6V0-22.25 Products and Solutions

Products and Solutions Detailed Explanation

1. VMware Avi Load Balancer Overview

1.1 Product Positioning

What is Avi Load Balancer?

Avi Load Balancer (now part of VMware) is:

• A next-generation load balancing solution.

• Built entirely in software – no special hardware needed.

• Designed for modern applications that run:

  • On-premises

  • In public cloud

  • Across hybrid or multi-cloud environments

What does “L4–L7” mean?

This refers to network layers:

• L4 (Layer 4) = Transport layer (TCP, UDP)

  • Example: Load balancing TCP connections to a database.

• L7 (Layer 7) = Application layer (HTTP, HTTPS)

  • Example: Load balancing a website or API, inspecting URLs or cookies.

Avi supports both L4 and L7, and more:

• SSL termination

• Content-based routing

• Advanced security

What makes Avi different?

Avi is not just a load balancer — it's a platform that combines:

• Load balancing

• Analytics

• Security (WAF)

• Automation tools
  All managed from one central place.

1.2 Evolution of Avi

Knowing the history gives us context about where Avi fits in the VMware world.

Originally: Avi Networks

• Founded as a startup to build a software-defined, analytics-driven load balancer.

• Focused on cloud-native and scalable architectures.

Acquired by VMware (2019)

• VMware saw the value in Avi’s modern design.

• It became part of VMware’s Application Networking and Security (ANS) portfolio.

Integrated into VMware Ecosystem

• Now works closely with:

  • NSX-T for networking/firewall

  • Tanzu for Kubernetes

  • vRealize Suite for automation and observability

This makes it a strong alternative to legacy load balancers like F5 or Citrix ADC, especially in modern VMware environments.

2. Key Features and Capabilities

This section focuses on what Avi can do — its core functions and advanced features that make it stand out from traditional load balancers.

2.1 L4–L7 Application Services

Avi Load Balancer supports full-featured Layer 4 to Layer 7 services — from basic TCP/UDP balancing to advanced web security.

Load Balancing

Avi decides how to distribute incoming traffic across multiple backend servers.

• Layer 4:

  • Balances TCP/UDP traffic without inspecting content.

  • Example: Load balancing database connections or streaming traffic.

• Layer 7:

  • Inspects HTTP/S traffic to make smart routing decisions.

  • Example: Send users to different backends based on URL or cookies.

SSL Termination

Avi can decrypt incoming HTTPS traffic, process it, and then:

• Forward it unencrypted to backend servers (offloading).

• Or re-encrypt before sending it to the servers.

Why it matters:
Offloading SSL reduces the workload on your backend apps.

Content Switching

Avi can make decisions based on content, such as:

• Path (/api, /login)

• Hostname (site1.example.com, site2.example.com)

• HTTP header or cookie values

This allows:

• Hosting multiple apps on a single IP.

• Custom routing rules for traffic control.

Application Acceleration

Avi boosts application performance by:

• Compressing responses (gzip, Brotli)

• Caching content (e.g., static files)

• Using modern protocols like HTTP/2 or QUIC

These features help apps load faster and reduce server load.

Web Application Firewall (WAF)

Avi has a built-in WAF for Layer 7 security.

• Protects against common attacks (based on OWASP Top 10), like:

  • SQL Injection

  • Cross-site scripting (XSS)

  • Command injection

• Highly configurable rules

• Can run in learning, logging, or blocking mode

Global Server Load Balancing (GSLB)

Avi supports GSLB to:

• Load balance traffic across multiple sites, regions, or data centers.

• Choose the best site based on:

  • Proximity (GeoDNS)

  • Server health

  • Site load

Use case example:
Users in Europe go to the London site, while users in Asia go to the Singapore site.

2.2 Centralized Control and Management

Unlike legacy systems where each device must be managed separately, Avi uses a central controller to manage everything.

One Controller, Many Environments

• One Avi Controller cluster manages:

  • SEs in the data center

  • SEs in the cloud

  • Kubernetes integrations

• Consistent policies and visibility everywhere

Declarative Policy Engine

You define what you want, not how to do it.

• Example:
  "Route all traffic from /api to Pool A" — you don’t need to configure low-level details.

You can manage policies via:

• Web UI

• CLI

• RESTful APIs

This is especially helpful for DevOps and automation.

2.3 Application Insights

Avi offers built-in real-time analytics to show how your apps are performing.

Insights Include:

• Latency — how long it takes for your app to respond

• Error rates — number of 500 errors, 404s, timeouts, etc.

• Throughput — how much data is going in and out

• Health scores — overall app health on a 0–100 scale

These insights help:

• Identify problems fast

• Track trends over time

• Show usage for capacity planning

2.4 Automation and Elasticity

Avi was built for automation — it’s API-first.

Auto-Scaling

Avi can scale SEs or Virtual Services up or down automatically, based on:

• CPU usage

• Connections per second

• Throughput

• Application behavior

This ensures your apps stay responsive even under load — and save resources when idle.

Tool Integrations

Avi works with popular automation tools:

Tool	Use Case
Ansible	Automate provisioning of load balancing services
Terraform	Infrastructure-as-code, define Avi services in code
vRealize Automation (vRA)	Let users request services through a self-service portal

3. Deployment Models

This section explains the different ways you can deploy Avi Load Balancer — in a data center, in the public cloud, or even in Kubernetes. Flexibility is one of Avi’s biggest strengths.

3.1 On-Premises Deployment

Let’s start with the most traditional model — on-premises, which means running in your own data center.

Where is Avi deployed?

• In a VMware vSphere environment

• Or on other supported hypervisors (like KVM)

What does deployment look like?

• Avi Controllers are deployed as virtual machines (VMs).

• Service Engines (SEs) are also deployed as VMs.

• These VMs run on your existing infrastructure.

No need for physical hardware appliances.

Common use cases:

• Replacing legacy load balancers (F5, Citrix)

• Supporting internal apps in a corporate data center

• Full control over your network and data

3.2 Public Cloud Deployment

Avi is cloud-native, which means it works in major public clouds just like it does on-prem.

Supported Clouds:

• AWS

• Microsoft Azure

• Google Cloud Platform (GCP)

• Oracle Cloud Infrastructure (OCI)

Deployment Options:

• Avi Controllers and SEs can be deployed:

  • Using native VM images from the cloud provider

  • Using automation tools like Terraform

The Controller manages SEs even across cloud accounts or regions.

What’s different in cloud?

• SEs can be auto-scaled using cloud-native tools (e.g., EC2 autoscaling in AWS).

• VIPs are assigned using cloud-native networking (Elastic IPs, Load Balancer IPs).

• Integration with cloud DNS, IAM, tagging, and VPCs is possible.

Use Cases:

• Hosting public-facing websites

• Running microservices-based apps in the cloud

• Spinning up test environments dynamically

3.3 Hybrid Cloud Deployment

This is where things get interesting — you don’t have to choose between on-prem and cloud.

Avi supports hybrid cloud deployments, which means:

• You can run Controllers in your data center, and

• Have SEs deployed across both:

  • On-prem infrastructure

  • Public cloud VMs (AWS, Azure, etc.)

Benefits:

• One management interface across all locations

• Consistent:

  • Policies

  • Logging

  • Security

• Perfect for gradual cloud migration

Use Cases:

• Migrate apps from on-prem to cloud without breaking traffic flow

• Maintain DR (disaster recovery) sites in the cloud

• Load balance across sites (with GSLB)

3.4 Kubernetes Integration

Avi is also designed for modern, container-based environments like Kubernetes.

Key Integration:

• Tanzu Kubernetes Grid (TKG) — VMware’s Kubernetes platform

• Also works with vanilla Kubernetes, OpenShift, and other K8s platforms

How does Avi work with Kubernetes?

Avi acts as the Ingress Controller, meaning:

• It handles traffic coming into the Kubernetes cluster.

• Routes it to the correct services based on:

  • Hostnames

  • Paths

  • Ports

It also provides:

• L7 visibility into Kubernetes services

• TLS termination (HTTPS support)

• WAF protection

• Autoscaling of services based on traffic

Benefits:

• Unified load balancing for VMs and containers

• Centralized control for both traditional and modern apps

• Deep analytics for microservices traffic

4. Editions and Licensing

Understanding the editions and licensing options is important, especially if you’re preparing for real-world deployment or the 6V0-22.25 exam.

