In this section, we will cover Virtual Services, Analytics and Logging in more detail.
Launch Desktop and log in to AVI Portal
Within the desktop, launch NSX-Advanced-LB Google Chrome shortcut from the desktop and login using the credentials below:
Password: [email protected]!!
Once you have logged in, you are brought to the main AVI dashboard. Visible are the Virtual Services configured on the device for a Horizon Environment. Horizon is configured per best practices and the Configuration guide is linked here. Additionally, you can find the Reference Architecture for Horizon guide linked here.
AVI Dashboard (Expanded)
Let's click on Expand All to take a look at the configuration in more detail. The tree view will expand and you are able to view the Pool Name and Servers within the Pool along with the Service Engines that are currently serving Application Traffic.
AVI Dashboard - Virtual Services
In this example you can see the L7 UAG Virtual Service (VS) with the UAGs as pool members. Additionally, the AVI health score is displayed for the VS, Pool and Pool members. In the context of the Avi Vantage platform the application health score is a computed representation of how well the application is working based on its performance, resource utilization, security and any anomalous behavior. The health score is expressed as a numerical score from 1 to 100.
Next, let's click on the Virtual Services Tab. Here we will find that information specific to a Virtual Service (VS) is displayed for e.g. VS IP Address and Port along with FQDN, if any and high level traffic statistics per VS. More information on Virtual Services can be found here.
Virtual services are the core of the Avi Vantage load-balancing and proxy functionality. A virtual service advertises an IP address and ports to the external world and listens for client traffic. When a virtual service receives traffic, it may be configured to:
- Proxy the client’s network connection.
- Perform security, acceleration, load balancing, gather traffic statistics, and other tasks.
- Forward the client’s request data to the destination pool for load balancing.
Virtual Services - Analytics
Next, let us click on the Horizon_UAG-L7 Virtual Service. The Analytics page is displayed.
The VS analytics tab presents information about the virtual service performance metrics. All charts and metrics reflect the display time selected. Analytics are displayed for the time period chosen and the default is 6 hours. This is a very useful page that gives us high level information into how a specific application has been performing. It also gives us average end to end timings and additionally shows the values broken out into Client and Server RTT as well. Parameters like App Response Data Transfer and Total Time is displayed into easy to read graphs. On the right side, additional metrics are able to be graphed for the time period chosen. For more information on Analytics, please refer to the latest documentation here.
Virtual Services - Logs
Next, let us click on the Logs Tab. Virtual services and pools are able to log client-to-application interactions for TCP connections and HTTP requests/responses. These logs can be indexed, viewed, and filtered locally within the Avi Controller. Logs can be useful for troubleshooting and surfacing insights about the end-user experience and success of the application. To get more detailed information about Virtual Service Logs, please refer to the latest documentation here.
Virtual Services - Logging Options
Avi Vantage automatically logs common network and application errors under the umbrella of significant logs. These significant logs may also include entries for lesser issues, such as transactions that completed successfully but took an abnormally long time.
Errors may include any of the following:
- HTTP errors, such as server or Vantage-originated 4xx and 5xx errors
- Network errors, such as prematurely ended connections, abnormal latency, or out of order packets.
- See Log Events for a list of error events that may trigger a significant Log.
Errors can be omitted from the significant logs list by editing the analytics profile used by the virtual service.
The Non-Significant and Significant options display all logs or only significant logs, respectively. Next, let us take a look at one of the log entries in more detail. You can click on magnifying glass icon to filter or enter your own filter on the taskbar. You can also dig into different metrics on right side display. In this example we are looking at the various Client OS that have been used to access the environment. As an exercise, let us try and find our own IP and look at the different metrics available.
Virtual Services - Security
Next, we will take a look at the Security Tab. Avi Vantage continually assesses the health of each virtual service. This health information is available for viewing in both summary and detailed form. For more details, please refer to the Virtual Services Security page.
Each virtual service has a health score, which shows the virtual service health as both a color code and a set of numeric scores. The final health score is comprised of a positive performance score and three penalties.
The security penalty provides insight into a current security related issue (such as a current DoS attack) or potential risk (such as SSL configuration which leaves the site vulnerable to the POODLE attack).
Ideally, the security penalty should be zero, which means it is not detracting from the health or risk of a virtual service. A non-zero security penalty may be due to an issue with SSL or a DDoS attack event. This article explores the components that could generate a security penalty.