Deploying Avi Vantage in GCP for Network Load Balancing

This article explains provisioning and configuring Avi Vantage in Google Cloud Platform (GCP) with public IP support for Network Load Balancing.

Note: Starting with Avi Vantage version 20.1.3, Linux Server Cloud and GCP IPAM on GCP are not supported.

Overview

About Google Cloud Platform (GCP)

Google Cloud Platform is a cloud computing service that offers hosting services on the same supporting infrastructure that Google uses internally for end-user products such as search and YouTube. Cloud Platform provides developer products to build a range of programs from simple websites to complex applications.

Google Cloud Platform is a part of the Google Cloud enterprise services suite that provides a set of modular cloud-based services with a host of development tools that includes hosting and computing, cloud storage, data storage, translation APIs, and prediction APIs.

The following figure represents a sample deployment case for Google Cloud Platform.

gcp_nlb

Source: https://cloud.google.com/docs/

About Avi Vantage

The Avi Vantage Platform provides enterprise-grade distributed ADC solutions for on-premise and public-cloud infrastructure. Avi Vantage also provides built-in analytics to diagnose and improve the end-user application experience, helping in easy operations for network administrators.

Avi Vantage is a complete software solution which runs on commodity x86 servers or as a virtual machine and is entirely accessible via REST API calls.

Network Load Balancing

Network Load Balancing is used to balance the load on the systems based on incoming IP protocol data such as address, port, and protocol type.

Features

  • Network Load Balancing uses forwarding rules that point to target pools, which list the instances available for load balancing and define which type of health check that should be performed on these instances.
  • Network Load Balancing is a regional, non-proxied load balancer. You can use it to load balance UDP traffic and TCP, and SSL traffic on ports that are not supported by the SSL proxy and TCP proxy load balancers.
  • A Network load balancer is a pass-through load balancer. It does not proxy connections from clients.

Limitations

  • Protocol update is not supported.
  • No health checks. This results in increased failovers. Network Load Balancing health check supports http only, hence cannot be used against all types of applications.
  • Subnet routes scheme does not work with Network load balancers.

Configuring Avi Vantage

Before release 18.1.2, only private Virtual IPs (VIP) were supported. These were Virtual Private Cloud (VPC) routes from VIP to the Service Engine IP.

Starting with Avi Vantage release 18.1.2, creating a Floating IP (where a Network load balancer whose frontend will be a public IP allocated from GCP and the backend will be the Service Engines) is added.

Configuring IPAM

Configure the region name (region_name) and project (project_name), where the Service Engines reside and the Network load balancer will be created.

region-project

To edit the IPAM Profile,

  1. On Avi UI, navigate to Templates > IPAM/DNS Profiles.
  2. Click the edit icon against the IPAM profile (with the Type, Google Cloud Platform IPAM) to be edited. The Edit IPAM/DNS Profile: screen appears.
  3. Select Manual Configuration and enter the Project and Region details as shown in the following image:

    region-project

  4. Click on Save.

Editing the Cloud to Add IPAM Profile

To add GCP IPAM to a Linux Server cloud, edit the Default-Cloud. Choose the IPAM provider that was created as the GCP IPAM provider.

attach_gcp_ipam

Forwarding Rule

One virtual service will be one Network load balancer in GCP. This means one virtual service will have a frontend forwarding rule with the GCP external IP, and one target pool with the Service Engines as backend.


++Truncated Output++
+------------------------------------+-----------------------------------------------------+
[admin:10-146-43-2]: virtualservice> vip index 1
[admin:10-146-43-2]: virtualservice:vip> auto_allocate_floating_ip
Overwriting the previously entered value for auto_allocate_floating_ip
[admin:10-146-43-2]: virtualservice:vip> save
[admin:10-146-43-2]: virtualservice> save
++ Truncated Output++

region project

Note: Assigning floating IP is currently supported via the CLI only. UI support will be scoped-in in the future releases.

port-range

Auto-allocating FIP

All GCP resources for NLB will be created in the SEs project. Only auto-allocate of Floating IP will be supported.


++Truncated Output++
[2018-07-16 06:48:08,717] INFO [gcp_nlb.allocate_vip:63] old_vip_info: vip {
addr: "55.55.55.100"
type: V4
}
alloc_fip: false
|| new_vip_info: vip {
addr: "55.55.55.100"
type: V4
}
alloc_fip: true

Swagger APIs can be used to auto-allocate a Floating IP for Network load balancing VIP/virtual service via a PUT request using the same as below.


"vip" : [ {
"availability_zone" : "aeiou",
"ip6_address" : "",
"subnet" : "",
"port_uuid" : "aeiou",
"subnet_uuid" : "aeiou",
"avi_allocated_vip" : true,
"vip_id" : "aeiou",
"ip_address" : "",
"auto_allocate_floating_ip" : true, *
"enabled" : true,
"floating_subnet6_uuid" : "aeiou",
"auto_allocate_ip" : true,
"subnet6" : "",
"floating_ip" : "",
"floating_subnet_uuid" : "aeiou",
"avi_allocated_fip" : true,
"subnet6_uuid" : "aeiou",
"floating_ip6" : "",
"ipam_network_subnet" : "",
"network_ref" : "aeiou",
"discovered_networks" : [ "" ]


To know more about accessing OpenAPI (Swagger 2.0) from AVI API Documentation, click on OpenAPI (Swagger 2.0) Specification Integration

To know if the floating IP is Up,

  1. On Avi UI, click on the Virtual Services tab.
  2. Click on the virtual service for which the floating IP is allocated, to select it.
  3. Hover the mouse over the selected virtual service. The pop-up screen shows that that the floating IP is Up:

virtual_services_nlb

Virtual Service scale out to two different Service Engines is as shown in the following image. vs_scale_out

Sharing VIP with Network Load Balancer

Since the Network load balancer is created with ports 1-65535, shared VIPs can be created on the same IP as shown in the image.

shared-vip with NLB