NSX-T Route Revocation

This section discusses the use of revoke_vip_route flag available under virtual service configuration for an NSX-T cloud deployment.

The following diagram explains routing in an NSX-T deployment when T0 and T1 routers are used.

In the NSX-T deployments shown above, Virtual IP address (VIP 1.1.1.1) is programmed as a route in the T1 router, pointing to the scaled-out SEs to attract traffic. This route is propagated to the T0 router to attract wider application traffic.

Traffic gets routed based on route distance in specific deployments involving multiple sites hosting the same application and advertising the same Virtual IP address.

When the virtual service is down at a site, the route programming for the VIP at that site needs to be removed to ensure all traffic is redirected to the other site where the virtual service is up and running. When the revoke_vip_route flag is set to true, the VIP route is revoked when the virtual service is OPER_DOWN, and similarly, it is added back when the virtual service is OPER_UP.

It's important to note that the revoke_vip_route flag is not set to true by default. It needs to be explicitly toggled to true to activate the feature, ensuring the correct routing of traffic.

For the feature to take effect, revoke_vip_route must be set to true when the VS is in OPER_UP state.

Once the virtual service comes up, routing information gets updated automatically, and the T1 router starts forwarding requests for VIP 1.1.1.1 to the SE's connected interface, as shown below.

Note:

This feature is not supported when a Virtual IP address is shared among multiple virtual services.

Configuring Route Revoke Using CLI

Login to Avi Load Balancer CLI and use the configure virtualservice command to set the value of the revoke_vip_route to true. The default value of the revoke_vip_route flag is false.

[admin:10-50-51-111]: > configure virtualservice vs1
Updating an existing object. Currently, the object is:
+------------------------------------+-----------------------------------------------------+
| Field                              | Value                                               |
+------------------------------------+-----------------------------------------------------+
| uuid                               | virtualservice-42df5c41-7822-497d-9113-da5070637ef4 |
| name                               | vs1                                                 |
| enabled                            | True                                                |
| services[1]                        |                                                     |
|   port                             | 80                                                  |
|   enable_ssl                       | False                                               |
|   port_range_end                   | 80                                                  |
|   enable_http2                     | False                                               |
|   horizon_internal_ports           | False                                               |
|   is_active_ftp_data_port          | False                                               |
| application_profile_ref            | System-HTTP                                         |
| network_profile_ref                | System-TCP-Proxy                                    |
| pool_ref                           | vs1-Pool                                            |
| se_group_ref                       | Default-Group                                       |
| network_security_policy_ref        | vs1-NetworkSecurityPolicy                           |
| http_policies[1]                   |                                                     |
|   index                            | 11                                                  |
|   http_policy_set_ref              | vs1-HTTPPolicySet-0                                 |
| analytics_policy                   |                                                     |
|   full_client_logs                 |                                                     |
|     enabled                        | False                                               |
|     duration                       | 0 min                                               |
|     throttle                       | 10 per_second                                       |
|   client_insights                  | NO_INSIGHTS                                         |
|   all_headers                      | False                                               |
|   metrics_realtime_update          |                                                     |
|     enabled                        | False                                               |
|     duration                       | 0 min                                               |
|   udf_log_throttle                 | 10 per_second                                       |
|   significant_log_throttle         | 10 per_second                                       |
|   learning_log_policy              |                                                     |
|     enabled                        | False                                               |
| vrf_context_ref                    | Tier1-01                                            |
| enable_autogw                      | True                                                |
| analytics_profile_ref              | System-Analytics-Profile                            |
| weight                             | 1                                                   |
| delay_fairness                     | False                                               |
| max_cps_per_client                 | 0                                                   |
| limit_doser                        | False                                               |
| type                               | VS_TYPE_NORMAL                                      |
| cloud_type                         | CLOUD_NSXT                                          |
| ssl_sess_cache_avg_size            | 1024                                                |
| remove_listening_port_on_vs_down   | False                                               |
| close_client_conn_on_config_update | False                                               |
| bulk_sync_kvcache                  | False                                               |
| advertise_down_vs                  | False                                               |
| revoke_vip_route                   | True                                                |
| tenant_ref                         | admin                                               |
| cloud_ref                          | test-nsxt-cloud                                     |
| east_west_placement                | False                                               |
| scaleout_ecmp                      | True                                                |
| active_standby_se_tag              | ACTIVE_STANDBY_SE_1                                 |
| flow_label_type                    | NO_LABEL                                            |
| content_rewrite                    |                                                     |
|   rewritable_content_ref           | System-Rewritable-Content-Types                     |
| sideband_profile                   |                                                     |
|   sideband_max_request_body_size   | 1024 bytes                                          |
| vsvip_ref                          | vs1-VsVip                                           |
| use_vip_as_snat                    | False                                               |
| vh_type                            | VS_TYPE_VH_SNI                                      |
| enable_session                     | False                                               |
+------------------------------------+-----------------------------------------------------+

| revoke_vip_route                   | True                                                |