4.1 Standard Editions

VMware Avi Load Balancer comes in different editions, depending on the features you need and the level of scalability required.

Basic / Essentials Edition

This edition is designed for small to medium-sized environments with core load balancing needs.

Included features:

• Layer 4 (TCP/UDP) and Layer 7 (HTTP/HTTPS) load balancing

• SSL termination and basic content switching

• Basic analytics (real-time traffic graphs, latency)

• Limited automation

Not included:

• Web Application Firewall (WAF)

• Global Server Load Balancing (GSLB)

• Advanced multi-cloud or enterprise features

Best for: Simple apps, internal environments, entry-level deployments

Advanced / Enterprise Edition

This is the full-featured edition, used in enterprise environments with demanding scalability, security, and automation needs.

Included features:

• Everything in Essentials

• Web Application Firewall (WAF) – OWASP Top 10 protection

• GSLB – Load balancing across data centers or regions

• Advanced analytics and health scoring

• Multi-cloud and hybrid cloud support

• Full automation (API-first, integration with Ansible, Terraform)

• Elastic scale-out of SEs

• Kubernetes integration

Best for: Modern cloud-native apps, multi-site architectures, enterprise SLAs

4.2 Licensing Models

Now let’s talk about how Avi is licensed. VMware offers flexibility based on the kind of environment and deployment size.

1. Based on Throughput (Gbps)

• You buy a license for X gigabits per second of total traffic.

• Avi will enforce or alert based on that usage.

Example: If you purchase a 10 Gbps license, you can handle that much total traffic (in and out).

2. Based on CPU Cores (per SE)

• You pay based on the number of vCPUs assigned to Service Engines (SEs).

• The more vCPUs across all SEs, the more license you need.

Example: If you have 3 SEs with 4 vCPUs each, that's 12 cores total.

3. Per Application Instance

• You pay per application or Virtual Service.

• Useful for service providers, multi-tenant environments, or app-level billing.

Example: If you're hosting 20 websites for clients, you can license 20 Virtual Services.

4.3 Subscription vs. Perpetual Licensing

VMware offers two main types of license duration:

License Type	Description
Perpetual	One-time purchase. You own the license. Pay separately for support.
Subscription	Pay monthly or yearly. Includes support and upgrades in the plan.

Most modern deployments go with subscription licensing, especially in the cloud.

4.4 Integrated with VMware Cloud Foundation (VCF)

If your company uses VMware Cloud Foundation (VCF) — the full-stack private cloud solution — Avi is included as the default Layer 7 load balancer.

Benefits of Avi in VCF:

• Native integration with NSX-T and vSphere

• Lifecycle managed via VMware SDDC Manager

• Seamless deployment as part of VCF automation workflows

No need to install F5 or other third-party load balancers — Avi is ready out of the box.

Summary: Editions and Licensing

Feature	Essentials (Basic)	Enterprise (Advanced)
L4/L7 Load Balancing	Y	Y
SSL Offloading	Y	Y
WAF	N	Y
GSLB	N	Y
Multi-cloud	N	Y
Auto-scaling	N	Y
Kubernetes Integration	N	Y

Licensing Model	When to Use
Throughput (Gbps)	When scaling by total traffic volume
CPU-based	When you want predictable core usage
Per-Application	Good for SaaS and service providers

5. Solution Use Cases

This section helps you understand where and how VMware Avi Load Balancer is used in real-world environments.

There are four major categories of use cases:

5.1 Traditional Applications

classic enterprise applications — the kind that run in data centers, often with older architectures.

Replacing Legacy Hardware Load Balancers

Many companies use hardware load balancers like:

• F5 BIG-IP

• Citrix ADC (NetScaler)

These devices are:

• Expensive

• Hard to scale quickly

• Not built for cloud or automation

Avi replaces them with a software-only, scalable solution that runs on:

vSphere

Public clouds

Containers

Supporting Monolithic Apps and Databases

Avi is great for monolithic apps — the traditional kind where all functions are in one big server or service.

Use cases:

• Load balancing access to:

  • Web front-ends (Apache, IIS)

  • App servers (Java, .NET)

  • Databases (MySQL, PostgreSQL)

Even if your apps aren’t modern or cloud-native, Avi works perfectly for them.

5.2 Modern Applications

Today, many apps are built using microservices and containers, often managed by Kubernetes.

Avi is designed to work natively in these modern environments.

Kubernetes and Microservices

Avi acts as a Layer 7 Ingress Controller in Kubernetes platforms like:

• Tanzu Kubernetes Grid (TKG)

• OpenShift

• Vanilla Kubernetes

It routes external traffic into your microservices based on hostname, path, or headers.

Also supports:

• TLS termination

• Path-based routing

• WAF for microservices

• Real-time metrics and logging per service

CI/CD Environments

In continuous integration / continuous deployment (CI/CD) setups, applications:

• Change frequently

• Scale dynamically

• Require fast deployment of networking services

Avi helps by:

• Automatically creating/removing Virtual Services and SEs

• Integrating with pipelines (via API, Terraform, Ansible)

• Providing instant visibility into app performance

Think of Avi as “infrastructure that adapts to your code.”

5.3 Multi-Cloud Strategy

Avi was built for environments that span across multiple clouds or regions.

Centralized Management Across Clouds

One Avi Controller (cluster) can manage:

• Service Engines in AWS

• Service Engines in Azure

• SEs in your on-prem vSphere environment

All with one single interface and consistent policies.

Unified Logging, Policies, and Security

Instead of:

• Different load balancers in each cloud

• Separate teams managing each one

You can use Avi everywhere, and:

• Apply the same security rules

• Get centralized logging

• Use GSLB for global traffic routing

Avi = one control plane for all locations and clouds.

5.4 Security and Compliance

Security is a core strength of Avi.

It helps organizations meet compliance standards like:

• PCI-DSS (for payment systems)

• HIPAA (for healthcare)

• GDPR (for EU data protection)

Web Application Firewall (WAF)

Built-in WAF defends against:

• OWASP Top 10 threats (XSS, SQLi, etc.)

• Custom attack signatures

• Bots and scanning tools

Can run in:

• Detection mode (learn and log)

• Blocking mode (stop threats)

SSL/TLS Inspection and Certificate Management

Avi terminates SSL/TLS at the edge and:

• Scans traffic for threats

• Manages certificates (including auto-renewals and expiration alerts)

• Supports Perfect Forward Secrecy (PFS) and TLS 1.3

Audit Logging and RBAC

Everything is logged:

• Who made what changes

• When and how

• Full history for compliance audits

Role-Based Access Control (RBAC) ensures:

• Only the right users have access

• Multi-tenant support for service providers

Summary: Use Case Categories

Use Case	Description
Traditional Apps	Replace F5/Citrix, load balance monolithic apps and DBs
Modern Apps	Kubernetes Ingress, microservices, CI/CD integrations
Multi-Cloud Strategy	One Avi Controller for all clouds and sites
Security & Compliance	WAF, SSL inspection, certificate management, audit logs, RBAC

6. Ecosystem Integration

Avi Load Balancer’s true power comes from how well it integrates into the broader VMware ecosystem and third-party tools used by modern IT teams.

You don’t use Avi in isolation — it’s designed to fit perfectly into real environments with many tools.

6.1 VMware Stack Integration

If your company uses VMware, Avi fits in naturally with the rest of your infrastructure.

vSphere Integration

• Avi Controllers and SEs run as virtual machines inside vSphere.

• Avi supports:

  • DRS (Distributed Resource Scheduler)

  • vMotion (live migration of SEs)

  • HA (automatic restart of VMs on other hosts)

This means Avi takes advantage of everything vSphere offers, like scalability, resource pools, host affinity rules, and more.

NSX-T Integration

• Avi integrates with NSX-T for L4-L7 traffic handling.

What this looks like in practice:

• NSX-T handles:

  • Routing

  • Firewalling

  • Network segmentation

• Avi handles:

  • HTTP/S inspection

  • SSL offload

  • Application-level routing

  • WAF

You can combine NSX and Avi to create a powerful, full-stack software-defined network and security platform.

