Virtual services are the core of the Avi Vantage load-balancing and proxy functionality. A virtual service advertises an IP address and ports to the external world and listens for client traffic. When a virtual service receives traffic, it may be configured to:
- Proxy the client’s network connection.
- Perform security, acceleration, load balancing, gather traffic statistics, and other tasks.
- Forward the client’s request data to the destination pool for load balancing.
A virtual service can be thought of as an IP address that Avi Vantage is listening to, ready to receive requests. In a normal TCP/HTTP configuration, when a client connects to the virtual service address, Avi Vantage will process the client connection or request against a list of settings, policies and profiles, then send valid client traffic to a back-end server that is listed as a member of the virtual service’s pool.
Typically, the connection between the client and Avi Vantage is terminated or proxied at the SE, which opens a new TCP connection between itself and the server. The server will respond back directly to the Avi Vantage IP address, not to the original client address. Avi Vantage forwards the response to the client via the TCP connection between itself and the client.
A typical virtual service consists of a single IP address and service port that uses a single network protocol. Avi Vantage allows a virtual service to listen to multiple service ports or network protocols.
For instance, a virtual service could be created for both service port 80 (HTTP) and 443 SSL (HTTPS). In this example, clients can connect to the site with a non-secure connection and later be redirected to the encrypted version of the site. This allows administrators to manage a single virtual service instead of two. Similarly, protocols such as DNS, RADIUS and syslog can be accessed via both UDP and TCP protocols.
It is possible to create two unique virtual services, where one is listening on port 80 and the other is on port 443; however, they will have separate statistics, logs, and reporting. They will still be owned by the same Service Engines (SEs) because they share the same underlying virtual service IP address.
To send traffic to destination servers, the virtual service internally passes the traffic to the pool corresponding to that virtual service. A virtual service normally uses a single pool, though an advanced configuration using policies or DataScripts can perform content switching across multiple pools. A script also can be used in lieu of a pool, such as a virtual service that only performs an HTTP redirect.
A pool can only be assigned to a single virtual service. If the virtual service is deleted or pointed at a different pool, the pool will become unassigned and available to be used by a different virtual service.
When creating a virtual service, that virtual service listens to the client-facing network, which is most likely the upstream network where the default gateway exists. The pool connects to the server network.
Normally, the combined virtual service and pool are required before Avi Vantage can place either object on an SE. When making an SE placement decision, Avi Vantage must choose the SE that has the best reachability or network access to both client and server networks. Alternatively, both the clients and servers may be on the same IP network.
Virtual Service Page
Select Applications > Virtual Services to open the virtual services page. This page displays a list of the configured virtual services. It can be used to quickly check the status and view high level information for each.
This page includes the following functions:
Delete: Immediately removes a virtual service from Vantage. This will terminate all existing connections, delete the configuration of the virtual service, and place the pools used by that virtual service into an unused state. When deleting, a secondary prompt will ask to remove the pool at the same time or leave it intact. The SEs hosting the virtual service may be eligible for deletion if they are no longer in use. Note that an object cannot be restored.
The table on this page contains the following information for each virtual service. The columns are customizable, so the exact view may be different.
- Name: Lists the name of each virtual service. Clicking the name of a virtual service opens Analytics tab of Virtual Service page.
- Health: Provides both a number from 1-100 and a color-coded status to provide quick information about the health of each virtual service. If the virtual service is down, an exclamation point will appear instead of a number. A dash appears if the virtual service is disabled, not deployed, or in an error state.
- Hovering the cursor over this score opens the Health Score popup for the virtual service.
- The View Insights link at the bottom of the popup opens the Insights tab of the Virtual Service Details page.
- Clicking within the Health Score popup opens the Analytics tab of the Virtual Service Details page.
- Address: Displays the IP address advertised by the virtual service.
- Services: Lists the service ports configured for the virtual service. Ports that are configured for terminating SSL/TLS connections are denoted in parenthesis. A virtual service may have multiple ports configured. For example:
- 80 (HTTP)
- 443 (SSL)
- Pools: Lists the pools assigned to each virtual service. Clicking a pool name opens the Analytics tab of Pool detail page.
- Service Engine Group: The group from which Service Engines may be assigned to the virtual service.
- Service Engines: Lists the Service Engines to which the virtual service is assigned. Clicking a Service Engine name opens Analytics tab of the Service Engine Details page.
- # Service Engines: Shows the number of SEs assigned to the virtual service as a time series. Useful to see if a virtual service scales up or down the number of SEs.
- Throughput: Thumbnail chart of the throughput for each virtual service for the time frame selected.
- Hovering the cursor over this graph shows the throughput for the highlighted time.
- Clicking a graph opens Analytics tab of Virtual Service details page for the virtual service.
- Open Conns: Avg number of open connections.
- Client RTT: The average TCP latency between clients of the virtual service and its SEs.
