VRF Support for Service Engine Deployment on Bare-Metal Servers
Overview
Avi Service Engine data interfaces can be assigned to multiple VRFs (Virtual Routing and Forwarding Context).
Virtual Routing Framework, or VRF, is a method of isolating traffic within a system. This is also referred to as a “route domain” within the load balancer community.
Clouds Types Supported
Avi Vantage supports assignment of Service Engine data interfaces to multiple VRFs only in the cloud types listed below.
- No Access Cloud
- Linux Server Cloud
- vCenter Cloud in provider mode
Note: Multiple VRFs are only supported in Linux Server Clouds for SEs with DPDK enabled.
Types of Interfaces Supported
The VRF property for the following types of data interfaces can be modified by the user, via the REST API, UI, or CLI.
- Physical interfaces
- Port-channel interfaces
- VLAN interfaces
The types of data interfaces below do not support modification of the VRF property. Any attempt to modify them will result in an error.
- Port-channel member interfaces
- Management interface
Dependency on In-band Management
Each deployed Service Engine has a new attribute, “in-band management”. When enabled, the management interface of the Service Engine (i.e., the interface used to communicate with the Avi Controller cluster) is also used for data plane traffic.
- If in-band management is enabled on an SE, that SE will not support multiple VRFs.
- To enable multiple VRFs on an SE, it must be deployed with in-band management disabled. The caveat with disabling in-band management is that the management interface will not be used for data plane traffic, and hence no VS will be placed on this interface and this interface will not be used to communicating with back-end servers.
To learn how to disable/enable in-band management read this article.
Creating VRF Contexts
- Navigate to Infrastructure > Cloud Resources > VRF Context.
- Click on the cloud name to select the cloud.
Note: If the VMware vCenter cloud is the only one configured, or was the first one configured, the cloud name is “Default-Cloud”. - Click Create.
- Specify the necessary details and click Save.
For more details on creating VRF context, refer to VRF Context guide.
Modifying SE Data Interface VRF — UI
Service Engine physical, port-channel & VLAN interface VRFs can be updated if there are multiple VRFs configured in the tenant and cloud to which the SE belongs.
Modifying SE Data Interface VRF—CLI
Setting VRF for physical and VLAN interfaces through CLI is as shown below:
Creating Virtual Services in a VRF
- Navigate to Applications > Dashboard.
- Click on Create Virtual Service.
- Select Basic Setup.
- Click on the cloud name to select the cloud.
- Click on Next.
- Select the VRF context from the list and click on Next.
- Enter a name for the virtual service, virtual IP address (VIP) and other properties of the virtual service.
- Click on Save.
Note: The steps to create a virtual service in a VRF can be performed from the admin tenant or from another tenant.