Create an NSX-T manager health check within AVI

by

Create an NSX-T manager health check within AVI:

As previously mentioned in this post AVI and heath check we want the ability to run an API health check against each node of the pool (NSX manager nodes).

Before we create the virtual service we need to create a health monitor for the NSX-T managers. To create a health monitor click on the following within the AVI GUI:

  • 1: Templates
  • 2: Heath Monitors
  • 3: Create
Create an NSX-ALB Health Monitor

When you create a health monitor the following window appears, add a name and description. the select the type to https (1 in AVI New Health Monitor Diagram)

AVI New Health Monitor

NSX-ALB Monitoring the Health of NSX Managers

Now the health monitor is set to https a new set of options appear

Configure the following options:

  • 1: Heath Monitor Port – 443
  • 2: Authentication Type – Basic
  • 3: Username: NSX Username to query the NSX API
  • 4: Password The password for the user in username
AVI Heath Monitor https settings

Once the https is completed we now need to fill out the API query and response fields:

Client Request Header field:

GET /api/v1/reverse-proxy/node/health HTTP/1.1

Client Request Body field:

application/json

Server Response Data field:

"healthy" : true

Response Code field enter the following:

2xx

The Completed form should look like the below output:

The explain what this is doing, The health check is running the API query and making sure the content type is application/json. This enables AVI to understand the response from the NSX-T nodes.

Once complete click save and add the monitor to the virtual service that is set up for your NSX-Manager Nodes.

Validation

To validate the NSX-ALBhealth check we need to simulate a real life failure of an NSX service. For this blog, I will stop the policy service on one of my NSX-T manager nodes.

Before and service is stopped check the health of the pool, below is an example of a healthy pool before we fail any service.

NSX-T Manager Pool

To stop the NSX-T manager policy service run the following:

stop service policy

To confirm the node is unhealthy test the API health check manually. You can check using the NSX manager GUI as demonstrated below.

NSX-T API Manager Node Down
NSX-T Manager Cluster Degraded
NSX-T Manager UI Policy Down

The API query the policy service is confirmed as down we can visibly see that the health of the pool has diminished, but most importantly the health check reconsised the member that is causing the issue.

AVI NSX-T Manager Node Down

To bring the service backup

start service policy

Confirm the node is healthy by running the API query manually, you should get an output similar to below:

NSX-T API Manager Node Up

Check the pool status in the AVI GUI:

For more details of the outage, we can look at the events within the pool:

AVI NSX-T Manager Pool Events

References:

VMware’s NSX-T manager external load balancer documentation can be found here:

https://docs.vmware.com/en/VMConfiguring an External Load Balancerdcdd-1D77-46CF-9F1E-AD9BE6BC55C1.html

AVI Heathcheck documentation:

https://avinetworks.com/docs/21.1/overview-of-health-monitors/