VRF Support for vCenter Deployments

Overview

Virtual Routing Framework (VRF), is a method of isolating traffic within a system. This is also referred to as a route domain within the load balancer community.

In Avi Vantage deployments with VMware vCenter, all port groups discovered from vCenter are placed into a single VRF context, by default, called Global. VRF contexts simplify virtual service deployment by organizing the port groups discovered from vCenter into subsets.

If multiple VRF contexts are configured, the workflow for creating a virtual service begins with selecting the VRF in which the virtual service is placed. The web interface presents only the networks in the selected VRF context as valid targets for placing that virtual service.

Global VRF and Admin Tenant

When a VMware cloud is created on the Avi Controller, Avi Vantage adds all of the port groups learned from vCenter into a VRF named Global in the admin tenant.

vmware-single-vrf-1

Additional VRF contexts can be created in the admin tenant, and individual port groups can be moved from the global VRF into the other VRF contexts. The VRF contexts and their port groups remain in the admin tenant but are available for selection by other tenants when they create virtual services, as shown in the following example:

vmware-multi-vrf

Avi Vantage Provider Mode

When integrated with a vCenter-managed cloud, Avi Vantage operates in Provider mode. This is not the same as a virtual routing context. Provider mode is a Avi Vantage deployment mode wherein all the cloud’s network resources — the packet plumbing — remain in the admin tenant and cannot be moved. To configure VRF contexts and move port groups into them, the Avi Vantage user must have write privileges for the admin tenant.

Configuring VRF

This section gives steps for creating VRF contexts on the Avi Vantage Controller, moving port groups to the VRF contexts, and creating virtual services in those contexts.

Notes:

  • This section assumes that the Controller has already been installed, and that initial configuration of the Controller has been performed using the setup wizard.
  • The Avi Vantage user must have write privileges for the admin tenant. These steps can be performed only from the admin tenant.

Creating Networks to the VRF Contexts

  1. Navigate to Infrastructure > Networks.
  2. Select cloud by clicking on Select Cloud drop-down list.
  3. Select DHCP checkbox in IP Address Management section.
  4. Click on Save.

    vrf4

Creating VRF Contexts

  1. Navigate to Infrastructure > Routing.
  2. Select cloud by clicking on Select Cloud drop-down list.
  3. Click on VRF Context, then click on Create button.

    vrf1

  4. Specify the name of the VRF context and click on Save.

    vrf2

Note: For No-access cloud, the Create network button is enabled. However, there is no provision to create a new VRF/Routing context from there.

Virtual Services

The following are the steps to create virtual services:

Note: These steps can be performed from the admin tenant or from another tenant.

  1. Navigate to Applications > Dashboard, and click on New Virtual Service.
  2. Select the VRF context from the list, and click on Next.

    vrf5

  3. Specify a name for the virtual service.
  4. Specify the Virtual IP address (VIP) on which Avi Vantage will listen for requests to the virtual service.
  5. In Select Servers by Network section, select the network to place the virtual service. The list displays only the networks within the selected VRF context.


    Note: The Select Servers by Network button is available if VMware cloud is configured in read-access or write-access mode. In no-access mode, it is not available.
    vrf6

    After a network is selected, a list of the servers in that network appears.

    vrf7

  6. Click to select individual servers, then click on Add Servers.
  7. Click on Save.