This document shows how to prepare for the installation of a Seesaw load balancer for your Anthos clusters on VMware (GKE on-prem) implementation.
The instructions here are part of a quickstart. For full instructions on using the Seesaw load balancer with Anthos clusters on VMware, see Bundled load balancing with Seesaw. For information on all load balancing options, see Load balancing overview.
We strongly recommend that you use vSphere 6.7 and Virtual Distributed Switch (VDS) 6.6. If you prefer, you can use earlier versions, but your installation will be less secure. The remaining sections in this topic give more detail about the security advantages of using vSphere 6.7 and VDS 6.6.
Plan your VLANs
Later in this sequence of quickstart topics, you will create an admin cluster and a user cluster. We strongly recommend that you have your two clusters on separate VLANs.
Set aside IP addresses for Seesaw VMs
Set aside IP addresses for the VMs that will run your Seesaw load balancers.
For your admin cluster, set aside one IP address for a Seesaw VM. Also for your admin cluster, set aside a master IP address for the Seesaw load balancer. Both of these addresses must be on the same VLAN as your admin cluster nodes.
For your user cluster, set aside one IP address for a Seesaw VM. Also for your user cluster, set aside a master IP address for the Seesaw load balancer. Both of these addresses must be on the same VLAN as the user cluster nodes.
Planning your port groups
Each of your Seesaw VMs has two network interfaces. One of those network interfaces is configured with Service VIPs. The other network interface is configured with the IP address of the VM itself.
For an individual Seesaw VM, the two network interfaces can be connected to the same vSphere port group, or they can be connected to separate port groups. If the port groups are separate, they must be on the same VLAN.
This topic refers to two port groups:
load-balancer port group: For a Seesaw VM, the network interface that is configured with Service VIPs is connected to this port group.
cluster-node port group: For a Seesaw VM, the network interface that is configured with the IP address of the VM itself is connected to this port group. Your GKE on-prem cluster nodes are also connected to this port group.
The load-balancer port group and the cluster-node port group can be one and the same. But we strongly recommend that they are separate.
Creating IP block files
Get an SSH connection to your admin workstation.
In the home directory of your admin workstation, create two IP block files: one for your admin cluster and one for your user cluster.
In the IP block file for your admin cluster, specify the IP address you have chosen for your admin cluster's Seesaw VM. Likewise, in the IP block file for your user cluster, specify the address you have chosen for your user cluster's Seesaw VM.
These IP block files are for your Seesaw VMs, not your cluster nodes. Later, you will create separate IP block files for your cluster nodes.
Here's an example of an IP block file that specifies an IP address for a Seesaw VM:
blocks: - netmask: "255.255.255.0" gateway: "172.16.20.1" ips: - ip: "172.16.20.18" hostname: "seesaw-vm"