Lab Guide: Modern Load Balancing This lab will walk you through the basics of load balancing with Avi. Feel free to take extra time and explore.

Demo Avi Feel free to play around with the system. This is a demo environment. You can't hurt it! Access the lab environment via us.academy.demoavi.us or europe.academy.demoavi.us Username is your email address (lowercase), password is Aviclass123 These credentials will be valid for a short period of time. Contact Avi for longer access Virtual Service Create a virtual service Select the Applications menu at the top, then Virtual Services on the left Start the VS Creation Wizard. Under Virtual Services on the left, Click the blue CREATE pulldown Select Basic Setup VS Name: Use your name Use the default application type HTTP Create a VS VIP Scroll down to the VIP Address Section Do not use any of the existing configured VIPs in the drop-down. Click the three vertical dots to the right, then Click the Create button. This opens the Create VS VIP window Name: Leave the default name or Give the VIP object any name VIPs: Click the ADD button Enable VIP should be CHECKED Availability Zone: Select the first / top option in the drop-down menu Private IP: Auto Allocate (Avi will acquire the IP from the configured IPAM) VIP Address Allocation Network: Public AZ1 (be sure to select Public, not Private) IPv4 Subnet: 10.0.20.0/22 Public IP: Select Auto-Allocate (This is the private to public NAT) Click SAVE, then SAVE again to complete the VS VIP and return to the New Virtual Service window Create a server pool Scroll down to the Pool Section Select Servers: Click the blue on white BY NETWORK button on the right Network: From the pulldown list select Private-AZ1 network Servers: Check the boxes to Select server1 through server4 Click the ADD button at the bottom right (Don't forget this step) This returns you to the NEW VIRTUAL SERVICE window Click the SAVE button in the bottom right to complete the VS creation The new virtual service will be opened to the Analytics tab If you hover your mouse over the name of the virtual service, various status updates will be displayed Congratulations! You have created a virtual service! Verify Service Engine creation If this is the first VS created in your environment, the Avi Controller must first create Service Engines (load balancers) SE creation takes about 3 minutes Select the Applications menu at the top, then Virtual Services on the left The VS health score is next to the VS name, initially will be red with a low score The health should change to green once the SEs are created and the score will improve Hover your mouse over the health score periodically to see the progress of the SE creation Test the VS Once your VS score is green, you can test it Click the name of your new vs to open the VS details Hover your mouse over the Virtual Service: [your name] text. The pop-out box shows additional information The NATed public IP for the virtual service should be below the internal private VIP Copy the public VIP address Open a new browser tab and enter http://thepublicvip with the IP you copied If it works, you should see a basic web page with two txt files If it's not working, edit the VS If in the VS detail screen, use the pencil icon in the top right If in the main VS list, click the three dots at the right and select Edit Common items to check include: Selected the correct AZ and network for the VIP address Pool is configured with servers Application type and port The logs in the verify section could be useful Verify In the VS details view, click on the Logs tab Select the Logs menu to show the logs generated from testing your application Expand an individual log by clicking on the pulldown icon on the right side of the log Expose the full log details by clicking on the three dots and selecting Log detail Close the detailed log by clicking the X in the top right corner Avi can be set to higher logging levels with increased verbosity for advanced troubleshooting SSL/TLS Change the site to TLS encryption Edit the VS (pencil icon on the top right of the VS page) Add a second service port for 443 and enable the SSL checkbox An SSL Settings section will appear on the bottom right Set the SSL Profile to the System-Standard - This defines the SSL/TLS versions and ciphers to support For the SSL Certificate, select both System-Default-Cert (RSA cert) and System-Default-Cert-EC (EC cert) Test the site via https:// [your VS IP] - You will get an SSL certificate error as the cert is self-signed Which certificate did your browser negotiate, EC or RSA? Take a look in the logs to find out. HTTPS Redirect Automatically redirect clients from HTTP to HTTPS There are several ways to accomplish redirection with increasing levels of sophistication and flexibility. This exercise shows