Avi (NSX-ALB) – Multiple Applications behind the same VIP


Earlier I wrote a blog post about creating a Reverse Proxy with Avi for my Nexus Repository. So I already have an existing Virtual Service in Avi that presents the Nexus Repository website on port 443. The VIP is

Current Setup

Nexus Repository Virtual Service Namepotus-nexusrepo
Nexus Repository Virtual Service VIP10.10.60.15
Nexus Repository Virtual Service Port443
Nexus Repository Server IP Address10.10.30.35
Nexus Repository Ports8081 (Website)
5000 (Docker Repository)

What do we want to achieve?

Now I would like to present my Nexus Docker Repository over HTTPS using the same VIP. We will be adding a new Service Port (5000) to the existing Virtual Service VIP.

Avi Configuration

Let’s get started!

1. Browse to your Avi’s Website and login
2. Go to the ‘Applications‘ view and select ‘create virtual service‘ on the top right of your page and select ‘Advanced Setup‘:

3. Give your Virtual Service a Name

4. Click on ‘Switch to Advanced

5. Select your existing Virtual Service:

6. Under ‘Profiles‘ make sure to selectSystem-TCP-Proxy‘ and ‘System-Secure-HTTP‘ as shown below:

7. We will need to create a new Pool for the Nexus Repository Server on Port 5000. Under ‘Pool‘ click ‘Create Pool‘:

8. Enter the required Details to create the Pool

AEnter a name for your Pool (e.g.: nexus-repo-pool-5000)
BEnter your Default Server Pool (e.g.: 5000)
CChoose your preferred Load Balance method (e.g.: Least Connections)
DEnable Passive Health Monitoring
EEnter the amount of Health Checks should be OK in order to consider the service Up
FChoose ‘System-TCP’ Health Check
GSelect ‘System-Analytics-Profile’ as the Analytics Profile
HMake sure to check ‘Enable real time metrics’ if needed
IDisable SSL, meaning that the Avi LB will communicate using HTTP towards the backend servers

9. Click Next to go to the ‘Servers’ tab and add your Server & Port

10. Now you should see your Server listed in the Pool:

10. Click Next to go to ‘Advanced’, leave everything at defaults and click ‘Save’. Your Pool should now be listed on the Virtual Service:

11. Enter the Port to which the Service should listen on and enable the SSL check:

13. Under the ‘SSL Settings’ select ‘System-Standard’ as the SSL Profile and upload or select your own SSL Certificate for this new Virtual Service:
14. Click ‘Next’ a couple of times and ‘Save’ in the end. We can leave all the other settings (Policies, Analytics, Advanced) at their default settings for now.

Let’s test it, right?

That’s it! Now you have 2 Virtual Services running behind the same VIP!

Stay tuned for more!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s