Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure



Similar documents
AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM INTEGRATION WITH CISCO APPLICATION CENTRIC INFRASTRUCTURE

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR

Virtual Machine Manager Domains

Installing Intercloud Fabric Firewall

Installing and Configuring vcloud Connector

F-Secure Messaging Security Gateway. Deployment Guide

VMware vcenter Log Insight Getting Started Guide

INTEGRATING RECOVERPOINT FOR VIRTUAL MACHINES AND CISCO ACI

Installing and Configuring vcenter Support Assistant

VMware vcenter Log Insight Getting Started Guide

Getting Started Guide

Virtual Appliance Setup Guide

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

Guide to the LBaaS plugin ver for Fuel

Virtual Data Centre. User Guide

A10 Device Package for Cisco Application Centric Infrastructure (ACI)

Using the Advanced GUI

Secure ACI Data Centers: Deploying Highly Available Services with Cisco and F5 White Paper May P age

VMware vcloud Air Networking Guide

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

Monitoring Hybrid Cloud Applications in VMware vcloud Air

Deployment and Configuration Guide

Installing and Configuring vcloud Connector

OnCommand Performance Manager 1.1

Cisco Intercloud Fabric Getting Started Guide, Release 2.3.1

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Installing and Using the vnios Trial

vcloud Director User's Guide

Cisco ACI Simulator Release Notes, Release 1.2(1i)

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

vsphere Replication for Disaster Recovery to Cloud

Bring your virtualized networking stack to the next level

VMware Identity Manager Connector Installation and Configuration

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Web Application Firewall

vrealize Operations Management Pack for vcloud Air 2.0

Altor Virtual Network Security Analyzer v1.0 Installation Guide

HP CloudSystem Enterprise

RealPresence Platform Director

OnCommand Performance Manager 2.0

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

vrealize Air Compliance OVA Installation and Deployment Guide

App Orchestration 2.0

Secure Web Appliance. Reverse Proxy

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

vsphere Replication for Disaster Recovery to Cloud

Data Center Connector for vsphere 3.0.0

Virtual Web Appliance Setup Guide

vshield Administration Guide

vrealize Operations Manager Customization and Administration Guide

vshield Quick Start Guide

Thinspace deskcloud. Quick Start Guide

SonicWALL SRA Virtual Appliance Getting Started Guide

Junos Space. Virtual Appliance Deployment and Configuration Guide. Release 14.1R2. Modified: Revision 2

Software Defined Network (SDN)

Introduction to Mobile Access Gateway Installation

Virtualizing your Datacenter

Juniper Networks Management Pack Documentation

AWS Management Portal for vcenter. User Guide

Index C, D. Background Intelligent Transfer Service (BITS), 174, 191

Unitrends Virtual Backup Installation Guide Version 8.0

How to configure your Thomson SpeedTouch 780WL for ADSL2+

Unleash the power of Cisco ACI and F5 Synthesis for Accelerated Application deployments. Ravi Balakrishnan Senior Marketing Manager, Cisco Systems

SevOne NMS Download Installation and Implementation Guide

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Virtual Appliance Setup Guide

VMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015

Offline Data Transfer to VMWare vcloud Hybrid Service

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0

This How To guide will take you through configuring Network Load Balancing and deploying MOSS 2007 in SharePoint Farm.

App Orchestration 2.5

Deploying the BIG-IP System with VMware vcenter Site Recovery Manager

Using Public IP Settings

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

Configuring a single-tenant BIG-IP Virtual Edition in the Cloud

Virtual Managment Appliance Setup Guide

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

Dynamic L4-L7 Service Insertion with Cisco ACI and A10 Thunder ADC REFERENCE ARCHITECTURE

Web Sites, Virtual Machines, Service Management Portal and Service Management API Beta Installation Guide

Disaster Recovery Design with Cisco Application Centric Infrastructure

Uila SaaS Installation Guide

CloudCIX Bootcamp. The essential IaaS getting started guide.

System Administration Training Guide. S100 Installation and Site Management

Drobo How-To Guide. Cloud Storage Using Amazon Storage Gateway with Drobo iscsi SAN

App Orchestration 2.0

vcenter Operations Management Pack for SAP HANA Installation and Configuration Guide

Quick Start Guide. for Installing vnios Software on. VMware Platforms

VMware vsphere Replication Administration

Firefly Host. Installation and Upgrade Guide for VMware. Release 6.0. Published: Copyright 2014, Juniper Networks, Inc.

