Avi Load Balancer Service Engine data interfaces can be assigned to multiple VRFs (Virtual Routing and Forwarding Context). Virtual Routing Framework, or VRF, is a method of isolating traffic within a system. This is also referred to as a 'route domain' within the load balancer community.
Avi Load Balancer supports the assignment of SE data interfaces to multiple VRFs in the following clouds:
No Access Cloud
Linux server Cloud
vCenter Cloud in provider mode
Multiple VRFs are only supported in Linux server clouds for SEs with DPDK enabled.
Types of Interface Supported
The VRF property for the following types of data interfaces can be modified, through the REST API, UI, or CLI.
Physical interfaces
Port-channel interfaces
VLAN interfaces
The following types of data interfaces do not support modification of the VRF property. If you try to modify them, the system will display an error message:
Port-channel member interfaces
Management interface
Dependency on In-band Management
Each deployed Service Engine has in-band management. When enabled, the management interface of the Service Engine (that is, the interface used to communicate with the Controller cluster) is also used for data plane traffic.
If in-band management is enabled on an SE, that SE will not support multiple VRFs.
To enable multiple VRFs on an SE, it must be deployed with in-band management deactivated. The caveat with disabling in-band management is that the management interface will not be used for data plane traffic. Hence, no virtual service will be placed on this interface, and this interface will not be used to communicate with back-end servers.
For more information on enabling or deactivating in-band management, see Configuring In-band Management for an Avi Load Balancer Service Engine.
Modifying SE Data Interface VRF using the UI
You can update SE physical port-channel and VLAN interface VRFs, if there are multiple VRFs configured in the tenant and cloud to which the SE belongs.
Modifying SE Data Interface VRF using the CLI
You can set VRF for physical and VLAN interfaces through CLI as follows: