Hi Chi,
VNF means virtual network appliance, which can provide various services,
routing, load balancer, dhcp, dns, ids, ips, etc.
it can be on the data path, or out of the data path.
you can use pfsense VNF or similar, to replace VR. However, ACS VR has a
virtual nic on the Public network, which is not possible for VNF (which is
a special type of user vm instance).
Therefore, to access the public internet or visa versa, user has to add a
network in front of VNF, so the topology looks like
Internet <-> public gateway <-> shared network with public IP <-> VNF (on
the shared network and another shared/L2/isolated network) <-> VM on user
network,
OR
Internet <-> public gateway <-> isolated network with source NAT <-> VNF
(on the isolated network and another shared/L2/isolated network) <-> VM on
user network.
In my video, I used an isolated network. you can use a shared network
instead.
if you do not need public access, the isolated/shared network is not needed
then.
-Wei
On Fri, Jun 27, 2025 at 5:50 PM Chi vediamo <tatay...@gmail.com> wrote:
> Thank you Daan
>
> Is there Any documentation about this. I read about and saw several
> videos, but none explains clearly each type versus VNF or vRouter.
> I though based on the videos I can just replace the vRouter with an
> appliance for isolated networks or a VPC.
>
> In a shared network I need the vROUTER or appliance to have a link to
> public interface while the others are behind the vRouter or appliance. I
> was unsuccessful on this one as there is no way to assign a separate port
> for Public network.
> everything is in a single VXLAN for some reason. and the VXLAN has to be
> routed, which I do not want
>
>
> I DID TRY SHARED OR L2 NETWORK: All Hypervisrors running KVM and upgraded
> to 4.20.1.
>
> Here is the Scneario:
>
> {Internet}
> |
> |
> Hypervisor1 Hypervisro2
> |_____________________________|
> | |
> [vRouter or Appliance] |
> | | |
> | | |
> VXLAN1 VXLAN2 VXLAN2
> | | |
> | | |
> VM1 VM2 VM3
>
>
> Then for L2 should I be able to pick the VNF appliance instead of a
> vROUTER ?
>
>
> Tata Y.
>
>
>
>
>
> > On Jun 27, 2025, at 11:16 AM, Daan Hoogland <daan.hoogl...@gmail.com>
> wrote:
> >
> > Chi,
> > I do not fully understand your use-case, but in the cases of isolated
> > network and VPC you can put an appliance behind the router, not in
> > front of it. (not sure, needs checking)
> > In an L2 network you design the routing yourself and can make your VNF
> > be the gateway
> > In a shared network also you can design a lot, except that there will
> > be layer 3 available. (I am not sure if VNFs are useful in this type
> > of env)
> >
> > On Fri, Jun 27, 2025 at 3:08 PM Chi vediamo <tatay...@gmail.com> wrote:
> >>
> >> for Isolated or VPC networks,
> >>
> >> Is my understanding I am not able to put a router in front in a shared
> network. Or it is possible ?
> >>
> >>
> >> Tata Y.
> >>
> >>> On Jun 27, 2025, at 2:35 AM, Daan Hoogland <d...@apache.org> wrote:
> >>>
> >>> Tata,
> >>>
> >>> On Fri, Jun 20, 2025 at 3:05 AM Chi vediamo <tatay...@gmail.com>
> wrote:
> >>>>
> >>>> Hello Team,
> >>>>
> >>>> Is there a Way to add a VNF Network Offering ? What are the steps to
> use a VNF without a vRouter in front of it.
> >>>
> >>> In an l2 network ( or a shared network?)
> >>
> >
> >
> > --
> > Daan
>
>