Quick Start Guide For Ipswitch Failover v9.0

VMware vcloud Director for Service Providers

Introduction to the EIS Guide

VMware vcenter Operations Standard Installation and Administration Guide

VMware

Flexible Identity Federation

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

Veeam Backup Enterprise Manager. Version 7.0

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Uila Management and Analytics System Installation and Administration Guide

Transcription:

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015

Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3 2 Avi Networks Cloud Application Delivery Platform (CADP)... 3 Components... 3 3 Integration with Cisco APIC... 4 Cisco ACI and APIC... 4 Service Graph... 4 Device Package... 4 Auto Reconfiguration of Device Cluster... 5 4 Installation... 5 Avi Controller OVA deployment... 7 Avi Controller configuration... 7 Avi SE IP address pool... 9 Verification of device package on Cisco APIC... 10 5 Virtual Service Deployment... 11 Creating a service graph template... 11 Creating a contract and applying it to EPGs... 12 Configuring a load balancing virtual service, using Avi UI... 13 2

1 Introduction Purpose This document describes how to deploy Avi Networks Cloud Application Delivery Platform with the Cisco Application Policy Infrastructure Controller, using VMware vcenter as Cisco APIC s Virtual Machine Manager (VMM), and includes common troubleshooting steps. Products Product Avi Networks CADP Avi Networks Device Package for Cisco APIC Cisco APIC VMware vcenter Versions 15.2 1.1 (This is embedded in Avi Networks CADP software) 1.03f or later 5.1, 5.5 2 Avi Networks Cloud Application Delivery Platform (CADP) Avi Networks CADP is a software- based solution that provides elastic application delivery services and real- time analytics, such as load balancing, SSL termination, and user- to- application timing. Components Avi Networks CADP is a fully distributed, virtualized system that consists of Avi Controller and Avi Service Engines (SEs), running as virtual machines (VMs). Avi Controller o A virtual machine that acts as a single point of control and management, providing GUI (Avi UI), analytics, and APIs. It manages the life cycle of Avi SEs by creating, controlling, and deleting them. It stores and manages all policies related to services and management. Avi Controller is also a single point of contact exposed to other cloud platforms and SDN controllers. For example, it communicates with VMware vcenter, the OpenStack controller, and Cisco APIC. Avi Service Engine (SE) o A virtual machine that takes actual user traffic and provides application delivery services while collecting real time metrics for user- to- application timing. An Avi SE is created, plumbed into network, and provisioned with a service policy dynamically by Avi Controller as required to deploy a virtual service (VS). The virtual service is a combination of an IP address and TCP/UDP port number that represents a load balancing service. 3

3 Integration with Cisco APIC Cisco ACI and APIC The Cisco Application Centric Infrastructure (ACI) is a distributed overlay network that is built on multipath leaf and spine switching nodes. Endpoint devices, such as servers and firewalls, are connected to leaf nodes. The Cisco Application Policy Infrastructure Controller (APIC) provides a single point of control and a repository of policy data for Cisco ACI. It communicates with Cisco ACI spine and leaf nodes to create isolated tenant networks, set up network paths, and insert network services, such as Layer 4 to 7 and security functions between endpoint devices. In the Cisco ACI policy model, endpoint groups (EPGs) represent a set of terminal objects or communication endpoints, such as clients and servers. Objects in the same EPG can communicate with each other freely, but objects in different EPGs must have a contract for communication. The contract defines traffic filtering rules and can include a service graph to offer network functions, such as Layer 4 7 services. Service Graph A service graph defines a list of functions and specifies that the path from one EPG to another EPG must pass through the functions. Avi Networks CADP provides inline analytics, application visibility, SSL termination, load balancing, and content acceleration services. IT admins can enable all of these features by including function nodes called ADCTier1 and ADCTier2 in a service graph. This two- node approach allows a virtual service to scale out in real time. Cisco APIC translates a service graph into a network path by associating it with concrete devices, associating the service graph with necessary bridge domains, and configuring IP addresses on the interfaces of the devices (Figure 1). In this model, Avi SEs represent concrete devices and Avi Controller acts as a single management point to interact with Cisco APIC. Device Package Avi Networks Device Package for Cisco APIC allows you to insert Avi Networks CADP services in Cisco ACI fabric. Avi Controller includes the device package and automatically uploads it to Cisco APIC and creates logical devices as part of its installation. Note: Avi Controller embeds the device package for Cisco APIC and automatically installs it into Cisco APIC as part of its installation. 4

