compartments are supported.
Configuring OCI with Avi Vantage
This section covers the following sections:
- Configuring OCI credentials
- Configuring OCI IPAM
- Creating a Linux Server Cloud using OCI IPAM profile
- Creating a virtual service
Note: The proxy configuration on the Avi Controller is optional. This should be configured when the Avi Controller is placed in a proxy environment.
Configuring OCI Credentials
An OCI user is created using the configure cloudconnectoruser <username> command.
Login to the shell mode of the Avi CLI, execute the configure cloudconnectoruser <username> command, and provide the following details:
- oci_credentials to enter the mentioned submode
- user – User OCID
- key_content – Private key content for signing api (Replace every next line with \n character while copying the key content in quotes)
- pass_phrase – Pass_phrase for the private key(only if key is encrypted)
- fingerprint – Fingerprint generated after adding the public key at OCI console
Once the attributes are provided, apply the save command twice to save the changes.
admin@10-0-0-77:~$ shell
Login: admin
Password:
[admin:10-0-0-77]: > configure cloudconnectoruser ocuser
[admin:10-0-0-77]: cloudconnectoruser> oci_credentials
fingerprint API key with respect to the Public Key
key_content Private Key file (pem file) content
pass_phrase Pass phrase for the key
user Oracle Cloud Id for the User
[admin:10-0-0-77]: cloudconnectoruser> oci_credentials
Once the required attributes are provided, the output for the show cloudconnectoruser ocuser is as shown below:
admin@10-0-0-77:~$ shell
Login: admin
Password:
[admin:10-0-0-77]: > show cloudconnectoruser ocuser
+-----------------+----------------------------------------------------------------------------------+
| Field | Value |
+-----------------+----------------------------------------------------------------------------------+
| uuid | cloudconnectoruser-76d0f3a2-0af1-4d9f-aba9-4c590bfcf714 |
| name | ocuser |
| private_key | <sensitive> |
| public_key | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDANj6Md4Hpd2jLipbUXW9V9EULhU0rUpZTZYRknQxy |
| | SB+FeyEcdyhSIMcf60QRAGEcaBnU8p9eNb+nuTS0Zo+SN8pLuGXzn16Bj5Uni4aqvbx+GQnZnjGoDfmT |
| | q7TruMzm23HBc2CWqBG/SnkgkLkg/O5BKJKbMap3T0o6RYRFfJ6VUfY5c7rKkAt4SWMxQYlEQmecmAxu |
| | Vz0sDdl3khiluGMKiuhRvTxNwdANTMqgx7kWLwbJ5QKGUuOolCjrxY9ybjUksYA+SZXGo0bCbLBb99pu |
| | WmZDq669Lcxi6IHT9970g9YWcrRTSxNKvWux42I11/2E2ChZ6KDmD9B+66RV root@10-0-0-77 |
| | |
| oci_credentials | |
| user | ocid1.user.oc1..aaaaaaaajrv3bnyvkgqstnjh6dhy7jgbayejmdrxwy4rzxjsklsouox2tuza |
| key_content | <sensitive> |
| fingerprint | <sensitive> |
| tenant_ref | admin |
+-----------------+----------------------------------------------------------------------------------+
[admin:10-0-0-77]: >
Configuring OCI IPAM
Create the IPAM profile using the OCI user created in the previous section.
Login to the Avi shell mode, execute the configure ipamdnsproviderprofile <profile name> command, and provide the value for the following attributes:
- type – Set the value as IPAMDNS_TYPE_OCI
- oci_profile
- tenancy $ndash; tenancy OCID
- region – OCI region name
- cloud_credentials_ref –The reference to the cloud connector user created in the previous section. Use the tab keystroke to list the users.
- vcn_compartment_id – compartment OCID of the the VCN
- vcn_id – VCN OCID
admin@10-0-0-77:~$ shell
Login: admin
Password:
[admin:10-0-0-77]: > configure ipamdnsproviderprofile ocprof
[admin:10-0-0-77]: > configure ipamdnsproviderprofile ocprof2
[admin:10-0-0-77]: ipamdnsproviderprofile> type ipamdns_type_oci
cloud_credentials_ref Credentials to access oracle cloud
region Region in which Oracle cloud resource resides
tenancy Oracle Cloud Id for tenant aka root compartment
vcn_compartment_id Oracle cloud compartment id in which VCN resides
vcn_id Virtual Cloud network id where virtual ip will belong
Once the required attributes are provided, the output of the show ipamdnsproviderprofile <profile name> command is as shown below:
[admin:10-0-0-77]: > show ipamdnsproviderprofile prof1
+-------------------------+----------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+----------------------------------------------------------------------------------+
| uuid | ipamdnsproviderprofile-d67ad96c-8bbf-48ff-ab40-5580621c1c69 |
| name | prof1 |
| type | IPAMDNS_TYPE_OCI |
| oci_profile | |
| tenancy | ocid1.tenancy.oc1..aaaaaaaay7s6icq755xqlytpl33i7ysjzzb2kv3vk3itg5ilsxanrzqmsaha |
| region | us-phoenix-1 |
| cloud_credentials_ref | ocuser |
| vcn_compartment_id | ocid1.compartment.oc1..aaaaaaaa5trt72k3smsky7fz27gqlucbfa2lmynshky4hl4r7gom6wcph |
| | mrq |
| vcn_id | ocid1.vcn.oc1.phx.aaaaaaaangx3fookzumnhck3st5obrruwsmxiqgtx2ic7zoharlhwi262gla |
| allocate_ip_in_vrf | False |
| tenant_ref | admin |
+-------------------------+----------------------------------------------------------------------------------+
[admin:10-0-0-77]: >
Creating a Linux Server Cloud Using OCI IPAM Profile
Create a Linux server cloud, and associate the OCI IPAM profile (prof1) created in the previous section to the cloud configuration.
