Integrating with VMware NSX ALB (Avi Networks)

The integration between the IBM® NS1 Connect® platform and the VMware NSX Advanced Load Balancer enables global load balancing among application endpoints and services across a multi-cloud infrastructure. It allows you to push rich metrics from your virtual services (NSX ALB) to NS1 Connect where the data is combined with telemetry, like real user monitoring (RUM) data, to optimize application performance. You can leverage key metrics like the up/down status, average load, number of active connections, or number of requests per second. Optionally, you can configure more advanced L4-7 metrics like error counts and client RTT.

When configured, the data collected from the monitored endpoints is pushed to NS1 Connect in near real-time. The platform ingests the raw measurements and updates the connected answer metadata in the corresponding DNS record to reflect the latest availability, load, or key metrics. The metadata for each answer is referenced by the traffic steering filters in the record's Filter Chain configuration to eliminate answers or reprioritize the list based on some conditions. In this case, you can use the Shed Load filter or other

Configuration overview

Customers using the Avi Metrics Query API by using the avi-metrics container can set NS1 as an endpoint where it sends the results of health checks performed on the virtual service. In NS1 Connect , you configure a data source, selecting NS1 API as the source type. This generates a custom data source with a unique source ID. Then, you create a data feed for each individual endpoint or service being monitored and connect them to the corresponding DNS answers to enable automatic updates upon changes to the up/down status or other key measurements

For basic up/down monitoring, you can inject a Python script containing a valid NS1 Connect API key and the unique data source ID for the NS1 API data source into Avi Vantage, where you can define the parameters for the alert trigger to NS1 Connect if the up/down status of a virtual service changes. You can connect these data feeds to the "up/down" metadata field for automatic updates.

For load-related or other custom data collection, you must configure a Docker container running alongside each instance of an Avi controller in each data center or PoP. You must also define the alert parameters to determine how often the container should push data from the Avi load balancers to NS1 Connect, where it is ingested and used to update connected answer metadata fields, such as the average load, number of active connections, and number of active requests. Refer to the Avi documentation for a complete list of supported metrics.

Note: The body of the data feed request must be a JSON object containing one of the following:

For basic up/down monitoring: The data feed request may contain basic key/value pairs as in any standard record, region, or answer metadata tables, for example, {"up": "1"}. In this case, the data feed can be connected to the up/down metadata value in the corresponding DNS answer(s).
For load-related (and all other) measurements: If you configure more advanced data collection like load-related or custom metrics, you can create an object where keys match the label set when creating the data feed and values are metadata update tables. In this case, the data feed can be connected to any metadata field.

When data is flowing to NS1 Connect, you must complete the configuration by creating a Filter Chain within the corresponding DNS record(s). When the record domain is queried, each traffic steering filter in the record's Filter Chain configuration either eliminates or rearranges the list of answers based on some condition or behavior. For the purposes of this integration, the Filter Chain you configure depends on the type of data you want to inform traffic steering decisions. For basic up/down monitoring, refer to the Filter Chain described in Automatic failover. For load balancing, refer to the Filter Chain described in Automatic load shedding.

Refer to this GitHub repository for more information about implementing this integration. If you need assistance or experience any issues, contact IBM support.

Example

Suppose your load balancers can safely handle up to 10,000 requests per second (RPS) before performance degrades. In this case, you can use the Avi Metrics Script to send RPS data to NS1 Connect by creating a data source (type = NS1 API and associated data feeds for each monitored endpoint or virtual service. Then, you connect each data feed to the Active requests metadata field for the relevant answers so the metadata is automatically updated as the RPS value changes. Also, in the metadata for each answer, you set the low watermark value to 8000, indicating the point at which NS1 Connect should slow traffic to that answer (endpoint). Similarly, you set the high watermark metadata value to 10000, indicating the point at which NS1 Connect stops sending traffic to that answer. To complete the configuration, you configure a Filter Chain with the Shed Load filter which evaluates the current load metric (in this case, active requests) and compares it to the defined low and high watermark values to determine if it is safe to send traffic to the endpoint without it becoming overloaded.

If the RPS value reaches 8,000 (low watermark), NS1 Connect removes the answer from the answer pool in some, but not all, responses to incoming requests. If the RPS value increases, the platform will remove the answer more often, prioritizing alternative endpoints instead. If the RPS value reaches 10,000 (high watermark), the platform will stop sending traffic to the endpoint until it returns to a healthy state.