Auto Reconfiguration of Device Cluster Figure 1 Service Graph Rendering Avi Controller adds Avi SEs to the device cluster dynamically by interacting with APIC and VMware vcenter. The L4-7 service policies, such as SSL termination and load- balancing policies are configured on Avi Controller, whereas network policies are configured on APIC controller. APIC places an Avi SE s data vnic in a proper port- group. Multi- tenancy You can export an Avi s device package to another tenant on APIC. Avi CADP will create a tenant accordingly and add a new concrete device when you add a load balancing virtual service. 4 Installation In this installation procedure, we use VMware vcenter as Cisco APIC s Virtual Machine Manager (VMM) to deploy Avi Networks CADP. For successful installation, you need: Avi Networks CADP software release 15.2 o The CADP software embeds Avi Networks Device Package for Cisco APIC Cisco APIC and VMware vcenter admin credentials Avi Controller needs to access Cisco APIC and VMware vcenter to automatically install its device package, create an L4- L7 device cluster, and spin up an Avi SE. The installation procedure consists of three tasks (Figure 2): Deploy an OVA file of Avi Controller and configure initial settings on Avi Controller via browser 5

Create a service graph for Avi L4- L7 service on APIC Create a contract, using APIC and a load balancing virtual service, using Avi Controller Figure 2 Avi CADP deployment workflow for APIC Avi Controller, APIC and vcenter must be able to communicate with each other. Avi Controller dynamically deploys an Avi SE VM instance as a concrete device. The Avi SE VM must be able to communicate with Avi Controller and APIC via its management vnic. When Avi Controller deploys an Avi SE, it places the management NIC of the Avi SE in a specified port- group for out- of- band management access (Figure 3). When an L4-7 service graph is instantiated, APIC places data vnics of the Avi SE in proper port- groups according to EPGs. Figure 3 Logical Network Diagram for Avi Deployment in APIC environment 6

Avi Controller OVA deployment Log in to your vcenter server via a vcenter client. Using the vcenter client, deploy the OVA file of Avi Controller. 1. Click File on the top menu and choose Deploy OVF Template. 2. Follow the instructions of the Deploy OVA Template wizard. 3. Provide the location of the Avi Controller OVA file. 4. Provide the name of Avi Controller and specify the target ESX host to deploy. 5. Choose Thick Provision Lazy Zeroed for disk format. 6. Choose a port group for Destination Networks in Network Mapping. This port group will be used by Avi Controller to communicate with your vcenter. 7. Specify the management IP address and default gateway. The management IP address must be of the CIDR format, e.g., 10.10.2.10/24. Do not leave them empty. 8. Power on the VM. Avi Controller configuration Connect to Avi Controller via browser. Follow the instructions of the setup wizard. 1. Create an administrator account. 2. Enter DNS server and NTP server information. 3. Choose VMware as your infrastructure a. Enter your vcenter IP address and credentials. b. Choose Write for permission and select the check box for Integration with Cisco APIC. 4. Provide the Cisco APIC information (Figure 4). a. Enter your APIC IP address and credentials. b. Enter an APIC tenant in which the Avi CADP device package will be deployed. c. Enter the APIC VMM Domain name. Figure 4 vcenter and APIC integration 7

5. Select a data center to deploy Avi SEs. 6. Select a port- group for Avi SE management network. a. This port- group should be out- of- band network in that it is not managed by APIC. b. The management interface of Avi SE will be connected to this port- group to communicate with the Avi Controller. c. If DHCP service is available, select DHCP. d. Otherwise, select Static and fill out the IP Address Pool field (Figure 5) Figure 5 Management Network selection After the installation, the Avi Controller creates a device cluster named ADCCluster for L4- L7 services (Figure 6). 8

