In Part 1 and Part 2, we deployed the Avi Load Balancers and completed the local load balancing setup in VMC SDDC01. To achieve high availability across different SDDCs, global load balancing is required. In this blog, let’s set up an active-active global load balancing service for our testing web application so that the web servers in both two SDDCs can serve the client simultaneously.
Section 1: Infrastructure
- Avi Controller Cluster
- Cluster IP: 192.168.101.3
- Controller Node1: 192.168.101.4
- Controller Node2: 192.168.101.5
- Controller Node3: 192.168.101.6
- SE Engine
- SE01: 192.168.101.10
- SE02: 192.168.101.11
- LB Virtual Service:
- VIP: 192.168.100.100 with back-end member server Centos03 (192.168.100.25)
- NAT: 184.108.40.206<->192.168.100.100
Task 2: Connectivity between VMC SDDC and TGW
Please refer to my friend Avnish Tripathi’s blog (https://vmtechie.blog/2019/09/15/connect-aws-transit-gateway-to-vmware-cloud-on-aws/) to connect VMC SDDC01 and VMC SDDC02 to AWS Transit Gateway with Route-based VPN.
Task 3: Set up NAT for DNS Service virtual IP in VMC Console
SDDC01: static NAT 220.127.116.11<->192.168.96.101. Here 192.168.96.101 is the DNS virtual service VIP in SDDC01.
SDDC02: static NAT 18.104.22.168<->192.168.100.101. Here 192.168.100.101 is the DNS virtual service VIP in SDDC02.
Task 4: Add Firewall rules for GSLB
- Allow inter-SDDC traffic as the below in VMC console.
- Allow DNS traffic from the Internet to GSLB DNS service virtual IP
Task5: DNS sub-domain delegation.
In the DNS server, delegate sub-domain (sddc.vmconaws.link) to the two DNS virtual service VIPs corresponding public IPs, which means the two to-be-defined DNS virtual services will work as the name servers of sub-domain.
Section 2: Enable GSLB
Task 1: Create a DNS virtual service
In the SDDC01 Avi Controller GUI, go to Application—>Virtual Services—>Create Virtual Service then input the parameters as below:
- Name: sddc01-g-dns01
- IPv4 VIP: 192.168.96.101
- Application Profile: System-DNS
- TCP/UDP Profile: System-UDP-Per-Pkt
- Service Port: 53
- Service Port: 53, override TCP/UDP with System-TCP-Proxy
- Pool: leave blank
Leave the rest of the settings as default.
In SDDC02, create a similar DNS virtual service (sddc02-g-dns01) with VIP 192.168.100.101.
Task 2: GSLB Site
Avi uses GSLB sites to define different data centers. GSLB sites fall into two broad categories — Avi sites and external sites. This blog focuses on Avi sites. Each Avi site is characterized as either an active or a passive site. Active sites are further classified into two types — GSLB leader and followers. The active site from which the initial GSLB site configuration is performed, is the designated GSLB leader. GSLB configuration changes are permitted only by logging into the leader, which propagates those changes to all accessible followers. The only way to switch the leadership role to a follower is by overriding the configuration of the leader from a follower site. This override can be invoked in the case of site failures or for maintenance.
In our setup, SDDC01 will work as “Leader” site and SDDC02 will work as “Follower” site.
In SDDC01 Avi Controller GUI, go to Infrastructure—>GSLB and click the Edit icon to enable GSLB Service.
In the “New GSLB Configuration” window, input the parameters as below:
- Name: sddc01-gslb
- Username: admin
- Password: Password for Avi Controller
- GSLB Subdomain: sddc.vmconaws.link
Then click “Save and Set DNS Virtual Service.
Select the newly defined DNS service in task1 as “DNS Virtual Services” and configure “sddc.vmconaws.link” as the subdomain, then save the change.
Now the GSLB setup is as below.
Click “Add New Site” button to add SDDC02 as the second GSLB site. Then Input the parameters below in the “New GSLB Site” window:
- Name: sddc02-gslb
- Username: admin
- Password: Password for Avi Controller
- IP Address: 192.168.101.3 (SDDC02 Avi Cluster VIP)
- Port: 443
Click “Save and Set DNS Virtual Services” button. Then select the newly defined DNS service in task1 as “DNS Virtual Services” and configure “sddc.vmconaws.link” as the subdomain, then save the change.
Now the GSLB Site configuration is completed. We can see that “sddc01-gslb” works as the “Leader” site and “sddc02-gslb” works as the “Active” site.
Typically, the VIP configured in a local virtual service (configured as a GSLB pool member) is a private IP address. In our configurations, the VIPs are 192.168.x.x. But these IP addresses are not reachable by the Internet client. To handle this, we have to enable NAT-aware Public-Private GSLB feature. Go to Infrastructure—>GSLB—>Active Members—>sddc01-gslb then click the Edit icon. In the advanced settings, input the following parameters:
- Type: Private
- IP Address:
Section 3: Create a GSLB Service
We are ready to create a GSLB service for our application (www.sddc.vmconaws.link) now. To achieve active-active GSLB service and distribute the load evenly across 3 backend servers (2 in SDDC01 and 1 in SDDC02). We developed the following GSLB service design:
- The GSLB service includes 1 GSLB pool.
- There is one GSLB pool member in each SDDC.
- Groups Load Balancing Algorithm: Priority-based
- Pool Members Load Balancing Algorithm: Round Robin
Go to Application—>GSLB Services—>Create, click the “Advanced Setup” button. In the “New GSLB Service” input the following parameters:
- Name: gslb-vs01
- Application Name:www
- Sudomain: .sddc.vmconaws.link
- Health Monitor: System-GSLB-HTTPS
- Group Load Balancing Algorithm: Priority-based
- Health Monitor Scope: All Members
- Controller Health Status: Enabled
Then click “Add Pool” and input the following parameters:
- Name: gslb-vs01-pool
- Pool Members Load Balancing Algorithm: Round Robin (Note this means the client will be sent to the local load balancer in both SDDC01 and SDDC02).
- Pool Member (SDDC01):
- Site Cluster Controller: sddc01-gslb
- Virtual Service: sddc01-vs01
- Public IP: 22.214.171.124
- Ratio: 2 (The virtual service will receive 2/3 load.)
- Pool Member (SDDC02):
- Site Cluster Controller: sddc02-gslb
- Virtual Service: sddc02-vs01
- Public IP: 126.96.36.199
- Ratio: 1 (The virtual service will receive 1/3 load.)
We will change the following parameters as well for this GSLB service.
Now we have completed the setup of active-active GSLB for our web service.
Let’s verify our work.
- The GLSB DNS service will respond to the DNS query for DNS name http://www.sddc.vmconaws.link with the public IP of SDDC01 web virtual services or the public IP of SDDC02 web virtual service via the round-robin algorithm.
- The web servers in both SDDCs serve the clients simultaneously.
This is the end of this blog. Thank you very much for reading!