Feature List - Avi ESSENTIALS Vs BASIC Vs ENTERPRISE - 22 - 1 - 1

Avi (NSX Advanced LB)
Feature Comparison
Datasheet v22.1.1
The Avi Vantage (NSX Advanced Load Balancer) Platform is built on the following pillars
Cloud Services
(Central Licensing, Live Security Threat Intelligence, Proactive Support)
Advanced Analytics
(Application Health, End-to-End Latency, Log Analytics, Security Insights)
Local Traffic Management Global Traffic Management Application Security Container Ingress
(Enterprise class L4-L7 (Global Server Load Balancing, Geo- (DDoS, Rate-Limiting, iWAF, Live Security (Container Ingress Gateway, multi-k8s cluster
Load Balancing, Container Ingress Gateway) Location, Hybrid Cloud, Canary GSLB) Threat Updates, Learning, Authentication) GSLB, Ingress security)
Software-Defined Platform
(Automated Capacity Management, LB LCM, Application Placement, Self-Healing, Active/Active, Auto-Scaling, IPAM & DNS Integration, Multi-tenancy, Cloud Integration)
Avi Enterprise with Cloud Services edition will provide a full-featured version of Avi Vantage (NSX Advanced Load Balancer)
The following table shows the comparison between Avi Essentials, Basic, Enterprise and Enterprise with Cloud Services editions.
Avi Enterprise with Cloud

Category Avi Essentials Avi Basic Avi Enterprise Services
Software-Defined Platform
Local Traffic Management
Global Traffic Management
Application Security
Container Ingress
Advanced Analytics
Cloud Services
1
Avi (NSX Advanced LB) Feature Comparison Datasheet
Detailed feature comparison between Avi Editions (Licensing Tiers)

The following table shows the feature comparison between Essentials, Basic, Enterprise and Enterprise with Cloud Services editions of Avi
Vantage (NSX Advanced Load Balancer).
LOCAL TRAFFIC MANAGEMENT
ENTERPRISE WITH
ESSENTIALS ENTERPRISE CLOUD SERVICES
FEATURE BASIC EDITION COMMENTS
EDITION EDITION EDITION
LOAD BALANCING APPLICATION TYPES
DNS No No Yes Yes

SIP No No Yes Yes
RADIUS No No Yes Yes
DHCP No No Yes Yes
FIX No No Yes Yes
FTP No No Yes Yes
HTTP No Yes Yes Yes
TCP Yes Yes Yes Yes
UDP Yes Yes Yes Yes
POOL
External Health Monitors No No Yes Yes

HTTP Health Monitor No No Yes Yes
Authentication
Maintenance mode support No No Yes Yes
for Health Monitors
Server Resolution via DNS Name No No Yes Yes
Graceful Disable with No No Yes Yes
Configurable Timeout
Connection Ramp No No Yes Yes
Server Reselect No No Yes Yes
Pool Groups No No Yes Yes
Limited: Client IP and Cookie
Server Persistence No Limited Yes Yes based persistence only
Limited: Round Robin, Weighted
Limited Limited Yes Yes Round Robin, Least Connections,
Server Selection Algorithms Weighted Least Connections, IP
Hash
Basic Limited: HTTP, HTTPS,
Active Health Monitors Limited Limited Yes Yes TCP, ICMP, UDP
Only
Essentials Limited: TCP, UDP,
ICMP only
Limited: Close connection only
Pool-Down Action Limited Limited Yes Yes
Passive Health Monitors Yes Yes Yes Yes
Multiple Health Monitors for a Yes Yes Yes Yes
Pool
Max Connections per Server Yes Yes Yes Yes
HTTP APPLICATION AND PROXY
Limited: VirtualService of type EVH

