Rethinking Application Delivery: A First Principles Exploration of VMware's NSX ALB

3 mins. read
Nihal Latheef
SDDC Consultant

Note to the Reader: Before we delve into the technicalities of Avi Networks and how it addresses the complex networking landscape of today, it's essential to lay the context and background. The initial section of this blog provides a broader, more conceptual overview on today's digital transformation journey. It sets the stage by addressing the evolutionary shift in applications, the changing nature of networks, and the challenges brought about by these developments. So, if you're here solely for the Avi-specifics, you might want to skim through the start. However, for those looking for a comprehensive understanding, this foundational information paints a vivid picture of the context in which Avi operates and thrives.

In today's era of digital transformation, applications have evolved to become the pulse of enterprises. They're not just simple, static constructs addressing back-office requirements, instead they're dynamic, interactive, adaptive and elastic applications delivering digital experiences and central to every stakeholder conversation, from customers to partners. They are distributed across a landscape of datacentres, colocation facilities, clouds and edge environments, the modern distributed architecture. This metamorphous transition from monolithic to microservices and distributed architecture from an application development and deployment standpoint has indeed greatly increased their agility, scalability, and resilience. But from networking perspective it has profound implications. Essentially, this blog explores these implications and delves into how Avi Networks provides solutions to these challenges.

Consider this when applications transition to microservices, each discrete service constantly communicates across the network. These east-west services can amplify internal network traffic by up to tenfold compared to traditional architectures. But the implications go beyond sheer volume. Each microservice, as an individual entity, brings with it specific networking, security, and performance considerations. Common application services such as load balancing, network performance monitoring and application security that are available in traditional applications often need to be implemented or approached differently in container-based applications. This granularity in network and security demands can turn the operational landscape from a manageable stream into a complex web of networking interactions and security vulnerabilities. When you further integrate the broader distributed architecture into this equation, these complexities exponentiates.

In the face of these challenges, the mandate is clear: as our applications undergo rapid modernization, our networks can't be left behind. It's crucial to invest in network modernization that can adapt to the intricacies of this modern digital landscape. This includes advanced load balancing capabilities, web application firewall, container ingress, real time application analytics, granular security protocols, and dynamic load balancing to ensure both optimal performance and robust security. Only then can businesses fully harness the potential of their modern, distributed applications without compromise.

So as applications become both essential to the success of businesses along with being more distributed than ever, they need to modernise their network infrastructure to ensure that it provides consistent network, application security, operational simplicity, elastic scale, faster service provisioning and rapid problem resolutions. Yes, hardware defined network infrastructure did do some good job previously. But today with developers and devops teams moving to CI/CD processes and other agile means to expedite development workflows, the reliance on this slow-moving hardware defined network infrastructure or even virtualised network infrastructure is making provisioning process cumbersome consuming too much time, staggering developers and constraining the applications. The result is an incredible impact on business agility.

Enter Avi.

NSX Advanced Load Balancer: The Vmware NSX Advanced Load Balancer (AVI Networks) is a software defined architecture that separates the central control plane (Controller) from the distributed data plane (Service Engines). NSX Advanced Load balancer has a comprehensive REST API making it fully automatable and seamless with the CI/CD pipeline for application delivery. Advanced analytics/observability optimize the application delivery and protect them alongwith their data with context-aware application and API security. Security policies are kept current through live threat updates via PULSE Cloud Services. With predictive auto scaling (Application and load balancer scaling based on real-time traffic patterns), NSX Advanced Load Blancer can scale based on elastic application loads across multi-cloud environments, including bare metal servers, virtual machines, and containers along with real-time insights.

Let's take a quick pause and clear something up. Virtualized load balancing is not same as software defined load balancing. Software defined load balancer like NSX ALB separates data from control planes (The only load balancer solution), provides insights into real-time app analytics, tightens security, watches over everything, and even does predictive autoscaling. It provides software-defined application services on bare metal servers, virtual machines and containers, in on-premises data centers and private/public clouds all along with end-to-end automation for transport (Layer 4) to application (Layer 7 services).