VMware Cloud Foundation (VCF)

Avi is now the default Layer 7 load balancer in VCF — VMware’s complete SDDC (Software-Defined Data Center) solution.

Benefits:

• Avi is pre-integrated into the VCF lifecycle

• Managed via SDDC Manager

• Automated deployment with VCF infrastructure

You don’t need F5 or any third-party device anymore. Avi is the official VMware load balancer in VCF environments.

vRealize Suite

Avi integrates with these vRealize tools:

Tool	Integration
vRealize Operations (vROps)	Import Avi’s metrics and alerts for infrastructure visibility
vRealize Log Insight	Stream Avi logs for centralized log management
vRealize Automation (vRA)	Automate Virtual Service and SE creation through self-service portals

This enables self-service, observability, and policy-based automation.

6.2 Third-Party Integrations

Avi is also designed to work well with tools outside of VMware — especially in modern, DevOps-driven environments.

Logging and Monitoring Tools

Avi can stream logs and metrics to:

Tool	Purpose
Splunk	Log search and analytics
ELK Stack (Elasticsearch, Logstash, Kibana)	Real-time logging and dashboards
Kafka	Stream logs to big data platforms
Prometheus	Metric collection and alerting
Grafana	Custom dashboards

This is important for:

• Operations teams

• Security monitoring

• Incident response

Automation and Infrastructure-as-Code

Avi is API-first, which means everything you do in the UI can also be done in code.

You can integrate Avi with:

Tool	Use Case
Ansible	Automate tasks like creating Virtual Services and Pools
Terraform	Define and deploy infrastructure, including Avi resources, as code
vRealize Automation	Self-service portal for DevOps teams to request app delivery

These tools are vital in CI/CD pipelines and DevOps workflows, where infrastructure needs to be:

• Reproducible

• Scripted

• Scalable

Security and Identity Tools

Avi supports:

Tool/Protocol	Purpose
SAML / OAuth2	Single Sign-On (SSO) for Avi Controller access
LDAP / AD	Role-based access control (RBAC)
SIEM Integration	For security analytics and compliance reporting

This makes Avi suitable for enterprise security standards and compliance.

Summary: Ecosystem Integration

Integration Area	Examples and Benefits
VMware Tools	vSphere, NSX-T, VCF, vRealize – seamless fit into VMware environments
Logging/Monitoring	Splunk, ELK, Kafka, Prometheus, Grafana – for visibility and alerting
Automation/DevOps	Terraform, Ansible, vRA – full lifecycle automation
Security Tools	SAML, OAuth, AD, SIEM – secure and auditable access control

Products and Solutions (Additional Content)

1. Product Comparison – Avi vs Traditional Load Balancers (e.g., F5, Citrix)

Understanding how Avi differs from traditional load balancers is critical for migration scenario questions and articulating its value in modern architectures.

Category	VMware NSX Advanced Load Balancer (Avi)	Traditional LB (F5 / Citrix ADC)
Architecture	Software-defined, distributed (SE + Controller)	Hardware or VM appliance, centralized
Scalability	Elastic auto-scale with N+M SE model	Limited to appliance size or license
Automation	Full REST API, SDKs, Ansible, Terraform	Basic scripting or proprietary tools
Cost Control	No appliance lock-in, better TCO	High CapEx (appliance), additional license for features
Multi-cloud Readiness	Native support for vSphere, AWS, Azure, OpenStack, K8s	Limited or manual setup in public cloud
DevOps Support	Integrates with CI/CD pipelines, supports GitOps	Typically separate from DevOps toolchains

Key Takeaway:
Avi is a cloud-native, programmable, and fully distributed load balancer that scales elastically and integrates seamlessly with modern DevOps environments, unlike static, appliance-centric traditional solutions.

2. Integration with Tanzu Kubernetes Grid (TKG)

Avi Load Balancer is deeply integrated with VMware Tanzu as its default ingress controller, making it ideal for container-native applications in VMware ecosystems.

Key Features:

• Ingress Controller Functionality:

  • Avi automatically discovers Kubernetes Ingress and Service resources from TKG clusters.