For configuring a Linux server cloud, refer to Installing Avi Vantage for Linux Server Cloud.
Creating a Virtual Service
Before creating a virtual service, make sure that the active/standby high availability mode must be set for the SE Group in which the virtual service will be placed.
Login to the shell mode for the Avi CLI, execute the configure virtualservice <virtual service name> command, and provide the following attributes::
- pool_ref – pool name/reference. Use tab for listing the pools.
- vip – This is used to enter submode
- auto_allocate_ip – Set the value as true
- auto_allocate_ip_type – Provide the value as v4_only
- subnet_uuid: Subnet for the OCID
Use the Avi REST API mentioned below to get the available subnets in the configured VCN.https://<controller_ip>/api/networksubnetlist/?include_name&sort=name&auto_allocate_only=true&cloud_uuid=<cloud_uuid>&fip_capable=false&page_size=8&page=1& - save
- services
- port – port number
- save
- cloud-ref
- se-group-ref
[admin:10-0-0-77]: > configure virtualservice vs2
[admin:10-0-0-77]: virtualservice> pool_ref pool1
[admin:10-0-0-77]: virtualservice> vip auto_allocate_ip
auto_allocate_ip Auto-allocate VIP from the provided subnet.
auto_allocate_ip_type Specifies whether to auto-allocate only a V4 address, only a V6 address, or one of each type
[admin:10-0-0-77]: virtualservice> vip auto_allocate_ip
auto_allocate_ip Auto-allocate VIP from the provided subnet.
auto_allocate_ip_type Specifies whether to auto-allocate only a V4 address, only a V6 address, or one of each type
[admin:10-0-0-77]: virtualservice> vip subnet_uuid
[admin:10-0-0-77]: virtualservice> save
[admin:10-0-0-77]: virtualservice> services port 80
[admin:10-0-0-77]: virtualservice> save
[admin:10-0-0-77]: virtualservice> save
Once the values of all the required attributes are provided and saved, the output for the show virtualservice <virtual service name> is as shown below:
[admin:10-0-0-77]: > show virtualservice vs1
+------------------------------------+----------------------------------------------------------------------------------+
| Field | Value |
+------------------------------------+----------------------------------------------------------------------------------+
| uuid | virtualservice-431ef6ae-4734-4a68-8739-d97592093f90 |
| name | vs1 |
| enabled | True |
| services[1] | |
| port | 80 |
| enable_ssl | False |
| port_range_end | 80 |
| application_profile_ref | System-HTTP |
| network_profile_ref | System-TCP-Proxy |
| pool_ref | pool1 |
| se_group_ref | Default-Group |
| network_security_policy_ref | vs-vs1-Default-Cloud-ns |
| analytics_policy | |
| full_client_logs | |
| enabled | False |
| duration | 0 min |
| all_headers | False |
| throttle | 10 per_second |
| client_insights | NO_INSIGHTS |
| metrics_realtime_update | |
| enabled | False |
| duration | 0 min |
| udf_log_throttle | 10 per_second |
| significant_log_throttle | 10 per_second |
| enabled | True |
| vrf_context_ref | global |
| enable_autogw | True |
| analytics_profile_ref | System-Analytics-Profile |
| weight | 1 |
| delay_fairness | False |
| max_cps_per_client | 0 |
| limit_doser | False |
| type | VS_TYPE_NORMAL |
| cloud_type | CLOUD_LINUXSERVER |
| use_bridge_ip_as_vip | False |
| flow_dist | LOAD_AWARE |
| ign_pool_net_reach | False |
| ssl_sess_cache_avg_size | 1024 |
| remove_listening_port_on_vs_down | False |
| close_client_conn_on_config_update | False |
| bulk_sync_kvcache | False |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
| east_west_placement | False |
| scaleout_ecmp | False |
| active_standby_se_tag | ACTIVE_STANDBY_SE_1 |
| flow_label_type | NO_LABEL |
| vip[1] | |
| vip_id | 0 |
| ip_address | 10.0.0.89 |
| enabled | True |
| network_ref | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
| | a |
| port_uuid | ocid1.vnic.oc1.phx.abyhqljsijfqpsfw4rrcm4ddacwlsxatfn45xzghbntwyjzl2ednurevibzq |
| subnet_uuid | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
| | a |
| subnet | 10.0.0.0/24 |
| auto_allocate_ip | True |
| auto_allocate_floating_ip | False |
| avi_allocated_vip | True |
| avi_allocated_fip | False |
| ipam_network_subnet | |
| network_ref | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
| | a |
| subnet | 10.0.0.0/24 |
| subnet_uuid | ocid1.subnet.oc1.phx.aaaaaaaao2set67ymnpabx73rau22xelyqm2gkx4udoiyuns33ypf6aaq2d |
| | a |
| auto_allocate_ip_type | V4_ONLY |
| vsvip_ref | vsvip-CDvjAK |
| use_vip_as_snat | False |
| traffic_enabled | True |
+------------------------------------+----------------------------------------------------------------------------------+
[admin:10-0-0-77]: >