ServiceEngineGroup

Description

API


    POST /api/serviceenginegroup
    PUT /api/serviceenginegroup/&ltkey>
    DELETE /api/serviceenginegroup/&ltkey>
    GET /api/serviceenginegroup
    GET /api/serviceenginegroup/&ltkey>

CLI


    configure serviceenginegroup &ltkey>
    show serviceenginegroup &ltkey>

Examples

To create a SE group that is suitable for a production application with a HA policy of shared active/active with a minimum scale out of 2 SE

 POST /api/serviceenginegroup

{
    "min_scaleout_per_vs": 2, 
    "ha_mode": "HA_MODE_SHARED_PAIR", 
    "name": "production-group"
}
 

To create a SE group that is of best effort category suitable for test deployments

 POST /api/serviceenginegroup

{
    "buffer_se": 0, 
    "ha_mode": "HA_MODE_SHARED", 
    "max_se": 8, 
    "name": "test-group"
}
 

Data

ServiceEngineGroup

uuid

Type
string
Category
required
Description

name

Type
string
Category
required
Description

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
optional
Description

max_vs_per_se

Type
int32
Category
optional
Description
Maximum number of Virtual Services that can be placed on a single Service Engine.
Default
10

min_scaleout_per_vs

Type
int32
Category
optional
Description
Minimum number of active Service Engines for the Virtual Service.
Default
1

max_scaleout_per_vs

Type
int32
Category
optional
Description
Maximum number of active Service Engines for the Virtual Service.
Default
4

max_se

Type
int32
Category
optional
Description
Maximum number of Services Engines in this group.
Default
10

vcpus_per_se

Type
int32
Category
optional
Description
Number of vcpus for each of the Service Engine virtual machines.
Default
1

memory_per_se

Type
int32
Category
optional
Description
Amount of memory for each of the Service Engine virtual machines.
Default
2048

disk_per_se

Type
int32
Category
optional
Description
Amount of disk space for each of the Service Engine virtual machines.
Units
gb
Default
10

max_cpu_usage

Type
int32
Category
optional
Description
When CPU usage on an SE exceeds this threshold, Virtual Services hosted on this SE may be rebalanced to other SEs to reduce load. A new SE may be created as part of this process.
Units
gb
Default
80

min_cpu_usage

Type
int32
Category
optional
Description
When CPU usage on an SE falls below the minimum threshold, Virtual Services hosted on the SE may be consolidated onto other underutilized SEs. After consolidation, unused Service Engines may then be eligible for deletion.
Default
30

se_deprovision_delay

Type
int32
Category
optional
Description
Duration to preserve unused Service Engine virtual machines before deleting them. If traffic to a Virtual Service were to spike up abruptly, this SE would still be available to be utilized again rather than creating a new SE. If this value is set to 0, Controller will never delete any SEs and administrator has to manually cleanup unused SEs.
Units
min
Default
120

auto_rebalance

Type
bool
Category
optional
Description
If set, Virtual Services will be automatically migrated when load on an SE is less than minimum or more than maximum thresholds. Only Alerts are generated when the auto_rebalance is not set.
Default
False

se_name_prefix

Type
string
Category
optional
Description
Prefix to use for virtual machine name of Service Engines.
Default
Avi

vs_host_redundancy

Type
bool
Category
optional
Description
Ensure primary and secondary Service Engines are deployed on different physical hosts.
Default
True

vcenter_folder

Type
string
Category
optional
Description
Folder to place all the Service Engine virtual machines in vCenter.
Default
AviSeFolder

vcenter_datastores

Type
VcenterDatastore
Category
repeated
Description

vcenter_datastores_include

Type
bool
Category
optional
Description
Default
False

vcenter_datastore_mode

Type
enum
Category
optional
Description
Default
VCENTER_DATASTORE_ANY
Choices
VCENTER_DATASTORE_ANY, VCENTER_DATASTORE_LOCAL, VCENTER_DATASTORE_SHARED

vcenter_clusters

Type
VcenterClusters
Category
optional
Description

vcenter_hosts

Type
VcenterHosts
Category
optional
Description

openstack_availability_zone

Type
string
Category
optional
Description

cpu_reserve

Type
bool
Category
optional
Description
Default
False

mem_reserve

Type
bool
Category
optional
Description
Default
True

mgmt_network_ref

Type
Reference to Network
Category
optional
Description
Management network to use for Avi Service Engines

mgmt_subnet

Type
IpAddrPrefix
Category
optional
Description
Management subnet to use for Avi Service Engines

ha_mode

Type
enum
Category
optional
Description
High Availability mode for all the Virtual Services using this Service Engine group.
Default
HA_MODE_SHARED
Choices
HA_MODE_SHARED_PAIR, HA_MODE_SHARED, HA_MODE_LEGACY_ACTIVE_STANDBY

algo

Type
enum
Category
optional
Description
In compact placement, Virtual Services are placed on existing SEs until max_vs_per_se limit is reached.
Default
PLACEMENT_ALGO_PACKED
Choices
PLACEMENT_ALGO_PACKED, PLACEMENT_ALGO_DISTRIBUTED

buffer_se

Type
int32
Category
optional
Description
Excess Service Engine capacity provisioned for HA failover
Default
1

active_standby

Type
bool
Category
optional
Description
Service Engines in active/standby mode for HA failover
Default
False

placement_mode

Type
enum
Category
optional
Description
If placement mode is 'Auto', Virtual Services are automatically placed on Service Engines.
Default
PLACEMENT_MODE_AUTO
Choices
PLACEMENT_MODE_AUTO

openstack_mgmt_network_name

Type
string
Category
optional
Description
Avi Management network name

openstack_mgmt_network_uuid

Type
string
Category
optional
Description
Management network UUID

instance_flavor

Type
string
Category
optional
Description
Instance/Flavor type for SE instance

hypervisor

Type
enum
Category
optional
Description
Override default hypervisor
Choices
DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN

se_dos_profile

Type
DosThresholdProfile
Category
optional
Description

auto_rebalance_interval

Type
int32
Category
optional
Description
Frequency of rebalance, if 'Auto rebalance' is enabled
Units
sec
Default
300

aggressive_failure_detection

Type
bool
Category
optional
Description
Enable aggressive failover configuration for ha.
Default
False

realtime_se_metrics

Type
MetricsRealTimeUpdate
Category
optional
Description
Enable or disable real time SE metrics

vs_scaleout_timeout

Type
uint32
Category
optional
Description
Time to wait for the scaled out SE to become ready before marking the scaleout done
Units
sec
Default
30

vs_scalein_timeout

Type
uint32
Category
optional
Description
Time to wait for the scaled in SE to drain existing flows before marking the scalein done
Units
sec
Default
30

hardwaresecuritymodulegroup_ref

Type
Reference to HardwareSecurityModuleGroup
Category
optional
Description

connection_memory_percentage

Type
uint32
Category
optional
Description
Percentage of memory for connection state. This will come at the expense of memory used for HTTP in-memory cache.
Default
50

extra_config_multiplier

Type
Unknown
Category
optional
Description
Multiplier for extra config to support large VS/Pool config.
Default
0.0

vs_scalein_timeout_for_upgrade

Type
uint32
Category
optional
Description
During SE upgrade, Time to wait for the scaled-in SE to drain existing flows before marking the scalein done
Units
sec
Default
30

host_attribute_key

Type
string
Category
optional
Description
Key of a (Key, Value) pair identifying a set of hosts. Currently used to separate North-South and East-West SE sizing requirements. This is useful in Container ecosystems where SEs on East-West traffic nodes are typically smaller than those on North-South traffic nodes.

host_attribute_value

Type
string
Category
optional
Description
Value of a (Key, Value) pair identifying a set of hosts. Currently used to separate North-South and East-West SE sizing requirements. This is useful in Container ecosystems where SEs on East-West traffic nodes are typically smaller than those on North-South traffic nodes.

log_disksz

Type
uint32
Category
optional
Description
Maximum disk capacity (in MB) to be allocated to an SE. This is exclusively used for debug and log data.
Units
mb
Default
10000

os_reserved_memory

Type
uint32
Category
optional
Description
Amount of extra memory to be reserved for use by the Operating System on a Service Engine.
Default
0

floating_intf_ip

Type
IpAddr
Category
repeated
Description
If ServiceEngineGroup is configured for Legacy 1+1 Active Standby HA Mode, Floating IP's will be advertised only by the Active SE in the Pair. Virtual Services in this group must be disabled/enabled for any changes to the Floating IP's to take effect. Only active SE hosting VS tagged with Active Standby SE 1 Tag will advertise this floating IP when manual load distribution is enabled.

hm_on_standby

Type
bool
Category
optional
Description
Enable active health monitoring from the standby SE for all placed virtual services.
Default
True

per_app

Type
bool
Category
optional
Description
Per-app SE mode is designed for deploying dedicated load balancers per app (VS). In this mode, each SE is limited to a max of 2 VSs. vCPUs in per-app SEs count towards licensing usage at 25% rate.
Default
False

enable_vmac

Type
bool
Category
optional
Description
Use Virtual MAC address for interfaces on which floating interface IPs are placed
Default
False

distribute_load_active_standby

Type
bool
Category
optional
Description
Use both the active and standby Service Engines for Virtual Service placement in the legacy active standby HA mode.
Default
False

auto_redistribute_active_standby_load

Type
bool
Category
optional
Description
Redistribution of virtual services from the takeover SE to the replacement SE can cause momentary traffic loss. If the auto-redistribute load option is left in its default off state, any desired rebalancing requires calls to REST API.
Default
False

floating_intf_ip_se_2

Type
IpAddr
Category
repeated
Description
If ServiceEngineGroup is configured for Legacy 1+1 Active Standby HA Mode, Floating IP's will be advertised only by the Active SE in the Pair. Virtual Services in this group must be disabled/enabled for any changes to the Floating IP's to take effect. Only active SE hosting VS tagged with Active Standby SE 2 Tag will advertise this floating IP when manual load distribution is enabled.

