Unable to make changes to the Virtual Service when VIP as SNAT option is enabled
search cancel

Unable to make changes to the Virtual Service when VIP as SNAT option is enabled

book

Article ID: 422695

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

When a Virtual Service (VS) is configured with “Use VIP as SNAT” enabled and is part of an N+M Service Engine (SE) Group, any attempt to modify the VS configuration fails.

When the VS is edited and Save is clicked, the following error is observed: 

Virtual Service with use VIP as SNAT option enabled cannot be scaled out or added to Active-Active HA mode SE Group. It cannot have an SNAT IP Pool configured and cannot be of type Child

Environment

Avi Load Balancer

SE Group: N+M with Minimum scaleout is >= 2

 

Cause

This issue occurs when the following sequence of actions is performed on the Virtual Service:

  • A Service Engine Group is initially configured in N+M (Active-Active) mode with SEG > Placement > Scale per Virtual Service = 1

  • A Virtual Service with “Use VIP as SNAT” enabled is created.

    • With Minimum Scaleout = 1, the VS is placed on a single Service Engine

  • The Minimum Scaleout value of the SE Group is later increased to 2 or higher, which causes all Virtual Services in the group to scale out across multiple Service Engines.
  • Any subsequent attempt to modify the Virtual Service configuration while “Use VIP as SNAT” remains enable results in the following error: “VS with ‘Use VIP as SNAT’ option enabled cannot be scaled out or added to an Active-Active HA mode SE group.”

Note: By default placing VS with SNAT option enabled on multiple Service engines are not allowed. 

Reason: This option uses the VIP for health monitoring and sending traffic to backend servers instead of the SE interface IP, which conflicts with the operational model (where both service engines sends the Health Monitor to backend servers)

Resolution

To modify an existing Virtual Service with “Use VIP as SNAT” enabled, choose one of the following options based on your requirement:

Option-1: VIP as SNAT Is No Longer Required

  • Disable the “Use VIP as SNAT” option on the Virtual Service.

  • Proceed with the required Virtual Service configuration changes.

Option-2: VIP as SNAT Is Required

  • Set the Minimum Scaleout value of the Service Engine Group back to 1

    • This action does not automatically scale in existing Virtual Services.

  • Manually scale in the Virtual Service so that it is placed on a single Service Engine.

  • Perform the required Virtual Service configuration changes.

Powered by Wolken Software