Now why did VMware acquire Avi? It's because Avi aligns with the architectural ethos of NSX: A software-defined, distributed platform that distinctly divides control and data planes, tailored for any cloud, on prem environment. Starting with NSX-T 3.2.0. NSX-T load balancers will be deprecated and in the upcoming releases removed completely. NSX-ALB (Avi Networks) will now be the de-facto load balancing solution for NSX.

What’s Included? A single Platform that provides:L4-L7 Load BalancingGlobal Server Load BalancingWeb Application & API ProtectionContainer IngressReal-time application analyticsOn-demand application autoscaling Multi-tenancyUniversal Solution:"ANY Cloud. ANY App. ONE NSX Advanced Load Balancer"

NSX ALB is designed to work for different scenarios. It can provide a platform for multi-cloud environments to offer a single management console to deal with various environments. Web Application security is delivered as a critical component of the solution to protect applications and data. The technology is designed to work for traditional applications and container microservice alike.

In a recent analysis, IDC engaged with organizations utilizing VMware's NSX Advanced Load Balancer for application service deployment. Their objective was to gauge how these entities leverage the platform in line with their business processes. The findings from IDC's assessment underscore that users of the platform are reaping substantial business benefits. For a detailed look into this study, you can visit the following link: higher application developer productivity90% faster to scale capacity.54% fewer outages43% lower cost of operations

A short note on the NSX-ALB Architecture:

"Industry’s first solution that separates the data plane from the control plane."

NSX-ALB is built on a unique software defined architecture with a centralized control plane and a distributed data plane which is 100% based on REST API’s. The controller is the source of truth for all configurations and orchestrates the LCM of the data-plane SEs including creation, licensing, configuration, deletion etc.  This architecture is a paradigm shift from the traditional ADC architecture of running the huge monolithic code base on ASIC hardware or in virtualized way with the control, management and data plane all bundled together making it highly inefficient to scale on demand. NSX ALB the Industry's first solution that separates the data plane (Service Engines) from the control plane ( Avi Controller).

Avi Service Engines provide a single-pass data plane for load balancing, health monitoring, content optimization, content transformation and application security. They also serve as probes that analyze every application transaction. Avi Service Engines are co-located as VMs or containers with applications on standard x86-based servers, forming a distributed microservices Infrastructure and providing comprehensive application delivery services.

Avi Service Engines examine terabits of traffic flowing through the data plane pipelines. High efficiency filters discard all but the most significant analytics data points and logs, significantly reducing the data by up to a factor of 1,000.

For high availability, Avi Service Engines offer diverse configuration options, including legacy active-standby modes, elastic active-active setups and elastic N+M HA mode.

Quick Use Cases:

Zurich Airport Modernizes Application Networking 3 Telecom and Media CompanySolves Multicloud Application Delivery Bank adopts “Everything-as-a-Service” Strategy for applications with Avi networks and Red Hat.

How Huco helps our customers to enable this capability:

In this journey Huco helps customers design and implement a true software-defined load balancing solution along with NSX-ALB’s other application services following VMware’s best practices and tailored to the customer’s specific use case.

Migrate: Perform or assist in migrating live traffic from other ADC solution to NSX-ALB, giving you the option to either replicate existing configurations or re-architect and modernize your load balancing infrastructure.

Design and Deploy: We help you design and Deploy NSX-ALB, complete with load balancing, GSLB, web application firewall, kubernetes ingress controllers and other application services for vmware and various multi cloud environments.

Knowledge Transfer and Documentation: Document the design and deployment details in high-Level and low-Level design and provide knowledge transfer to customer’s technical team.

Support and Managed Services: With Huco’s iDOC (Remote Intelligent Digital Operation Center) offering, provide Day 2 operation and adoption support.

Huco is a leading cloud native partner in METNA region and 1st partner EMEA to achieve all the 8 Master Services Competency (MSC) of VMware. Being a leading MSC partner of VMware, Huco has gained vast experience in implementing VMware products and acquired knowledge/skills/experience. Huco works closely with the VMware product team to help customers to achieve their requirements.

For more information on how Huco helped customers in enabling the NSX-ALB solution, please reach out to and post your inquiry/interest. Our VMware Experts are eager to help you in your journey towards accelerating your application with industry's leading ADC solution.

Get in touch with us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.