custom_tag

Type
CustomTag
Category
repeated
Description
Custom tag will be used to create the tags for SE instance in AWS. Note this is not the same as the prefix for SE name

dedicated_dispatcher_core

Type
bool
Category
optional
Description
Dedicate the core that handles packet receive/transmit from the network to just the dispatching function. Don't use it for TCP/IP and SSL functions.
Default
False

cpu_socket_affinity

Type
bool
Category
optional
Description
Allocate all the CPU cores for the Service Engine Virtual Machines on the same CPU socket. Applicable only for vCenter Cloud.
Default
False

num_flow_cores_sum_changes_to_ignore

Type
uint32
Category
optional
Description
Number of changes in num flow cores sum to ignore.
Default
8

least_load_core_selection

Type
bool
Category
optional
Description
Select core with least load for new flow.
Default
True

extra_shared_config_memory

Type
uint32
Category
optional
Description
Extra config memory to support large Geo DB configuration.
Units
mb
Default
0

se_tunnel_mode

Type
uint32
Category
optional
Description
Determines if DSR from secondary SE is active or not. 0: Automatically determine based on hypervisor type. 1: Disable DSR unconditionally. ~[0,1]: Enable DSR unconditionally
Default
0

openstack_availability_zones

Type
string
Category
repeated
Description

service_ip_subnets

Type
IpAddrPrefix
Category
repeated
Description
Subnets assigned to the SE group. Required for VS group placement.

se_vs_hb_max_vs_in_pkt

Type
uint32
Category
optional
Description
Maximum number of virtualservices for which heartbeat messages are aggregated in one packet.
Default
256

se_vs_hb_max_pkts_in_batch

Type
uint32
Category
optional
Description
Maximum number of aggregated vs heartbeat packets to send in a batch.
Default
8

cloud_ref

Type
Reference to Cloud
Category
optional,readonly
Description
Default
/api/cloud?name=Default-Cloud

iptables

Type
IptableRuleSet
Category
repeated
Description
Iptable Rules

enable_routing

Type
bool
Category
optional
Description
Enable routing for this ServiceEngineGroup
Default
False

advertise_backend_networks

Type
bool
Category
optional
Description
Advertise reach-ability of backend server networks via ADC through BGP for default gateway feature.
Default
False

enable_vip_on_all_interfaces

Type
bool
Category
optional
Description
Enable VIP on all interfaces of SE.
Default
True

se_thread_multiplier

Type
uint32
Category
optional
Description
Multiplier for SE threads based on vCPU.
Default
1

async_ssl

Type
bool
Category
optional
Description
SSL handshakes will be handled by dedicated SSL Threads
Default
False

async_ssl_threads

Type
uint32
Category
optional
Description
Number of Async SSL threads per se_dp
Default
1

se_udp_encap_ipc

Type
uint32
Category
optional
Description
Determines if SE-SE IPC messages are encapsulated in an UDP header. 0: Automatically determine based on hypervisor type. 1: Use UDP encap unconditionally. ~[0,1]: Don't use UDP encap.
Default
0

se_ipc_udp_port

Type
uint32
Category
optional
Description
UDP Port for SE_DP IPC in Docker bridge mode.
Default
1500

se_remote_punt_udp_port

Type
uint32
Category
optional
Description
UDP Port for punted packets in Docker bridge mode.
Default
1501

VcenterDatastore

datastore_name

Type
string
Category
required
Description

VcenterClusters

cluster_refs

Type
Reference to VIMgrClusterRuntime
Category
repeated
Description

include

Type
bool
Category
optional
Description
Default
False

VcenterHosts

host_refs

Type
Reference to VIMgrHostRuntime
Category
repeated
Description

include

Type
bool
Category
optional
Description
Default
False

IpAddrPrefix

ip_addr

Type
IpAddr
Category
required
Description

mask

Type
int32
Category
required
Description

IpAddr

addr

Type
string
Category
required
Description
IP address

type

Type
enum
Category
required
Description
Choices
V4, DNS

DosThresholdProfile

thresh_period

Type
int32
Category
required
Description
Timer value in seconds to collect DoS attack metrics based on threshold on the Service Engine for this Virtual Service.
Units
sec
Default
5

thresh_info

Type
DosThreshold
Category
repeated
Description
Attack type, min and max values for DoS attack detection.