- Server RTT: The average TCP latency between back-end servers of the virtual service and its SEs.
- Conns: **Rate of total connections per second.
- Error Conns: Rate of errored connections per second.
- Rx pkts: Average rate of packets received per second.
- Tx pkts: Average rate of packets transmitted per second.
- Policy Drops: Rate of total connections dropped due to VS policy per second. It includes drops due to rate limits, security policy drops, connection limits, etc.
- DDoS Attacks: Number DDOS attacks occurring per second.
- Alerts:** Number of alerts related to the virtual service, pool, or Service Engines.
Virtual Service Edit Page
The various attributes for a virtual service can be changed using the edit option available on the Avi user interface. Navigate to Applications > Virtual Services, select the desired virtual service and click on the edit icon. The following options are available to edit:
The following options can be edited using the Setting tab.
- Application Profile: Application profiles determine the behavior of virtual services, based on application type. For more information, refer to Application Profile.
- TCP-UDP Profile: A TCP/UDP profile determines the type and settings of the network protocol that a subscribing virtual service will use. It sets a number of parameters, such as whether the virtual service is a TCP proxy versus a pass-through via fast path. For more information, refer to TCP/UDP Profile.
Under Policies tab, Network Security and DNS Policy options are available. Based on the requirement, the network security policies and the HTTP polices can be modified. For more information, refer to the Policy Types section of Create a Virtual Service.
Using the Analytics option, the profiles for analytics, client insight, and client log is created or modified. The Analytics tab of the advanced virtual service configuration wizard defines how analytics data is captured. For more information, refer to the Anaytics section of Create a Virtual Service.
Under the Advanced option, the following options are available to edit:
- Performance Limit Setting
- Quality of Service
- Virtual IP Placement Setting
- HTTP Basic Authentication
- Other Setting
The following options are available under the Other Setting tab:
- Server Network Profile: The setting for the connection between the Service Engine and the server can be changed by specifying a different TCP proxy profile.
- Traffic Clone Profile: List of servers is mentioned for cloning traffic.
- Host Name Translation: If the host header name in a client HTTP request is not the same as this field, or if it is an IP address, Avi Vantage will translate the host header to this name prior to sending the request to the back-end server.
- Remove Listening Port when VS down: By enabling this option for a virtual service (VS) in down state, the listening ports on Avi Vantage for the virtual service are removed, the virtual service, therefore will not respond even to incoming TCP requests for the configured ports. For more information, refer to What is the option “Remove Listening Port when VS down” on Avi UI?.
For the detailed information on the above-mentioned options on the Avi UI, refer to the respective sections in the Create a Virtual Service page.
Virtual Services Details Pages
The Virtual Service Details pages shows extensive information about a virtual service. Access these pages by clicking the name of a virtual service within the Applications > Dashboard or from the Applications > Virtual Service page.
The details pages are a loose collection of a number of sub-pages under the umbrella of the virtual service.
- Virtual Service Analytics Page
- Virtual Service Logs Page
- Virtual Service Health Page
- Virtual Service Clients Page
- Virtual Service Security Page
- Virtual Service Events Page
- Virtual Service Alerts Page
Virtual Service Quick Info Popup
All of the virtual service details pages include the Virtual Service Quick Info popup, which may be accessed by hovering over or clicking the name of the virtual service in the top left corner of the page.
The Virtual Service Quick Info popup provides buttons for the following functions:
- Scale Out: Scales out, which distributes connections for the virtual service to one additional SE per click, up to the maximum number of SEs defined in the SE group properties.
- Scale In: Scales in the virtual service by one SE, down to a minimum of one SE.
- Migrate: Moves the virtual service from the SE it is currently on to a different SE within the same SE group.
This popup also displays the following information (if applicable) for the virtual service:
- Service Engine: Names or IP addresses of the SEs this virtual service is deployed on. Clicking on an SE name opens the Service Engine Details page for that SE.
- Uptime / Downtime: The amount of time the virtual service has been in the current up or down state.
- Address: IP address of the virtual service.
- Application Profile: The application profile applied to the virtual service.
- Service Port: Service port(s) on which the virtual service is listening for client traffic.
- TCP/UDP Profile: The profile applied to the virtual service.
- SSL Certificates: The certificate(s) applied to the virtual service.
- Non-Significant Logs: When disabled, the virtual service defaults to logging significant events or errors. When enabled, all connections or requests are logged. (The Analytics page has additional logging options.)
- Real Time Metrics: When this option is disabled, metrics are collected every five minutes, regardless of whether the Display Time is set to the Real Time. When the option is enabled, metrics are collected every 15 seconds.
- Client Log Filters: Number of custom log filters applied to the virtual service. Log filters can selectively generate non-significant or more verbose logs.
- Client Insights: Type of client insights gathered by the virtual service: Active, Passive, or None.