Flow Gateway VM in Azure - Everything you need to know. | Nutanix Community
Skip to main content

The Flow Gateway VM (FGW) for Nutanix Cloud Clusters In Azure(NC2) is the Lynch pin to having a your own Supercloud. The FGW is responsible for all VM traffic going north and south from the Nutanix cluster in Azure. This virtual machine allows outside communication from both cloud and on-premises services to the workloads running on the Azure NC2 Cluster.  


 

The Flow Gateway VM connecting Azure and on-prem services to the Nutanix Cluster deployed in Azure.

Once Prism Central is automatically deployed from the cluster creation process, the FGW deploys into the same VNET that Prism Central is using.  The FGW is a native Azure VM. The VM has two network interface cards(NICs) attached to it, one for internal traffic and one for external traffic. The external NIC  where the floating IP's are configured for workloads that may need away outside clients connecting into running workloads on the cluster. The default installation will configure 50 floating IP's on the external NIC. These floating IP's can be assigned in Prism Central in the VM menu or in the VPC menu.

The External NIC configuration in the Microsoft Azure Portal. 


When sizing the subnets for the FGW I would use the following miniums.

The internal subnet - /28 
The external subnet - /25  
 

For production deplpyments I would double the size of the above subnets for future growth.

 

Traffic that goes directly to the hypervisor, the storage controllers and Prism Central are not in the path of the FGW. This is important because replication traffic can represent most of the bandwidth coming from on-prem when you go to migrate/failover workloads to Azure. 

The current sizes for the FGW are:

Small (Standard_D4_v4, 4 vCPUs, 16GiB RAM) - Expected network bandwidth (Mbps) 10000 Mbps

Large (Standard_D32_v4, 32 vCPUs, 128GiB RAM) - Expected network bandwidth (Mbps) 16000 Mbps

 

Change the size of the Flow Gatway VM from the NC2 Portal


 

With the large price difference between the two types it's best to start small and then you can always change the VM type later. If you do need to change the VM type, your network security group settings will be preserved on the VM.

 

Both the internal and external  NICS have a network security group (NSG) Attached to them. In most cases you will have to adjust the external NSG to allow traffic into the cluster.

The Network Security Group of the deployed FGW on the External NIC

As of today the FGW is a single VM. If the FGW is stopped or deleted , The NC2 portal will see it as HA event where FGW is unreachable and then portal will create a new FGW in place of existing if it exists or delete FGW which is powered off. When I was testing upgrades of the FGW it took four minutes to perform an upgrade from the NC 2 portal. It follows a similar process of removing and replacing the VM with a new one.

 

Event log from upgrading the Flow Gateay VM on NC2 Azure.

 

Hopefully that covers everything you need to know about the Flow Gateway VM in Azure. If you do have a question, ask away!

NC2 on Azure Networking Training → 

 

Be the first to reply!

Reply