DosThreshold

attack

Type
enum
Category
required
Description
Attack type.
Choices
LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT, DOS_SSL_ERROR, DOS_APP_ERROR, DOS_REQ_IP_RL_DROP, DOS_REQ_URI_RL_DROP, DOS_REQ_URI_SCAN_BAD_RL_DROP, DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_URI_RL_DROP, DOS_CONN_IP_RL_DROP, DOS_SLOW_URL, TCP_NON_SYN_FLOOD, DOS_REQ_CIP_SCAN_BAD_RL_DROP, DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_RL_DROP_BAD, DOS_REQ_URI_RL_DROP_BAD, DOS_REQ_IP_URI_RL_DROP_BAD, POLICY_DROPS, DOS_CONN_RL_DROP, DOS_REQ_RL_DROP

min_value

Type
int32
Category
required
Description
Minimum number of packets or connections or requests in a given interval of time to be deemed as attack.

max_value

Type
int32
Category
required
Description
Maximum number of packets or connections or requests in a given interval of time to be deemed as attack.

MetricsRealTimeUpdate

enabled

Type
bool
Category
required
Description
Enables real time metrics collection. When disabled, 6 hour view is the most granular the system will track.
Default
False

duration

Type
uint32
Category
optional
Description
Real time metrics collection duration in minutes. 0 for infinite.
Units
min
Default
30

CustomTag

tag_key

Type
string
Category
required
Description

tag_val

Type
string
Category
optional
Description

IptableRuleSet

table

Type
string
Category
required
Description

chain

Type
string
Category
required
Description

rules

Type
IptableRule
Category
repeated
Description

IptableRule

src_ip

Type
IpAddrPrefix
Category
optional
Description

dst_ip

Type
IpAddrPrefix
Category
optional
Description

src_port

Type
PortRange
Category
optional
Description

dst_port

Type
PortRange
Category
optional
Description

proto

Type
enum
Category
optional
Description
Choices
PROTO_TCP, PROTO_UDP, PROTO_ICMP, PROTO_ALL

input_interface

Type
string
Category
optional
Description

output_interface

Type
string
Category
optional
Description

action

Type
enum
Category
required
Description
Choices
ACCEPT, DROP, REJECT, DNAT, MASQUERADE

dnat_ip

Type
IpAddr
Category
optional
Description

tag

Type
string
Category
optional
Description

PortRange

start

Type
uint32
Category
required
Description
TCP/UDP port range start (inclusive).

end

Type
uint32
Category
required
Description
TCP/UDP port range end (inclusive).

Actions

API


    POST /api/serviceenginegroup/&ltkey>/redistribute

CLI


    redistribute serviceenginegroup &ltkey>

References

HardwareSecurityModuleGroup Network VIMgrClusterRuntime Cloud Tenant VIMgrHostRuntime

Sub Objects

ServiceEngineGroupRuntime

API


    GET /api/serviceenginegroup/&ltkey>/runtime/&ltkey>

CLI


    show serviceenginegroup &ltkey> summary

Data

ServiceEngineGroupRuntime

uuid

Type
string
Category
required
Description

create_stats

Type
SeCreateStats
Category
optional
Description

modify_vnic_stats

Type
SeVnicStats
Category
optional
Description

add_vnic_stats

Type
SeVnicStats
Category
optional
Description

del_vnic_stats

Type
SeVnicStats
Category
optional
Description

query_host_in_progress

Type
bool
Category
optional
Description
Default
False

query_host_cookie

Type
string
Category
optional
Description

up_se

Type
string
Category
repeated
Description

down_se

Type
string
Category
repeated
Description

query_host_ticks

Type
int32
Category
optional
Description

disconnected_se

Type
string
Category
repeated
Description

at_curr_ver_se

Type
string
Category
repeated
Description

SeCreateStats

num_se_create

Type
int32
Category
optional
Description
Default
0

num_se_create_success

Type
int32
Category
optional
Description
Default
0

num_se_create_fail

Type
int32
Category
optional
Description
Default
0

num_se_create_timeout

Type
int32
Category
optional
Description
Default
0

SeVnicStats

num_vnic_op

Type
int32
Category
optional
Description
Default
0

num_vnic_op_success

Type
int32
Category
optional
Description
Default
0

num_vnic_op_fail

Type
int32
Category
optional
Description
Default
0

num_vnic_op_timeout

Type
int32
Category
optional
Description
Default
0

Actions

API


    POST /api/serviceenginegroup/&ltkey>/runtime/clear

CLI


    clear serviceenginegroup &ltkey> runtime