Avi Load Balancer SEs handle all data plane operations within the Avi Load Balancer by receiving and executing instructions from the Controller.

The SEs perform load balancing and all client and server facing network interactions. They collect real-time telemetry data from application traffic flows.

In a typical load balancing scenario, a client will communicate with a virtual service, which is an IP address and one or more ports hosted in Avi Load Balancer by Service Engines. The virtual service internally passes the connection through a number of profiles. For HTTP traffic, the SE can terminate and proxy the client TCP connection, terminate SSL/TLS, and proxy the HTTP request. Once the request is validated, it is forwarded internally to a pool to choose an available back end server.

A new TCP connection then originates from the SE. This connection uses the IP address of the SE on the internal network as the client request’s source IP address. Return traffic also follows the same path. The client communicates exclusively with the virtual service IP address and not the back end server IP.



Avi Load Balancer Load balancer Service Engine follows a distributed architecture with clear segregation between the management and the data plane. The data-plane traffic works through its own set of interfaces, thereby posing no risk to management interfaces. Any attack on data-plane is always confined to the data-plane alone. Additionally, the control plane can bring visibility into data-plane attacks through management interfaces and it can serve to secure data-plane from some of the attacks with the help of management interfaces.

Data Plane High Availability

Avi Load Balancer SE groups support the following HA modes:

  • Elastic HA: Provides fast recovery for individual virtual services following failure of the SE. Depending on the mode, the virtual service is already running on multiple SEs or is quickly placed on another SE. The following modes of cluster HA are supported:

    • Active/Active

    • N + M

  • Legacy HA: Emulates the operation of a 2-device hardware active/ standby HA configuration. The active SE carries all the traffic for a virtual service placed on it. The other SE in the pair is the standby for the VS, carrying no traffic for it when the active SE is healthy.