Network Service Configuration
Overview
This guide explains the configuration process of network service. Network service can be configured per VRF and Service Engine Group. IP routing can be enabled by configuring Network Service of routing_service service type.
You can configure routing functionality per VRF basis. The existing functionality of routing and its associated information such as, enable_routing, floating_interface_ip, enable_vip_on_all_interfaces, and Mac masquerade under SE group are grouped under routing_service service type.
Notes:
- This feature is supported starting Avi Vantage version 18.2.5.
- Network Service can be configured only via CLI. The Network Service will be in effect on Active SE only if an interface of the corresponding VRF is present on Service Engine.
Configuring Network Service
The network service configuration is as follows:
configure networkservice NS-Default-Group-Global
se_group_ref Default-Group
cloud_ref [cloud name]
vrf_ref global
service_type routing_service
routing_service
enable_routing
floating_intf_ip 10.10.10.11
floating_intf_ip 10.10.40.11
advertise_backend_networks
enable_vip_on_all_interfaces
floating_intf_ip_se_2 10.10.20.11
floating_intf_ip_se_2 10.10.30.11
nat_policy_ref nat-policy
save
saveTo disable any feature, use the no-form of the CLI as follows:
configure networkservice NS-Default-Group-Global
se_group_ref Default-Group
vrf_ref global
service_type routing_service
routing_service
no enable_routing
save
saveMigrating Network Service
When upgrading from an older release to 18.2.5, for any legacy Active/Standby SE group that had routing enabled in the originating release, there will be a Network Service automatically created on upgrade to 18.2.5. Any subsequent changes to be done such as changing floating interface IP etc has to be changed in the new Network Service.
Migration routines are added to create Network Service of type routing_service for Service Engine group with Enable-Routing/Floating Interface IP configured.
Above Network Service will be created using the tenancy as Service Engine Group Tenant and Tenant Default VRF.
For instance,
If the Service Engine Group tenant is admin, Network Service will have admin as tenant and the VRF as global.
If the Service Engine Group tenant is non-admin, Network Service will be created only if tenant has tenant_vrf mode enabled. Network Service creates with the VRF as Tenant’s Default-VRF.
Pre-Upgrade
IP routing is enabled in the SE group properties.
admin:10-10-24-165]: > show serviceenginegroup 4-core-SEs
+---------------------------------------+---------------------------------------------------------+
| Field | Value |
+---------------------------------------+---------------------------------------------------------+
| uuid | serviceenginegroup-a8030858-e586-4d45-99f1-54d9aac62b03 |
| name | 4-core-SEs |
| max_vs_per_se | 10 |
| min_scaleout_per_vs | 2 |
| max_scaleout_per_vs | 2 |
| max_se | 2 |
| vcpus_per_se | 4 |
| memory_per_se | 2048 |
| disk_per_se | 10 gb |
| max_cpu_usage | 80 percent |
| min_cpu_usage | 30 percent |
| se_deprovision_delay | 120 min |
| auto_rebalance | False |
| se_name_prefix | Avi |
| vs_host_redundancy | True |
| vcenter_folder | AviSeFolder |
| vcenter_datastores_include | False |
| vcenter_datastore_mode | VCENTER_DATASTORE_ANY |
| vcenter_hosts | |
| host_refs[1] | 10.10.16.94 |
| include | True |
| cpu_reserve | True |
| mem_reserve | True |
| ha_mode | HA_MODE_LEGACY_ACTIVE_STANDBY |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
| enable_routing | True |
| advertise_backend_networks | False |
| enable_vip_on_all_interfaces | True |
| se_thread_multiplier | 1 |
| enable_gratarp_permanent | False |
| gratarp_permanent_periodicity | 10 min |
| floating_intf_ip[1] | 10.10.10.11 |
| floating_intf_ip[2] | 10.10.40.11 |
| floating_intf_ip_se_2[1] | 10.10.20.11 |
| floating_intf_ip_se_2[2] | 10.10.30.11 |
| enable_vmac | False |
+---------------------------------------+---------------------------------------------------------+
Post Upgrade
Network Service automatically created for the SE group and routing configurations moved under Network Service. It will no longer be present under SE group settings.
[admin:10-10-24-165]: > show networkservice NS-4-core-SEs-global-admin
+--------------------------------+-----------------------------------------------------+
| Field | Value |
+--------------------------------+-----------------------------------------------------+
| uuid | networkservice-e8a9f852-7618-4a57-8ece-2b27a925b764 |
| name | NS-4-core-SEs-global-admin |
| se_group_ref | 4-core-SEs |
| vrf_ref | global |
| service_type | ROUTING_SERVICE |
| routing_service | |
| enable_routing | True |
| routing_by_linux_ipstack | False |
| floating_intf_ip[1] | 10.10.10.11 |
| floating_intf_ip[2] | 10.10.40.11 |
| enable_vmac | False |
| enable_vip_on_all_interfaces | True |
| advertise_backend_networks | False |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
| floating_intf_ip_se_2[1] | 10.10.20.11 |
| floating_intf_ip_se_2[2] | 10.10.30.11 |
+--------------------------------+-----------------------------------------------------+
Routing Auto Gateway
Starting with Avi Vantage release 20.1.1, a new knob enable_auto_gateway is introduced in the routing service of network service configuration. This is used to enable the auto gateway functionality to the routing traffic. The knob is set to False by default.
On enabling the knob, flow-based routing is enabled for all the incoming traffic for all the interfaces in a VRF. The Service Engine caches the incoming route traffic mac and forwards the packet to the same next hop that it received the traffic from.
Note: For more details on Avi Routing GRO and TSO subject to environment capabilities, refer to TSO, GRO, RSS, and Blocklist Feature on Avi Vantage guide.
Supported Environments
The routing auto gateway functionality is supported in the following environments:
- Active/ Standby SE group, in DPDK based environments
- VMware Read/Write modes and Bare-metal clouds
Configure a network service corresponding to the SE group requires and set enable_auto_gateway to True for the corresponding network service catering to routing.
Configuring Routing Auto Gateway
Enabling auto gateway, routing and NAT are currently supported only via CLI.
Log in to the Avi Controller CLI and execute the following commands:
configure networkservice NS-Default-Group-Global
se_group_ref Default-Group
cloud_ref [cloud name]
vrf_ref [vrf name]
service_type routing_service
routing_service
enable_routing
nat_policy_ref nat-policy
enable_auto_gateway
save
save
The network service configuration is as shown below:
[admin:abd-ctrl-wildcard]: > show networkservice NS-Default-Group-Global
+--------------------------------+-----------------------------------------------------+
| Field | Value |
+--------------------------------+-----------------------------------------------------+
| uuid | networkservice-1bcd0e3a-4c3d-4e3e-8d1a-619120f9d68f |
| name | NS-Default-Group-Global |
| se_group_ref | Default-Group |
| vrf_ref | global |
| service_type | ROUTING_SERVICE |
| routing_service | |
| enable_routing | True |
| enable_auto_gateway | True |
| nat_policy_ref | nat-policy |
| | |
| tenant_ref | admin |
| cloud_ref | Default-Cloud |
+--------------------------------+-----------------------------------------------------+
Suggested Additional Reading
Refer to the following KBs for more details: