Network Service Configuration

Overview

This guide explains the configuration process of network service. Network service can be configured per VRF and Service Engine Group. IP routing can be enabled by configuring Network Service of routing_service service type.

You can configure routing functionality per VRF basis. The existing functionality of routing and its associated information such as, enable_routing, floating_interface_ip, enable_vip_on_all_interfaces, and Mac masquerade under SE group are grouped under routing_service service type.

Notes:

  • This feature is supported starting Avi Vantage version 18.2.5.
  • Network Service can be configured only via CLI. The Network Service will be in effect on Active SE only if an interface of the corresponding VRF is present on Service Engine.

Configuring Network Service

The network service configuration is as follows:


configure networkservice NS-Default-Group-Global
    se_group_ref Default-Group
         cloud_ref [cloud name]
    vrf_ref global
    service_type routing_service
    routing_service
       enable_routing
       floating_intf_ip 10.10.10.11
       floating_intf_ip 10.10.40.11
       advertise_backend_networks
       enable_vip_on_all_interfaces
       floating_intf_ip_se_2 10.10.20.11
       floating_intf_ip_se_2 10.10.30.11
       nat_policy_ref nat-policy
   save
save

To disable any feature, use the no-form of the CLI as follows:

configure networkservice NS-Default-Group-Global
    se_group_ref Default-Group
    vrf_ref global
    service_type routing_service
    routing_service
        no enable_routing
    save
save

Migrating Network Service

When upgrading from an older release to 18.2.5, for any legacy Active/Standby SE group that had routing enabled in the originating release, there will be a Network Service automatically created on upgrade to 18.2.5. Any subsequent changes to be done such as changing floating interface IP etc has to be changed in the new Network Service.

Migration routines are added to create Network Service of type routing_service for Service Engine group with Enable-Routing/Floating Interface IP configured.

Above Network Service will be created using the tenancy as Service Engine Group Tenant and Tenant Default VRF.

For instance,

If the Service Engine Group tenant is admin, Network Service will have admin as tenant and the VRF as global.

If the Service Engine Group tenant is non-admin, Network Service will be created only if tenant has tenant_vrf mode enabled. Network Service creates with the VRF as Tenant’s Default-VRF.

Pre-Upgrade

IP routing is enabled in the SE group properties.


admin:10-10-24-165]: > show serviceenginegroup 4-core-SEs
+---------------------------------------+---------------------------------------------------------+
| Field                                 | Value                                                   |
+---------------------------------------+---------------------------------------------------------+
| uuid                                  | serviceenginegroup-a8030858-e586-4d45-99f1-54d9aac62b03 |
| name                                  | 4-core-SEs                                              |
| max_vs_per_se                         | 10                                                      |
| min_scaleout_per_vs                   | 2                                                       |
| max_scaleout_per_vs                   | 2                                                       |
| max_se                                | 2                                                       |
| vcpus_per_se                          | 4                                                       |
| memory_per_se                         | 2048                                                    |
| disk_per_se                           | 10 gb                                                   |
| max_cpu_usage                         | 80 percent                                              |
| min_cpu_usage                         | 30 percent                                              |
| se_deprovision_delay                  | 120 min                                                 |
| auto_rebalance                        | False                                                   |
| se_name_prefix                        | Avi                                                     |
| vs_host_redundancy                    | True                                                    |
| vcenter_folder                        | AviSeFolder                                             |
| vcenter_datastores_include            | False                                                   |
| vcenter_datastore_mode                | VCENTER_DATASTORE_ANY                                   |
| vcenter_hosts                         |                                                         |
| host_refs[1]                          | 10.10.16.94                                             |
| include                               | True                                                    |
| cpu_reserve                           | True                                                    |
| mem_reserve                           | True                                                    |
| ha_mode                               | HA_MODE_LEGACY_ACTIVE_STANDBY                           |
| tenant_ref                            | admin                                                   |
| cloud_ref                             | Default-Cloud                                           |
| enable_routing                        | True                                                    |
| advertise_backend_networks            | False                                                   |
| enable_vip_on_all_interfaces          | True                                                    |
| se_thread_multiplier                  | 1                                                       |
| enable_gratarp_permanent              | False                                                   |
| gratarp_permanent_periodicity         | 10 min                                                  |
| floating_intf_ip[1]                   | 10.10.10.11                                             |
| floating_intf_ip[2]                   | 10.10.40.11                                             |
| floating_intf_ip_se_2[1]              | 10.10.20.11                                             |
| floating_intf_ip_se_2[2]              | 10.10.30.11                                             |
| enable_vmac                           | False                                                   |
+---------------------------------------+---------------------------------------------------------+

Post Upgrade

Network Service automatically created for the SE group and routing configurations moved under Network Service. It will no longer be present under SE group settings.


[admin:10-10-24-165]: > show networkservice NS-4-core-SEs-global-admin
+--------------------------------+-----------------------------------------------------+
| Field                          | Value                                               |
+--------------------------------+-----------------------------------------------------+
| uuid                           | networkservice-e8a9f852-7618-4a57-8ece-2b27a925b764 |
| name                           | NS-4-core-SEs-global-admin                          |
| se_group_ref                   | 4-core-SEs                                          |
| vrf_ref                        | global                                              |
| service_type                   | ROUTING_SERVICE                                     |
| routing_service                |                                                     |
| enable_routing                 | True                                                |
| routing_by_linux_ipstack       | False                                               |
| floating_intf_ip[1]            | 10.10.10.11                                         |
| floating_intf_ip[2]            | 10.10.40.11                                         |
| enable_vmac                    | False                                               |
| enable_vip_on_all_interfaces   | True                                                |
| advertise_backend_networks     | False                                               |
| tenant_ref                     | admin                                               |
| cloud_ref                      | Default-Cloud                                       |
| floating_intf_ip_se_2[1]       | 10.10.20.11                                         |
| floating_intf_ip_se_2[2]       | 10.10.30.11                                         |
+--------------------------------+-----------------------------------------------------+

Routing Auto Gateway

Starting with Avi Vantage release 20.1.1, a new knob enable_auto_gateway is introduced in the routing service of network service configuration. This is used to enable the auto gateway functionality to the routing traffic. The knob is set to False by default.

On enabling the knob, flow-based routing is enabled for all the incoming traffic for all the interfaces in a VRF. The Service Engine caches the incoming route traffic mac and forwards the packet to the same next hop that it received the traffic from.

Supported Environments

The routing auto gateway functionality is supported in the following environments:

  • Active/ Standby SE group, in DPDK based environments
  • VMware Read/Write modes and Bare-metal clouds

Configure a network service corresponding to the SE group requires and set enable_auto_gateway to True for the corresponding network service catering to routing.

Configuring Routing Auto Gateway

Enabling auto gateway, routing and NAT are currently supported only via CLI.

Log in to the Avi Controller CLI and execute the following commands:


configure networkservice NS-Default-Group-Global
    se_group_ref Default-Group
    cloud_ref [cloud name]
    vrf_ref   [vrf name]
    service_type routing_service
    routing_service
    enable_routing
    nat_policy_ref nat-policy
    enable_auto_gateway
    save
save

The network service configuration is as shown below:


[admin:abd-ctrl-wildcard]: > show networkservice NS-Default-Group-Global
+--------------------------------+-----------------------------------------------------+
| Field                          | Value                                               |
+--------------------------------+-----------------------------------------------------+
| uuid                           | networkservice-1bcd0e3a-4c3d-4e3e-8d1a-619120f9d68f |
| name                           | NS-Default-Group-Global                             |                  
| se_group_ref                   | Default-Group                                       |
| vrf_ref                        | global                                              |
| service_type                   | ROUTING_SERVICE                                     |
| routing_service                |                                                     |
|   enable_routing               | True                                                |
|   enable_auto_gateway          | True                                                |
|   nat_policy_ref               | nat-policy                                          |
|                                |                                                     |
| tenant_ref                     | admin                                               |
| cloud_ref                      | Default-Cloud                                       |
+--------------------------------+-----------------------------------------------------+

Suggested Additional Reading

Refer to the following KBs for more details: