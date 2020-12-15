Successfully reported this slideshow.
Deploying Elastic, Self-Service Load Balancing for VMware NSX-T

  1. 1. Confidential │ ©2020 VMware, Inc. Deploying Elastic, Self-Service Load Balancing for VMware NSX-T NSX Advanced Load Balancer (Formerly Avi Networks) Bhushan Pai Sr. Technical Product Manager
  2. 2. Confidential │ ©2020 VMware, Inc. Agenda 2 NSX Data Center Introduction Load Balancing Challenges and Avi Solution Avi and NSX-T Integration Details Joint Benefits Live Demo How to Engage
  3. 3. 3Confidential │ ©2020 VMware, Inc. NSX Data Center Introduction
  4. 4. Confidential │ ©2020 VMware, Inc. 4 There Has Been a Lot of Innovation and Virtualization in the Data Center The Data Center Networking Challenge Except for one area… Compute Storage Networking
  5. 5. Confidential │ ©2020 VMware, Inc. 5 The Lack of Networking Virtualization is Holding Back Your Ability to… The Data Center Networking Challenge Keep up with the pace of business Secure your data centers Control cost Compute Storage Networking
  6. 6. Confidential │ ©2020 VMware, Inc. 6 NSX Data Center DATA CENTER Virtualization Layer NSX Platform Physical Infrastructure Hypervisor
  7. 7. Confidential │ ©2020 VMware, Inc. 7 NSX Data Center DATA CENTER Virtualization Layer NSX Platform Workloads vSwitch
  8. 8. Confidential │ ©2020 VMware, Inc. 8 NSX Data Center DATA CENTER Virtualization Layer NSX Platform Workloads vSwitch
  9. 9. Confidential │ ©2020 VMware, Inc. 9 NSX Data Center DATA CENTER Virtualization Layer NSX Platform Workloads vSwitch
  10. 10. Confidential │ ©2020 VMware, Inc. 10 Consistent L4-L7 enterprise-grade app services across multi-cloud environments Avi Networks (now VMware NSX Advanced Load Balancer) App Analytics / Insights Container Ingress Services DNS and IP Address Management (IPAM) Web Application Firewall (WAF) and App Security Global Server Load Balancing (GSLB) Enterprise-grade Load Balancing NSX Horizon(VDI) vSphere/vCenter Deliver Any App on Any Cloud with One Platform VCF VMC Tanzu vRO/vRA
  11. 11. 11Confidential │ ©2020 VMware, Inc. Load Balancing Challenges and Avi Solution
  12. 12. Confidential │ ©2020 VMware, Inc. 12 Delivers agility, operational Simplicity, and cost savings To Modern Distributed ArchitectureHardware/Virtual Load Balancer Challenges Expensive, Inflexible, and Restrictive Separate control points – operational complexity, hard to automate, painful upgrades Capacity management – manual VIP placement, costly overprovisioning, no fungible capacity Not designed for modern new environments On-premises Cloud Container Data Center 1 Data Center 2 DEPT1 DEPT2 Active Standby 0%Used Capacity 15%Used Capacity Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Data Plane Control Plane Data Plane Control Plane Data Plane Control Plane Data Plane Control Plane Blackboxes – hard to troubleshoot, finger- pointing between app and network team Network Team App Owners ?
  13. 13. Confidential │ ©2020 VMware, Inc. 13 Bare Metal Virtualized Containers ON PREMISES PUBLIC CLOUD Multi-cloud application services with centralized policies and full lifecycle management Modern Distributed Architecture – Key Attributes Control Plane Data Plane Avi Controller ELASTICITY Application Services Fabric ANALYTICS / OBSERVABILITY AUTOMATION CENTRAL ORCHESTRATION RESILIENCE
  14. 14. Confidential │ ©2020 VMware, Inc. 14 End-to-End Automation • Fully automated lifecycle management of creating service engines • Automatic placement of virtual services to the right resources • Dynamic pool member update using NSGroups On-Demand Scalability • Automatic horizontal scaling based on traffic needs • Re-balancing of VSs for optimal performance • Native built-in traffic log analysis per virtual service • Rich analytics that provide end-to-end visibility • Troubleshooting time reduced from days to minutes Easy to Troubleshoot • Optimal traffic flows with no traffic hair pinning • Active-active scale out of service engines Higher Performance Avi and NSX-T Integration Benefits Deliver multi-cloud load balancing for applications quickly and consistently * Future: the only platform with full policy automation – everything via NSX APIs
  15. 15. Confidential │ ©2020 VMware, Inc. 15 Roadmap • Avi (NSX Advanced Load Balancer) is VMware’s load balancing strategy going forward • Rich roadmap on integration between Avi and NSX as well as larger VMware product portfolio Recommendation for Customer deployments • New deployments and NSX-v to NSX-T migration: recommended to use Avi for all use cases Avi is the Load Balancer at VMware
  16. 16. 16Confidential │ ©2020 VMware, Inc. Avi and NSX-T Integration Details
  17. 17. Confidential │ ©2020 VMware, Inc. 17 Elastic LB fabric and security automation for app deployments Avi and NSX-T Integration Details NSX-T Manager Avi management traffic over secure channel API vCenter Avi Controller API Deploy SEs on ESXi ESXi Servers Management Workloads Compute workloads NSX-T Networking and Security • Lifecycle of SEs and elastic scale • Automates SE connection to logical network • Automates Virtual IP allocation via IPAM and registers FQDN in DNS • Automatically programs NSX-T for scale out • Supports NSGroups for load balancing pool and dynamic update of pool members . . .
  18. 18. Confidential │ ©2020 VMware, Inc. 18 Cloud creation Avi and NSX-T Integration Deployment Admin 1. Configure Cloud 2. Discover NSX-T Inventory and Infrastructure objects 3. Discover vCenter Inventory Hosts, Switches 4. Upload SE OVA to content library NSX-T ManagervCenter 1 23 4 Avi Controller ESXi Servers
  19. 19. Confidential │ ©2020 VMware, Inc. 19 Virtual Service creation Avi and NSX-T Integration Deployment NSX-T ManagervCenter LB admin / Application admin 1. Create Virtual Service 2. Create/Delete SE VMs Connect SE vNIC to Logical Switch 3. Deploy SEs on ESXi 4. Create: VIP routes for elastic scaling, NSGroups, Services 1 2 3 Avi Controller 4 ESXi Servers
  20. 20. Confidential │ ©2020 VMware, Inc. 20 VIP Routes and Scale Out Automation Tier-0 Tier-1 VIP/Data Segment Web Segment Pool2Pool1 NSX-T Manager Avi Controller SE2SE1 SE3 Active-Active SEs S SS S ManualConfigurationson NSX-T Advertisetier1 VIProutesvia BGP Redistribute VIP App Segment VIPgets placed on one or moreSEs depending on HA mode configured (Active-Active in this case) StaticRoute: VIP →SE1, SE2 VIPstatic routesgetcreatedon tier-1towhich theVIPlogical segmentis connected
  21. 21. Confidential │ ©2020 VMware, Inc. 21 VIP/Data Segment Web Segment Pool2Pool1 SE2SE1 SE3 S SS S App Segment Tier-0 Tier-1 VIP Reachability for External Client and Scale Out External Client ECMP StaticRoute: VIP → SE1 LearnedRoute: VIP →Tier-1uplink BGP LearnedRoute: VIP →Tier-0Uplink Admin initiatedor automaticscaleout A-A VIP placement NSX-T Manager UpdateStaticRoutes StaticRoute: VIP → SE1, SE2 VIP placedonsingleSE Avi Controller
  22. 22. 22Confidential │ ©2020 VMware, Inc. Joint Benefits
  23. 23. Confidential │ ©2020 VMware, Inc. 23 Consistent experience across multi-cloud envs. Single LB Fabric Across Clouds Single Management Point Centrally manage multi-cloud deployments Automate moves, adds, and changes across clouds No feature trade-offs between on-prem vs cloud Manage multi-site deployments with GSLB Bare Metal Virtualized Containers Across On-prem and Public Cloud Avi Controller
  24. 24. Confidential │ ©2020 VMware, Inc. 24 v2 Tenant 1 Always Active-Active, automatic failure handling Resilient, Self-Healing Fabric VIPs running on Avi Service Engines Active-Active Per-tenant/per-app LB-tenant isolation Service Engines (SE) are deployed in Active-Active configuration with anti- affinity rules Automatically moves VIPs if SE fails (e.g. accidental power off) and instantiates new SE Traffic is automatically rerouted with moves and changes Avi Controller Tenant 2
  25. 25. Confidential │ ©2020 VMware, Inc. 25 Scale vertically with more CPUs or horizontally with more Service Engines Elastic Autoscaling 2x 1-core SEs 32x 1-core SEs 1 core 2,500 SSL TPS 5,000 SSL TPS 1M SSL TPS Scale to millions of TPS or hundreds of GBs of throughput
  26. 26. Confidential │ ©2020 VMware, Inc. 26 Flexible, Non-Disruptive Upgrades Tenant 1 Tenant 3Tenant 2 v1 v1 v1 v1 v2 v2 Facilitates partial (non-disruptive) upgrades Upgrade select tenants or SE groups within tenant to V2 (after controller upgrade or later time) • Upgrade Tenant-2, Tenant-3 (SE group 3) to V2 • Config allowed, but any config changes to VSs in these SE groups are queued until SE group upgrade is completed • Upgrade other tenants or SE groups weeks later Rollbacks of Controller and SEs supported Avi Controller
  27. 27. Confidential │ ©2020 VMware, Inc. 27 Simplify troubleshooting, eliminate TCP Dumps Analytics and App Insights Eliminate finger-pointing Troubleshoot app performance, security and end-user issues in minutes Bare Metal Virtualized Containers Avi Controller • Connection log analytics • Security insights: DDoS • App performance metrics • End user experience End-to-End Timing Total Response Time End User Client RTT Server RTT App Response Load Balancer Server App
  28. 28. 28Confidential │ ©2020 VMware, Inc. Live Demo
  29. 29. Confidential │ ©2020 VMware, Inc. 29 How to Engage LEARN TRY TRAIN avinetworks.com/ docs | webinars vmware.com/go/try-avi-networks via.vmw.com/avi-testdrive avinetworks.com/wo rkshops
  30. 30. Confidential │ ©2020 VMware, Inc. Thank You

