The Avi Controller is always deployed to the Management Network where it can interface with the vCenter Server, ESXi hosts, and Supervisor Cluster control plane nodes. The Service Engines are deployed with interfaces to the Management Network and the Data Network.
The Management Network, such as MGMT-VLAN1009
, is where the Controller resides and management interface of the Services Engines are connected to.
The Data Network, such as DATA-VLAN1068
, is where the Service Engine interfaces connect for VIP placement. The client traffic reaches the VIP and the Service Engines load balances the traffic to the Workload Network IPs through this network.
The Workload Network, such as TKGS-VLAN1000
, is where the Tanzu Kubernetes clusters run. The Service Engines do not require interfaces to the Workload Network.
The Service Engines run in a one-arm mode. They route the load balanced traffic to the Workload Network through the router. The Service Engines do not get the default gateway IP from DHCP on the Data Networks. You must configure static routes so that the Service Engines can route traffic to the Workload Networks and Client IP correctly. For more information about configuring static routes, see Configure Static Routes.
This topology allows the Service Engine to be located on a single network. The Service Engine creation and network connections are automated by the Avi Controller.