When Avi Load Balancer is configured to provide application delivery services in Microsoft Azure, the Avi Load Balancer cloud configuration process requires an Azure Virtual Network (VNet) and subnet to be specified. The Avi Load Balancer Service Engines created by the Avi Load Balancer Controller obtains a NIC and an IP address in the specified subnet of the VNet.
Use Case
In some Azure deployment use cases, customers would like to use a different subnet for some Service Engines. This is particularly useful in a topology where the same VNet has an external subnet, followed by traffic going through a firewall and then to an internal subnet. In these cases, there is a requirement to use the external subnet to host a virtual service to decrypt SSL and load balance traffic to the firewalls. The firewalls then route the traffic to a second virtual service, which could provide additional services, including SSL re-encryption if required.
To allow such use cases on Microsoft Azure, Avi Load Balancer allows overriding the Service Engine management network at a per Service Engine Group level.
This feature can be configured using Avi Load Balancer CLI or the REST APIs.
The SE network should be a subnet within the VNet set at the cloud level.
Any modification to this option will take effect only on the new SEs created after the change, and it will not affect the existing SEs.
Configuring SE Network through Avi Load Balancer CLI
Log into the Avi Load Balancer CLI and use the configure serviceenginegroup <group name> command to set or override the subnet for a SE in a Service Engine group.
[admin:10-10-1-1]: > configure serviceenginegroup segrp1 [admin:10-10-1-1]: serviceenginegroup> data_network_id azure-subnet [admin:10-10-1-1]: serviceenginegroup> save
azure-subnet
is the name of the subnet from which the IP address for the specified Service Engine group will be allocated. azure-subnet
must be within the VNet configured earlier as part of the Azure cloud.