Figure 6 ADCCluster from Avi Networks device package Avi SE IP address pool Avi SE has 10 vnics. The first vnic is the management vnic via which Avi SE communicates with Avi Controller. The rest of vnics called data vnics are used to take user traffic. After spinning up an Avi SE, Avi Controller connects the Avi SE s management vnic to the network specified for management during the initial configuration. Cisco APIC connects the data vnics to port- groups according to virtual service IP and pool member configuration. Data vnics connected to backend pool networks require interface IP addresses. Avi Controller automatically assigns IP addresses to data vnics from an IP address pool created by the administrator for each backend pool network. For every backend pool networks, create a static IP address pool. Each address pool must contain at least one IP address. After connected to networks (port groups), the data vnics need to be assigned an IP address. Assign a static IP address pool to networks: 1. Log in to the Avi Controller via browser. 2. Select Infrastructure from the pull- down menu on the top left corner. 3. Select the Networks tab. 2015 Avi Networks. All Rights Reserved. 9

4. Find out a port group to which your servers are connected. 5. Select the port group by clicking the edit icon on the right end. 6. Check Static on Network IP Address Management. 7. Select an IP subnet by clicking the edit icon. 8. Enter a static IP address or a range (Figure 7). 9. Repeat the steps to include all your potential VS and pool member networks. Avi Controller picks an IP address from the range and adds it to the data vnic connected to the port group. Figure 7 Adding a static IP address pool for SE data vnics Verification of device package on Cisco APIC Avi Controller automatically installs its device package after the initial settings are done. Verify that Avi CADP s device package is installed into the Cisco APIC. Click L4- L7 Services. Expand L4- L4 Service Device Types on the left pane and verify that the Avi CADP device package is available (Figure 8). 10

Figure 8 Device Package verification Note: Cisco APIC completely controls distributed virtual switches and port groups. In other words, do not create port groups manually. APIC programs Avi SE s vnics to place them in proper EPGs or port- groups. 5 Virtual Service Deployment Creating a service graph template 1. Select the tenant in which you deployed an Avi Controller. 2. Navigate to L4- L7 Services L4- L7 Service Graph Templates. 3. Click Actions and select on the pull- down menu Create an L4- L7 Service Graph Template (Advanced). 4. Provide a name for the graph template. 5. Drag ADCTier1 under the Avi device from the left pane, drop to the main window, and select AviADCTier1 on the pull- down menu for Node Properties. Do the same for ADCTier2. 6. Connect Consumer EPG with the external connector of ADCTier1, the intermediate connectors to each other, and Provider EPG with the internal connector of ADCTier2 (Figure 9). While connecting nodes, choose L2 for Adjacency Type and check Unicast Route. 11

Figure 9 Service Graph template 7. Under the graph template, navigate to Function Node N1 external and select ADCTier1/external on the Meta Connector pull- down menu. Navigate to Function Node N1 internal and select ADCTier1/intermediate (Figure 7). Figure 10 Function Connectors 8. Similarly, navigate to Function Node N2 external and select ADCTier2/intermediate on the Meta Connector pull- down menu. Navigate to Function Node N2 internal and select ADCTier2/internal. 9. After these changes, the graph template should look like Figure 8. Figure 11 Service Graph Template Creating a contract and applying it to EPGs Create a contract for the load balancing policy with the graph template. 12

1. Select the tenant in which you deployed an Avi Controller. 2. Navigate to Security Policies Contracts on the left pane. 3. Click Actions and select Create Contract on the pull- down menu. 4. Provide a name for the contract and add a subject with filters and the graph template created previously (Figure 12). 5. Associate the contract with a consumer EPG and a provider EPG. The provider EPG must contain servers to load balance. Figure 12 Creating a Contract Configuring a load balancing virtual service, using Avi UI Create a VS in the tenant you deployed the Avi CADP device package or a tenant to which you exported the device package. 1. Click admin in the top right corner and select a tenant (Figure 13) 2. Navigate to Applications Dashboard 3. Click New Virtual Service and select Basic Setup on the pull- down menu 4. On the New Virtual Service edit menu, select a graph instance in the Name field identified by <contract name>:<graph name> (Figure 14) 5. Check EPG on the Select Server menu 6. Select an EPG for your servers to be load balanced on the APIC EPG pull- down menu 7. Click Save Note: It can take up to 3 mins until the VS becomes online because a new concrete device needs to be added 13

Figure 13 Selecting a tenant Figure 14 Creating a Virtual Service for load balancing 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information