October 25, 2022 Blog
In our previous article Read These Before You Deploy a Network Virtual Appliance (Part I), we talked about the basics of a Network Virtual Appliance (NVA) including what it is, why it is used, and what are its benefits. In this article, we will discuss some common best practices related to NVA. As we discussed in the previous article, NVA, of course, helps you in simplifying your cloud migration, enhancing the availability of your cloud applications, having a secured network boundary, etc. However, it brings with itself some complexities as well that if dealt with the right way can help you reap awesome results, and if ignored, can be terrible too. So, let’s walk through these NVA best practices that most Azure migration experts follow and stay away from the most common goof-ups. These best practices include both the scenarios where NVA should be deployed and the precautions required while deploying it.
As such, we all know what a Network Interface or NIC is, still to brush up on your knowledge, it is the interconnection between a Virtual Machine (VM) and a Virtual Network (VNet). It depends on the size of the VM as to how many NICs it can have as it can have more than one based on its size. However, it should have at least one NIC.
There are also network virtual appliances that require multiple NICs. In fact, there are many. By allowing you to isolate different kinds of traffic across the diverse NICs, multiple NICs help you manage your network traffic better. We can take a scenario here for instance wherein the data plane traffic is separated from the management plane. In this case, the VM supports at least two NICs. However, don’t forget, the number of NICs supported by a VM depends upon its size.
One very important point here is, just in case you plan to add a NIC after the deployment of the NVA, make sure you have enabled IP forwarding on the NIC. The Azure’s check of the source and destination gets disabled for a network interface if you do so. If you are finding it a bit complex, you can take the help of Azure migration experts.
Think about deploying a virtual appliance available on those supported VM types that have Azure’s accelerated networking capability. Accelerated networking significantly enhances the networking performance of a VM by enabling single root I/O virtualization (SR-IOV) to it. By this high performance, the host is bypassed from the datapath which in turn reduces jitter, latency, and CPU utilization for use through the most challenging network workloads on the VMs that are supported. The most general purposes as well as the compute-optimized instance sizes that have two or more vCPUs support accelerated networking.
If you are using an internal load balancer, you can load-balance UDP and TCP flows on all the ports concurrently through the Azure Standard Load Balancer. A kind of a load balancing rule itself, a high availability (HA) port load balancing rule is configured on an internal Standard Load Balancer. Your NVA should be highly available and reliable. To achieve this goal, however, you can add NVA instances to your internal load balancer’s back-end pool and can configure a rule for the HA ports load-balancer.
A group of identical and load-balanced Virtual Machines can be created and managed through Azure Virtual Machine Scale Sets. In response to a defined schedule or a demand, there is an automatic increase or decrease in the number of VM instances. By providing your applications with high availability, Scale sets help you in centrally managing, configuring, and updating a large number of Virtual Machines. Built from VMs themselves, Scale sets allow for the provision of the management and automation layers for running and scaling your applications.
The comprehensive networking services that can be easily deployed, managed, scaled, and monitored are becoming even more crucial with enterprises migrating their challenging mission-critical workloads to the cloud. NVA helps you reap all the benefits of the cloud while fulfilling most of your network needs. However, settling on an NVA could be an important decision when you are working on your network design. Make sure, you consider the ease of use, scalability, and a promising future while picking an NVA. As discussed above, you can always take the help of Azure migration experts, if you find it at all difficult.