Enhanced Virtual Hosting in AKO
Overview
AKO currently creates an SNI child virtual service to a parent shared virtual service for the secure hostname. The SNI virtual service is used to bind the hostname to a sslkeycert object. The sslkeycert object is used to terminate the secure traffic on Avi’s service engine. On the SNI virtual service, AKO creates httppolicyset rules to route the terminated (insecure) traffic to the appropriate pool object using the host/path specified in the rules section of this ingress object.
With Enhanced Virtual Hosting support in Avi, virtual hosting on virtual service can be enabled irrespective of SNI. Also, the SNI can only handle HTTPS (HTTP over SSL) traffic whereas EVH children can handle both HTTP and HTTPS traffic. For each unique host, an EVH child virtualservice is created. This is applicable for both secure and insecure FQDNs. Layer 4 virtualservices and TLS passthrough works the same way as the SNI model .
With EVH enabled host rule CRD’s can be applied to insecure ingress as well.
Naming of Avi Objects with EVH enabled
Starting with Avi Controller 20.1.6, all object names have a max length limitation of 255 characters. To avoid object name lengths beyond 255 characters, AKO will name all EVH object names, except the parent virtual service, VIP names and advancedL4 object names, using a SHA1 encoding logic.
Shared Virtual Service Names
The shared VS names are derived based on a combination of fields to keep it unique per Kubernetes cluster/ OpenShift cluster. This is the only object in Avi that does not derive its name from any of the Kubernetes/OpenShift objects.
ShardVSName = clusterName + "--Shared-L7-EVH-" + <shardNum>
Here,
clusterNameis the value specified in values.yaml during install.Shared-L7-EVHis a constant identifier for shared virtual servicesshardNumis the number of the shared virtual service generated based on hostname based shards.
EVH child Virtual Service Names
vsName = clusterName + "--" + encoded-value
EVH Pool Names
poolName = clusterName + "--" + encoded-value
EVH Pool Group Names
poolgroupname = clusterName + "--" + encoded-value</pre>
Document Revision History
| Date | Change Summary |
|---|---|
| August 31, 2021 | Published the article for Enhanced Virtual Hosting for AKO 1.5.1 |
| April 28, 2021 | Published the article for Enhanced Virtual Hosting supported in AKO 1.4.1 |