Note:
- This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Configure HTTP Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC for Internet-Based Access
Overview
In this series, we have successfully deployed and configured NSX Advanced Load Balancer (formerly known as Avi Networks) controllers, established a DNS virtual service, deployed a HTTP virtual service, and enabled seamless connectivity for internal users to access web servers.
This is the fifth tutorial which extends our scope - It will guide you through the deployment of a HTTP virtual service on the NSX Advanced Load Balancer (NSX ALB) within the Oracle Cloud VMware Solution Software-Defined Data Center (SDDC), with a specific focus on making it accessible over the internet.
Objective
- Administrators will be able to deploy and access a HTTP virtual service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC via domain name for external users or internet-based access.
Prerequisites
- NSX ALB (Avi) controller has been deployed on the Oracle Cloud VMware Solution SDDC, see Tutorial 1: Deploy VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution SDDC.
Task 1: Set up Inbound External Connectivity for Oracle Cloud VMware Solution Overlay Segment
In the previous tutorials we have deployed, configured and set up access to the web servers only for internal users.
Now the Nginx virtual service IP needs to be mapped to public IP on Oracle Cloud Infrastructure (OCI) which will be then associated with our public domain name. This will set up external access for web servers.
To set up a demilitarized zone (DMZ) environment on Oracle Cloud VMware Solution SDDC, see A Detailed Guide to Deploy a DMZ on NSX-T for Oracle Cloud VMware Solution. Once the setup is deployed, we will have another set of NSX edges with dedicated Tier-0 and Tier-1.
Task 2: Configure NSX ALB (Avi) Controllers
We have configured DMZ on Oracle Cloud VMware Solution and have deployed NSX ALB (Avi) controllers. We now need to set up the configuration.
-
Follow [Tutorial 2: Configure VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution of this series and complete the following tasks.
-
Task 1: Add vCenter and NSX-T credentials
-
Task 2: Create Content Library on Oracle Cloud VMware Solution vCenter.
-
Task 3: Create DNS and IPAM profile on the NSX ALB (Avi) controller.
Note: We need to create additional NSX overlay segment.
-
-
Log in to the Oracle Cloud VMWare Solution NSX-T portal, navigate to Networking and Segments. Under NSX tab, click Add Segment.
-
Enter the following information and click Save.
- Name: Enter the name.
- Connected Gateway: Select the appropriate Tier-1 (in this tutorial, it is backed by DMZ uplink 2).
- Transport Zone: Select Overlay-TZ transport zone.
- Subnets: Enter the CIDR.
- We will not enable DHCP as the web servers will have static IP.
-
We also need to create additional overlay network to host management networks and web servers.
- Continue to follow Tutorial 2: Configure VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution from Task 5, the next imperative step involves seamlessly incorporating NSX-T as a Cloud connector.
Note: Most of the steps remain the same as per Tutorial 2: Configure VMware NSX Advanced Load Balancer on Oracle Cloud VMware Solution, the only difference is the Data Network Segment is aligned to DMZ Tier-01 as the users will be connecting over the internet.
Task 3: Configure and deploy DNS Virtual Service
To deploy DNS virtual service, see Tutorial 3: Configure DNS Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC and complete the following tasks.
- Task 1: Define IP range on the NSX-T Cloud connector network profile.
To deploy virtual service network that is avi-vs-external
on DMZ for public access, we need to refer the avi-vs-external
overlay segment to Tier-1-uplink-2
DMZ uplink.
Once the set up done, now we need to deploy DNS virtual service. We will follow Task 3 of Tutorial 3: Configure DNS Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC and select the avi-vs-external
for VIP that we configured earlier and other steps will be the same.
Task 4: Configure and Deploy HTTP Virtual Service
To deploy the HTTP virtual service, see Tutorial 4: Configure HTTP Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC for Internal Users and complete Task 2, during the VIP creation we need to select VRF backed overlay segment that is avi-vs-external
and other steps will remain the same.
Task 5: Map public IP with HTTP Virtual Service private IP
We are able to access the HTTP virtual service over IP and name internally. However, to access the URL over internet we need to map the HTTP virtual service private IP with public IP.
To attach a public IP to a guest VM in Oracle Cloud VMware Solution, see Learn How to Attach a Public IP to a Guest VM in Oracle Cloud VMware Solution.
The domain used in this series demoocvs.xyz
is registered with GoDaddy domain registry and we have created an entry for the same.
Next Steps
To Configure Global Server Load Balancing (GSLB) to access an HTTP virtual service on Oracle Cloud VMware Solution through NSX Advanced Load Balancer over the internet, see Tutorial 6: Configure GSLB to access an HTTP virtual service on Oracle Cloud VMware Solution through NSX Advanced Load Balancer over the internet.
Acknowledgments
- Author - Vaibhav Tiwari (Cloud VMware Solutions Specialist)
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Configure HTTP Virtual Service on NSX Advanced Load Balancer in Oracle Cloud VMware Solution SDDC for Internet-Based Access
F93338-01
February 2024
Copyright © 2024, Oracle and/or its affiliates.