The VMware NSX Advanced Load Balancer (by Avi Networks) has helped customers replace over twelve thousand ADCs appliances with its elastic, multi-cloud load balancing platform. The load balancer sits in a vital location – in the path of application traffic. So, it is not surprising that enterprises want the minimal disruption when it comes to modernizing their application delivery stack. A top-of-mind question that comes up in any discussion where Avi is considered to replace the incumbent ADC is ‘How do we migrate all the applications that have been configured over the years to Avi?’
This blog addresses this common inquiry from both a technical and a process perspective. Over the years of having delivered many such migration projects for some of the world’s busiest digital enterprises, we have been able to refine this process and tooling with lessons learned at every step in the modernization process. This has led to a smooth transition for our customers from their existing solution to Avi.
We will take a look at
- Avi Migration Tools: A package that enables automated conversion of configuration from F5 LTM (Local Traffic Manager) / Citrix NetScaler deployments to the Avi solution
- The Migration Process Lifecycle: The infrastructure readiness assessment during the initial phase of the migration to application owners releasing it for business-as-usual consumption in the last phase
So, what is this Avi migration tools package all about and how does it facilitate the migration process?
Avi Migration Tools is a python package that provides an automated method of migrating from existing load balancing solutions to the Avi Platform.
The package contains
- F5 conversion tool – To facilitate migration from F5 LTM based deployments to Avi.
- NetScaler conversion tool – To facilitate migration from Citrix NetScaler based deployments to Avi.
- Config patch utility – To facilitate bulk configuration modifications to Avi objects
- VS filter utility – Useful for filtering VS and its related configuration from the converted configuration file in json format
The goal of the migration tool is to help customers accelerate the modernization of their infrastructure once they have decided to purchase the Avi solution. This is aided by the following capabilities
- Automation – Automatically convert and preserve existing application behavior
- Reporting – Provide easy to understand reporting on the conversion status
- Utilities – Provide ability to perform seamless cutovers
How does the migration process go? What are the various aspects to be considered before, during and after migration?
The migration process is broadly categorized into the following stages
- Project planning & scheduling – A kickoff meeting, identifying the resources involved in migration, project planning, and infrastructure readiness assessment
- Automated config conversion – Review the existing LB configuration, select apps for migration, perform configuration conversion and optionally import & onboard it onto the Avi infrastructure
- Customization – Create application policies, convert of iRules/traffic manipulation rules & other advanced configurations like custom health monitors. A majority of the iRules can be converted to Avi policies. Advanced iRules are implemented using Avi’s native scripting engine (called Datascript)
- Validation and functional testing – Import the configuration, verify health monitor operations, functional tests of applications and identify cutover & rollback strategies
- Cutover and Go-live – Application traffic cutover and UAT followed by sign-off from application owners. The applications are now in place and ready to release to end users
Each stage is associated with a set of attributes to be considered in preparation to the actual migration. These attributes also intend to serve as a set of prerequisites or a checklist to be discussed before getting to the hands-on migration phase.
Now that we have looked under the hood to get a deeper understanding of the migration process, it’s essential to call out some of the common questions that come up.
- Can we achieve 100% parity between my existing load-balancer configuration and NSX ALB configuration?
The migration tool report comes in handy here. It provides various statuses for the objects converted indicating whether the object was fully converted, partially converted, or not converted. It also lists out the reason for the different statuses and any sub-configs that contributed to that status.
- What about my custom configs such as iRules, scripts, external health monitors etc?
The migration process lifecycle accommodates for manual configuration that may be required. Alternatively, these iRules may also be manually converted to reusable Avi request/response policies if the time/effort aspect for manual conversion vs automated conversion is under consideration. While working on converting iRules which don’t convert to native configuration or policies, a ready-to-use datascript library can be leveraged for quick turnaround on common use-cases. In addition, association of iRules to Avi equivalent configuration is built into the automation.
- I’m worried about cutting over my production traffic from existing load-balancer to Avi. How can this be achieved seamlessly?
There are well-defined cutover strategies that help in minimizing downtime during the application migration. These strategies enable a cutover of applications in both a single step or a staggered manner, taking into account various factors like legacy VIP reachability, Avi VIP reachability, VIP address retention etc. The same considerations can also be used for identifying a simplified rollback approach.
- What about other considerations such as stale/unused objects, object name retention, consolidation strategy etc?
The migration tool provides options for advanced control and configuration of these factors as well. The desired process for these steps is finalized in the planning phase of the migration process with the application team.
Here are examples of some successful migration projects delivered by the Avi migration team.
- A top-5 US retailer migrated from F5 to Avi with a scope of about 500 virtual services and 60 iRules. Leveraging the migration tools helped us achieve a time to value of 3 weeks. The project led to the optimization of some of the critical migration steps such as validation and cutover approaches that reduced the overall migration time significantly.
- A top-3 US bank migrated from F5 with a scope of 6 data centers and 1100 virtual services. Delivery time of the project considering the significant scale numbers was about 20 weeks. The maturity of the migration tool facilitated a smooth transition from the incumbent load-balancer to Avi. Some of the associated tools as the config patch utility and the ‘traffic_enabled’ flag were at the forefront of this migration. The key processes that we had built based on the previous migration projects allowed us to meet custom requirements for this project. This endeavor was so successful and so well-received by the customer that it led to a new migration project with a much larger scope.
- A top-5 enterprise security software company also migrating from F5 with a scope of 4 DCs, 3000 VSs and 100+ iRules. Delivery time of the project was about 6 months. The project was completed ahead of time. The thorough knowledge of the field teams with the migration tools also served as a massive driver behind the success of this project. The very few hurdles in an otherwise smoothly executed project were logistics related with respect to application team availability. This project paved the way for an upcoming F5 GTM to Avi GSLB migration for the same customer.
To learn more, download the Avi migration whitepaper to understand how to migrate from F5 Networks’ hardware load balancers to Avi software. The paper outlines:
- Avi’s proven 5-step migration process
- How to automate many common migration steps
- How to handle iRules and convert most of them to simple configs
- Best practices to minimize downtime during migrations
In this Summit, we discuss the steps in your modernization journey towards secure multi-cloud operations, supporting modern container-based applications, and integrating application delivery into your CICD processes.
You will learn:
- Why enterprises are switching from legacy hardware load balancers
- What benefits are achieved with agile, cloud-friendly application delivery
- How to migrate step-by-step to VMware’s advanced load balancing platform