Enhanced Virtual Hosting in AKO
Overview
AKO currently creates an SNI child virtual service to a parent shared virtual service for the secure hostname. The SNI virtual service is used to bind the hostname to a sslkeycert object. The sslkeycert object is used to terminate the secure traffic on Avi’s service engine. On the SNI virtual service, AKO creates httppolicyset rules to route the terminated (insecure) traffic to the appropriate pool object using the host/path specified in the rules section of this ingress object.
With EVH (Enhanced Virtual Hosting) support in Avi, virtual hosting on virtual service can be enabled irrespective of the SNI. Also, the SNI can only handle HTTPS (HTTP over SSL) traffic whereas EVH children can handle both HTTP and HTTPS traffic. Unlike SNI which switches only TLS (Transport Layer Security) connections based on one-to-one mapping of children to FQDN (Fully Qualified Domain Name), EVH maps one FQDN to many children based on the resource path requested.
With EVH enabled host rule CRD’s can be applied to insecure ingress as well.
Naming of AVi Objects with EVH enabled
Shared Virtual Service Names
The shared virtual service names are derived based on a combination of fields to keep it unique per Kubernetes cluster. This is the only object in Avi that does not derive its name from any of the Kubernetes objects.
ShardVSName = clusterName + "--Shared-L7-EVH-" + <shardNum>
Here,
clusterNameis the value specified in values.yaml during install.Shared-L7is a constant identifier for Shared virtual servicesshardNumis the number of the shared virtual service generated based on either hostname or namespace based shards.
EVH child Virtual Service Names
vsName = clusterName + "--" + hostName
EVH Pool Names
The formula to derive the Child EVH virtual service’s pools is as follows:
poolName = clusterName + "--" + namespace + "-" + host + "_" + path + "-" + ingName + ServiceName
Here the host and path variables denote the secure hosts’ hostname and path specified in the ingress object.
EVH Pool Group Names
poolgroupname = clusterName + "--" + namespace + "-" + host + "_" + path + "-" + ingName</pre>
Document Revision History
| Date | Change Summary |
|---|---|
| April 28, 2021 | Published the article for Enhanced Virtual Hosting supported in AKO 1.4.1 |