one example of accomplishing this task. Edit the VS Select the Application Profile (currently set to System-HTTP) and create a new app profile Give the new HTTP profile any name Set the Type to HTTP Select the Security tab at the top Select SSL Everywhere - This will enable HTTP to HTTPS redirect, rewrite server redirects, and enable common SSL tasks Save the new profile then save the changes to the VS Verify the redirect by accessing the site via HTTP Server Health Troubleshoot problematic servers Navigate to Applications > Dashboard Set the view to View VS Tree (if it is not already) Select the + to the right of your virtual service to expand the view - The illustration shows the VS on the left, point to the Pool to the right, then the servers in the pool. The Service Engine is shown below. To see why a server is marked down, mouse over the red health score The servers that are green / up are not entirely problem free. Hit the site a few times and check the logs, filtering for Significant (the red logs). Issues range from intermittent server slowdowns to missing files to simply the wrong content. Apply a custom health monitor Navigate to Pools page, select the [yourname-pool] pool to drill into this object Select the Servers tab of this pool to view the it's servers Edit the pool via the pencil icon in the top right Remove the default System-HTTP health monitor via the trash can icon - this monitor is very basic, validating a 200 OK response came back, not the content Select the Add button to apply a more robust HTTP health check Select Avi Rocks health monitor and save the change to the pool - This health monitor looks for specific content to be returned One of the servers is now marked down because of a content mismatch Click on the server name to drill in further to this server In the health monitor table, click in the name of the Avi Rocks health check to expand. What content is this server returning versus expected content from the new health monitor? Advanced Virtual Service Functionality This lab enables a few interesting features Create a new virtual service via Advanced Setup - This mode will expose a few more options Step 1 Settings: As before, provide a Name and VS VIP In Advanced setup, a pool is not created automatically, so Create a Pool via the pool pulldown menu - This pauses the VS creation and jumps into a pool create workflow Give the new pool a name Scroll down to Servers, enter 18.216.156.188 followed by the blue Add button, then Save to complete the pool creation process The workflow returns to the unfinished VS, which is now pointing to the new pool Step 2 Policies: Select Next to go to the Policies page, select HTTP Request followed by the green + button - Policies are simple mechanisms to provide content manipulation or similar functionality Under the Action table, use the pulldown menu to Add New Action, select Modify Header, change the default from Remove Header to Add Header, set the Name to test and the Custom Value to true, the green Save Rule button, then Next - This will add a custom header into all client requests for this site Step 3 Analytics: Select the Log All Headers checkbox then Next - This will increase the logging level to capture client headers, cookies, etc Step 4 Advanced: For the Host Name Translate, enter nomoreproxypass.com (or something similarly fun!) followed by Save - This will change the hostname requested by the client from the IP address to this hostname before the request is forwarded to the server Step 5 Advanced: Select Use VIP As SNAT checkbox. This enables the Service Engine to use a unique source address when initiating traffic to remote networks and overcomes some routing challenges specific to this lab in AWS Validate the settings Access the new VS to generate some traffic - The website being returned is a simple DataScript on another VS that reflects the headers it received, a fun way to compare what the server sees versus what the client sent Navigate to the Logs page of the VS, select Non-Significant Logs to filter for all logs Expand a log, then select the blue View All Headers text on the right of the expanded log On the title bar of the top table, click the dark blue bar to expand - This view shows Headers Received from the Client. Rows in yellow were modified by Avi, red rows were removed by Avi, and in the Headers Sent to Server column, green rows were added by Avi Try adding more logic, such as HTTP Request Policies to send traffic different pools Learn More Interested in taking Avi for a real spin? Here are some suggestions If you want more time to use this lab, just send us a message Contact learnavi@broadcom.com for any issues with the lab or questions about Avi Knowledge base articles: techdocs.broadcom.com Join a free, technical workshop: go-vmware.broadcom.com