When attempting to modify an Avi Virtual Service configuration, the operation may fail with the following error message: "VRF context for <vs-name> and pool <pool-name> different."

Although the error references a pool object, the root cause is typically a VRF context mismatch between the Virtual Service object and its associated VS VIP object.

You can confirm this issue by using the following verification steps.

Verification via the UI:

1. In the Avi UI, navigate to the affected Virtual Service. Hover your cursor over the VS name to display its properties and note the VRF context. You should see the following screen:

2. Next, click to edit the Virtual Service, and click the edit icon next to the VS VIP object.

3. In the VS VIP properties, note its VRF Context. Example screenshot below:
   

4. If the VRF context noted in step 1 is different from the VRF context in step 3, you have confirmed the issue.

Steps to list objects in this state:

You can run a jQuery command against an Avi configuration backup file to identify all Virtual Services affected by this mismatch.

1. SSH into the Avi Controller leader VM.

2. Navigate to the backup directory:

   • cd /var/lib/avi/backups

3. Execute the following jq command against a recent configuration backup file (e.g., backup_Default-Scheduler_20251012_xyz.json)

   • jq '
       (.VsVip | map({key: .name, value: .}) | from_entries) as $vsvipMapByName
       |
       .VirtualService[]
       |
       (.vsvip_ref | capture("name=(?<vsvip_name>[^&]+)").vsvip_name) as $vsvipName
       |
       select(
         $vsvipName and                                                   
         $vsvipMapByName[$vsvipName] and                                  
         .vrf_context_ref != $vsvipMapByName[$vsvipName].vrf_context_ref
       )
       |
       "MISMATCH FOUND --- VsVip: \($vsvipName) | VS: \(.name) | VS_VRF: \(.vrf_context_ref) | VsVip_VRF: \($vsvipMapByName[$vsvipName].vrf_context_ref)"' <avi_config_backup_filename>

4. The command will output a "MISMATCH FOUND" line for each Virtual Service in an inconsistent state.

5. Please reach out to Avi support if you need assistance with performing the above steps.

This error occurs because the Virtual Service object and its corresponding VS VIP object are in different VRF contexts.

The vrf_context_ref field for a VS VIP object is currently not immutable and can be changed via the CLI.

This allows for the possibility of an accidental modification that places the VS VIP in a different VRF than its associated Virtual Service, creating a configuration conflict.

Workaround:

To resolve the issue, you must align the VRF context of the VS VIP object with the VRF context of the Virtual Service.

For example, if the Virtual Service is in the global VRF and the VSVIP was incorrectly moved to the admin VRF, follow these steps:

1. SSH to the Avi Controller leader VM.

2. Execute the following commands to move the VSVIP object back to the correct VRF:

   • $shell
     > configure vsvip <name-of-vsvip>
     > vrf_context_ref global
     > save

After saving, the VRF contexts will be aligned, and you will be able to modify the Virtual Service configuration without any error.

Permanent resolution:

This issue is addressed in Avi Controller versions 31.2.1 and newer.

In these versions:

• The vrf_context_ref field for a VS VIP object has been made immutable to prevent inadvertent changes.

• An automated check is included in the upgrade process to detect and flag any VS/VSVIP VRF mismatches before completing the upgrade.