Note:

Configure HTTP Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC for Internet-Based Access

Overview

In this series, we have successfully deployed and configured NSX Advanced Load Balancer (formerly known as Avi Networks) controllers, established a DNS virtual service, deployed a HTTP virtual service, and enabled seamless connectivity for internal users to access web servers.

This is the fifth tutorial which extends our scope - It will guide you through the deployment of a HTTP virtual service on the NSX Advanced Load Balancer (NSX ALB) within the Oracle Cloud VMware Solution Software-Defined Data Center (SDDC), with a specific focus on making it accessible over the internet.

RackWare RMM BYOL

Objective

Prerequisites

Task 1: Set up Inbound External Connectivity for Oracle Cloud VMware Solution Overlay Segment

In the previous tutorials we have deployed, configured and set up access to the web servers only for internal users.

Now the Nginx virtual service IP needs to be mapped to public IP on Oracle Cloud Infrastructure (OCI) which will be then associated with our public domain name. This will set up external access for web servers.

To set up a demilitarized zone (DMZ) environment on Oracle Cloud VMware Solution SDDC, see A Detailed Guide to Deploy a DMZ on NSX-T for Oracle Cloud VMware Solution. Once the setup is deployed, we will have another set of NSX edges with dedicated Tier-0 and Tier-1.

RackWare RMM BYOL

RackWare RMM BYOL

Task 2: Configure NSX ALB (Avi) Controllers

We have configured DMZ on Oracle Cloud VMware Solution and have deployed NSX ALB (Avi) controllers. We now need to set up the configuration.

  1. Follow [Tutorial 2: Configure VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution of this series and complete the following tasks.

    • Task 1: Add vCenter and NSX-T credentials

    • Task 2: Create Content Library on Oracle Cloud VMware Solution vCenter.

    • Task 3: Create DNS and IPAM profile on the NSX ALB (Avi) controller.

    Note: We need to create additional NSX overlay segment.

  2. Log in to the Oracle Cloud VMWare Solution NSX-T portal, navigate to Networking and Segments. Under NSX tab, click Add Segment.

  3. Enter the following information and click Save.

    • Name: Enter the name.
    • Connected Gateway: Select the appropriate Tier-1 (in this tutorial, it is backed by DMZ uplink 2).
    • Transport Zone: Select Overlay-TZ transport zone.
    • Subnets: Enter the CIDR.
    • We will not enable DHCP as the web servers will have static IP.

  4. We also need to create additional overlay network to host management networks and web servers.

RackWare RMM BYOL

  1. Continue to follow Tutorial 2: Configure VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution from Task 5, the next imperative step involves seamlessly incorporating NSX-T as a Cloud connector.

RackWare RMM BYOL

Note: Most of the steps remain the same as per Tutorial 2: Configure VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution, the only difference is the Data Network Segment is aligned to DMZ Tier-01 as the users will be connecting over the internet.

Task 3: Configure and deploy DNS Virtual Service

To deploy DNS virtual service, see Tutorial 3: Configure DNS Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC and complete the following tasks.

To deploy virtual service network that is avi-vs-external on DMZ for public access, we need to refer the avi-vs-external overlay segment to Tier-1-uplink-2 DMZ uplink.

Once the set up done, now we need to deploy DNS virtual service. We will follow Task 3 of Tutorial 3: Configure DNS Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC and select the avi-vs-external for VIP that we configured earlier and other steps will be the same.

RackWare RMM BYOL

RackWare RMM BYOL

Task 4: Configure and Deploy HTTP Virtual Service

To deploy the HTTP virtual service, see Tutorial 4: Configure HTTP Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC for Internal Users and complete Task 2, during the VIP creation we need to select VRF backed overlay segment that is avi-vs-external and other steps will remain the same.

RackWare RMM BYOL

RackWare RMM BYOL

Task 5: Map public IP with HTTP Virtual Service private IP

We are able to access the HTTP virtual service over IP and name internally. However, to access the URL over internet we need to map the HTTP virtual service private IP with public IP.

To attach a public IP to a guest VM in Oracle Cloud VMware Solution, see Learn How to Attach a Public IP to a Guest VM in Oracle Cloud VMware Solution.

The domain used in this series demoocvs.xyz is registered with GoDaddy domain registry and we have created an entry for the same.

RackWare RMM BYOL

RackWare RMM BYOL

RackWare RMM BYOL

RackWare RMM BYOL

Next Steps

To Configure Global Server Load Balancing (GSLB) to access an HTTP virtual service on Oracle Cloud VMware Solution through NSX Advanced Load Balancer over the internet, see Tutorial 6: Configure GSLB to access an HTTP virtual service on Oracle Cloud VMware Solution through NSX Advanced Load Balancer over the internet.

Acknowledgments

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.