Parallel to NSX Edge Using Avi Vantage for North-South Load Balancing

Note: Starting with Avi Vantage 20.1.3, support for NSX-V full access is deprecated, and the support for NSX-V full access will be removed in the upcoming releases. It is recommended to:

In this topology the Avi Service Engine (SE) is installed parallel to the NSX Edge. Physically, the Avi SE is deployed on any of the ESXi hosts on the edge rack. This topology is popular on layer 3 physical fabrics, such as spine-leaf, but also works on layer 2 physical fabrics.

Logical and Physical View

Logically, the Avi SE is installed parallel to the NSX Edge. Multiple SEs in the SE group may be deployed in elastic HA (active/active or N+M buffer) or legacy HA (active/standby) mode. The SE(s) connect(s) to the external network (non-encapsulated) for front-end and Web-tier-01 VXLAN (encapsulated) for the back-end. Traffic is SNATed by the SE. The default gateway for different servers (web, application and database) is the distributed logical router (DLR).

Logical View, Parallel to NSX Edge Using Avi Vantage for North-South LB Logical View, Parallel to NSX Edge Using Avi Vantage for North-South LB

 

Following the recommended design (refer to VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0), the recommendation is to configure the SE group properties to physically deploy the SEs in the edge racks where the external network is available.

Physical View, Parallel to NSX Edge Using Avi Vantage for North-South LB Physical View, Parallel to NSX Edge Using Avi Vantage for North-South LB

 

Traffic Flows

North-South Traffic Flow

Logical traffic flows are:

  • Client → web VIP on Avi SE
  • Avi SE → web server

 

Logical View, North-South Traffic Flow Logical View, North-South Traffic Flow

 

Physical traffic flows are:

  • Client on External network → ESXi hosting the SE → SE VM
  • SE VM → VXLAN on ESXi kernel hosting the SE → ESXi kernel hosting the web server VM
  • ESXi kernel hosting the web server VM → web server VM

 

Physical View, North-South Traffic Flow Physical View, North-South Traffic Flow

 

South-North Traffic Flow

Logical traffic flows originating from the web servers are:

  • Web server VM → DLR → Edge → External network

 

Logical View, South-North Traffic Flow Logical View, South-North Traffic Flow

 

Physical traffic flows originating from the servers are:

  • ESXi hosting web/application/DB server → ESXi hosting the Edge → External Note: DLR is not a step since it is distributed and done in the ESXi hosting the web/app/DB kernel.

 

Physical View, South-North Traffic Flow Physical View, South-North Traffic Flow

VIP requirements

  • Web-VIP requires SNAT