Avi Integration with Microsoft Azure: Override Service Engine Management Network

Overview

When Avi Vantage is configured to provide application delivery services in Microsoft Azure, the Avi Vantage Cloud configuration process requires an Azure Virtual Network (VNet) and subnet to be specified. The Avi Service Engines created by the Avi Controller obtains a NIC and an IP address in the specified subnet of the VNet.

Use Case

In some Azure deployment use cases, customers would like to use a different subnet for some Service Engines. This is particularly useful in a topology where the same VNet has an external subnet, followed by traffic going through a firewall and then to an internal subnet. In these cases, there is a requirement to use the external subnet to host a virtual service to decrypt SSL and load balance traffic to the firewalls. The firewalls then route the traffic to a second virtual service, which could provide an additional set of services, including SSL re-encryption if required.

To allow such use cases on Microsoft Azure, Avi Vantage allows overriding the Service Engine management network at a per Service Engine Group level, starting from Avi Vantage release 18.2.3.

Notes:

  • This feature is supported in Avi Vantage’s integration with the following public clouds: Microsoft Azure (starting with Avi Vantage 18.2.3)
  • This feature can be configured using Avi CLI or the Avi REST APIs.
  • The SE network should be a subnet within the VNet set at the cloud level.
  • Any modification to this option will take effect only on the new SE’s created after the change, it will not affect the existing SEs.

Configuring SE Network through Avi CLI

Login to Avi CLI and use the configure serviceenginegroup <group name> command to set or override the subnet for a SE in a Service Engine group.


[admin:10-10-1-1]: > configure serviceenginegroup segrp1
[admin:10-10-1-1]: serviceenginegroup> data_network_id azure-subnet 
[admin:10-10-1-1]: serviceenginegroup> save

Note: azure-subnet is the name of the subnet from which the IP address for the specified Service Engine group will be allocated. azure-subnet must be within the VNet configured earlier as part of the Azure cloud.

Additional Information

For more information of Azure cloud deployment, refer to Configuring Avi Vantage for Application Delivery in Microsoft Azure.