Installing the Controller in Microsoft Azure
About Microsoft Azure
Microsoft Azure is a cloud computing service that offers hosting and related public cloud services, as well as developer products to build a range of programs from simple websites to complex applications.
Azure provides a set of modular cloud-based services with a host of development tools, including hosting and computing, cloud storage, data storage, translation APIs and prediction APIs. Figure 1 depicts a sample Azure deployment.
Figure 1. Azure deployment
About Avi Vantage
The NSX Advanced Load Balancer Platform provides enterprise-grade distributed ADC solutions for on-premises as well as public-cloud infrastructure. This also provides built-in analytics to diagnose and improve the end-user application experience, while making operationalizing easier for network administrators.
NSX Advanced Load Balancer is a complete software solution which runs on commodity x86 servers or as a virtual machine and is entirely enabled by its REST API.
Purpose of This Guide
This document describes the process of provisioning Avi Controller as an application delivery controller for application workloads running inside Azure.
Note: The Controller installation is not required when Saas Controller is used. However, you need to create a cloud for Azure under the tenant, which has access to SaaS Controller.
The document is intended for:
- Network administrators: To configure and operationalize the Avi Vantage solution.
- Azure system administrators: To provision the NSX Advanced Load Balancer solution.
We assume familiarity with:
- The basics of load balancing and application delivery.
- Basic Azure functionality. For detailed information refer to the Microsoft Azure Documentation.
Use of NSX Advanced Load Balancer with Azure provides the following functionality:
- The Controller is available as an Azure appliance (VHD).
- Once the Controller is deployed, Azure account details and credentials are provided to it. It then connects to the Azure infrastructure and automatically provisions Service Engines as required.
- A single interface is available on the SE for control and data traffic (in-band management).
- VIP addresses are allocated from Azure IPAM.
- An optional, public VIP can be allocated automatically to a virtual service, along with a private VIP address.
Prerequisites and Assumptions
Both Microsoft Azure and NSX Advanced Load Balancer provide a variety of configuration and deployment options, based on individual requirements. This guide makes the following assumptions regarding the infrastructure:
- For resource group where the Controller is spawned, a role of contributor or higher is required.
The resource group must have an Azure Virtual Network (VNet) configured with a subnet.
For the purpose of this document, the resource group avi-vantage will be used to deploy the Avi solution. As displayed in the screenshot below, this group has
avi-vantage-vnet VNet, with an available address space of
10.20.0.0/16 and a subnet of
Microsoft Azure Resource Limits
Microsoft Azure objects have predefined limits to the number of instances that can be instantiated.
These limits are based on the location of a given subscription. For instance, the total number of cores that can be used by the subscription in a particular location defines these limits.
The following limits must be increased appropriately, to allow scaling virtual service and object creation in Microsoft Azure:
- Public IP addresses - Static
The default value is 20. This value should be increased if the deployment is expected to have more 20 public IPs.
Load Balancer Limits
Frontend IP configuration - Basic
The default value is 10. It is recommended to set this to a higher value. Each virtual service IP and port combination consumes one frontend IP configuration.
Rules per resource - Basic
The default value is 150. It is recommended to increase this to a higher value. Each virtual service IP and port combination consumes one rule.
The default value is 100. This limit should be raised as required if more than 100 Service Engine groups are expected.
The above limits can be increased by submitting a request to Microsoft Azure via a support case. For more details, please refer to Azure subscription and service limits, quotas, and constraints.
NSX Advanced Load Balancer Controller Instantiation
NSX Advanced Load Balancer is available in Azure Marketplace as a Bring Your Own License (BYOL) offering.
Access Azure Marketplace at https://azuremarketplace.microsoft.com/ and log in using your Azure credentials. Alternately, you can log in using your Azure credentials at https://portal.azure.com.
Marketplace Link: Navigate to the Avi Vantage page on Azure Marketplace.
Click on Get it Now to start the deployment process. If the deployment is via the Azure portal then create a new VM and search for Avi Networks. The virtual machine will show up in the search results.
Follow the given steps to initiate the deployment:
Provide the information requested under the Basics tab.
Click on OK to continue to the next tab.
- Based on deployment scale considerations, choose an appropriate VM size. The following table lists the minimum requirements for the VMs on which the Controller and the SEs are installed.
Component Memory vCPUs Disk Controller 24 GB 8 128 GB Service Engine 2 GB 2 15 GB
For the Controller, we recommend the following instance types:
Deployment Size Instance Type Memory vCPUs Disk (Minimum) Small DS4V2 28 GB 8 128 GB Medium DS5V2 56 GB 16 128 GB Large F32SV2 64 GB 32 128 GB
Refer to the Disk Capacity Allocation section in the Avi Controller Sizing KB for recommended hard disk size.
Note: Starting with NSX Advanced Load Balancer 22.1.2, you can create Controllers on
The below example shows a choice of eight CPUs and 28 GB memory. (Instance: DS4_V2)
In the Settings tab, select the following options:
- Availability set: It is recommended to use an availability set for Avi Controllers.
- Storage: Select Yes for managed disks.
- Virtual network: Create a new VNet, or use an existing VNet.
- Subnet: Select a subnet for Avi controller management IP address to be allocated from.
- (Optional) Public IP address: Allocate an existing or new public IP address to the controller VM.
- Network security group (firewall): Apply an existing or new network security group to restrict traffic to the controller.
Click on OK followed by Purchase to run final validations and initiate the deployment.
(Optional) Create a Controller cluster
To ensure complete redundancy, two additional Avi Controller nodes can be added to create a 3-node Avi Controller cluster.
To create a Controller cluster,
- If deploying from the Microsoft Azure Marketplace, use the JSON template found here.
- If deploying from a downloaded version of VHD, use the JSON template found here.
Once the Controller is up, it can be configured via a web browser. The FQDN will be mentioned as an output of the template execution, as in this case, avicontrollerpubip.westus.cloudapp.azure.com.
Avi Vantage Configuration Initial Configuration
Follow the given steps to complete the initial configuration. Each step is provided with an associated screenshot.
Provide credentials for the administrator account (Username:
Provide DNS and NTP Settings (Can be edited later).
Provide an email address to be used for alerts from the controller (Can be set up at a later stage).
Select No Orchestrator to complete the initial configuration.
Continue by clicking on No for Support multiple Tenants (Multi-tenancy can be enabled later).
Once the setup is completed, the browser will automatically refresh to the Avi Controller dashboard.
- The next step is to configure Microsoft Azure cloud on Avi Vantage. For more information on this, refer to Configuring Avi Vantage for Application Delivery in Microsoft Azure.
- Once the cloud is configured on Avi Controller, complete the steps for configuring virtual service. For more information, refer to Virtual Service Creation.