  • Dynamically provisions Virtual Services (VS) and routes traffic to appropriate pods.

• Advanced Routing Capabilities:

  • Supports hostname-based and path-based routing rules.

  • Enables TLS offloading, rate limiting, and Web Application Firewall (WAF) directly at the ingress level.

• Multi-Tenant Integration:

  • Each TKG cluster can be mapped to a dedicated Avi tenant.

  • Ensures role-based access and resource isolation across teams or business units.

• Automatic Lifecycle Management:

  • Through ClusterResourceSet (CRS) in Tanzu, Avi components are automatically installed and configured.

Key Benefit:
The integration provides cloud-like L4-L7 services for containerized apps, with full visibility, elasticity, and security.

3. Controller HA and Cross-Region Disaster Recovery (DR)

Avi’s Controller architecture ensures control-plane resilience, even in multi-AZ or multi-region deployments.

HA Design Principles:

• 3-node cluster using a distributed consensus algorithm (similar to Raft).

• Each node maintains a copy of the config database.

• Quorum is required (minimum 2 out of 3) for write operations and cluster leadership.

Cross-Region Deployment:

• Controllers can be placed in different Availability Zones or Regions.

• Requires low-latency interconnects for sync traffic (< 10ms latency is ideal).

• Use fault domains to logically separate nodes for higher availability.

Failover Behavior:

• If the Controller is unreachable, SEs continue to process traffic.

• No new config changes can be made, but existing services remain functional.

• Once the Controller recovers, SEs sync state back.

Best Practice:
Use DNS + NTP consistency, enforce data redundancy, and maintain external backup schedules.

4. Supported Protocols and Standards Overview

This area is frequently tested in feature coverage questions. Memorize the layers and supported protocols.

Layer 4 (Transport Layer):

• TCP

• UDP

• DNS

• FTP

• ICMP (for health checks)

Layer 7 (Application Layer):

• HTTP

• HTTPS

• HTTP/2

• WebSocket

• gRPC

• QUIC (experimental support)

Encryption and Security:

• TLS 1.2 and TLS 1.3

• Perfect Forward Secrecy (PFS)

• Server Name Indication (SNI)

• SSL Offload / Passthrough

DevOps and Automation:

• Full RESTful API

• Ansible modules

• Terraform provider

• vRealize Automation (vRA) integration

Observability and Logging:

• Log integration with ELK, Splunk, Kafka

• Metrics via Prometheus

• Visualization via Grafana

5. Typical Deployment Topologies (Text Descriptions)

These are high-yield exam topics. You may be asked to identify the most suitable topology for a given business case.

Scenario 1: Single Controller with Multiple SE Groups Across Clouds

• One Avi Controller cluster is deployed in a primary site.

• Separate SE Groups are deployed in:

  • vSphere (on-prem)

  • AWS or Azure (public cloud)

• Each SE Group manages Virtual Services in its own cloud.

• Useful for hybrid cloud deployments, with centralized control and distributed data plane.

Scenario 2: Avi as Ingress for TKG with NSX-T Integration

• TKG deployed on vSphere with NSX-T as the CNI.

• Avi is integrated via Kubernetes CRDs to act as Ingress Controller.

• SEs provide VIPs and route to backend pods.

• Enables:

  • East-west and north-south routing

  • TLS termination

  • Per-namespace tenant mapping

Scenario 3: VCF with Avi Integrated for Lifecycle Management

• In VMware Cloud Foundation (VCF), Avi can be automatically deployed via SDDC Manager.

• Integrated with vRealize Suite and NSX-T.

• Used to:

  • Load balance NSX ALB Edge Services

  • Provide tenant-level L7 services per workload domain

  • Manage GSLB, WAF, and analytics natively

Scenario 4: Multi-Site GSLB + Hybrid Cloud with Auto-Scaling

• Avi is deployed across multiple geographic regions (on-prem + cloud).

• GSLB (Global Server Load Balancing) is configured using Avi’s built-in DNS features.

• Each site has its own SE Group.

• With autoscaling enabled, SEs scale in/out based on traffic or CPU usage.

• Use case: Disaster recovery, performance-based traffic steering, cloud bursting.