SNI Virtual Hosting No Limited Yes Yes Parent only
Content rewrite No No Yes Yes
2
ENTERPRISE WITH
HTTP/2 No No Yes Yes
Compression No No Yes Yes
Caching No No Yes Yes
Custom Error Page to client No No Yes Yes
HTTP Request cloning No No Yes Yes
Request Queuing No No Yes Yes
Network (L4) Security Policy No No Yes Yes
HSTS Support No No Yes Yes
DataScript No No Yes Yes
JWT Authentication No No Yes Yes
Limited: Only maximum
VS Performance Rate limits concurrent connectionsand
No Limited Yes Yes
maximumconnectionrate
Limited: Followingmatchesare
not allowed:
HTTP Security Policy No Yes Yes - HTTP Status, IP
Limited Reputation,Microservice
Group, string group
Yes - Following HTTP methods
HTTP Request Policy No are not allowed: PATCH,
Limited Yes
DELETE, TRACE,
CONNECT, PROFIND,
PROPATCH, MKCOL,
COPY, MOVE, LOCK,
UNLOCK
- Match based on REGEX
HTTP Response Policy
Following actions are not
allowed:
No Limited Yes Yes
- Allow, rate limit, check
with ICAP
- Adding a header
- Rewrite location header
Limited: Only Parent Virtual
Enhanced Virtual Hosting Services allowed of ‘Enhanced
Virtual Hosting’ type
No Limited Yes Yes Following is not available:

- Child Virtual Services
- Per Child analytics and
metrics
XFF Insertion with Configurable
Header No Yes Yes Yes
Websockets No Yes Yes Yes

Connection Multiplexing No Yes Yes Yes
Multiple Listener per VS No Yes Yes Yes
TCP APPLICATION LB AND PROXY

TCP Proxy Protocol for Client
No No Yes Yes
IP Information
Direct Server Return (DSR) No No Yes Yes
Limited: Only max concurrent
VS Performance Limits Yes Yes connections limit supported.
Limited Limited Throughput and rate limiters
3
ENTERPRISE WITH
Limited: FastPath only
Fast Path, Proxy Limited Yes Yes Yes
Preserve Client IP (via Default

Gateway) No Yes Yes Yes
Connection Mirroring No Yes Yes Yes
UDP APPLICATION LB AND PROXY
Direct Server Return (DSR) No No Yes Yes

Limited: FastPath only
FastPath and Proxy Limited Limited Yes Yes
Limited: Per Flow only
Per Packet and Per Flow LB Limited Limited Yes Yes
DNS APPLICATION LB AND PROXY
GSLB support No No Yes Yes

DNS Topology support No No Yes Yes
eDNS support No No Yes Yes
A/AAAA, SRV, CNAME, SOA, No No Yes Yes

NS, MX, TXT
records support
DNS Policy No No Yes Yes
TCP/UDP CONTROLS
Custom TCP & UDP Controls No No Yes Yes

Separate Network Profile for No No Yes Yes
Front-end and Back-end
Connections
NETWORKING
BGP-based Route Health No No Yes Yes

Injection
NAT with Default Gateway No No Yes Yes
Auto Gateway No No Yes Yes
VRF No No Yes Yes

Limited: Separate v4 and v6
IPv6 No Limited Yes Yes virtual services (no v6-to-v4, v4-
to-v6)
Limited: Only default gateway for
Default Gateway and IP Routing No Limited Yes Yes applications is supported
SNAT with custom IP per VS No Yes Yes Yes
VIP as SNAT IP No Yes Yes Yes
SNAT using SE Interface IP Yes Yes Yes Yes
GENERAL
Horizon Mobile Virtualization No No Yes Yes
4
GLOBAL TRAFFIC MANAGEMENT
ENTERPRISE WITH
ESSENTIALS ENTERPRISE CLOUD SERVICES COMMENTS
FEATURE BASIC EDITION
Active/Active and Active/DR No No Yes Yes

GSLB
NAT aware GSLB for No No Yes Yes

public/private IPs
Control & data plane health No No Yes Yes

monitoring
GSLB Site Persistence No No Yes Yes

Global Canary Deployment No No Yes Yes
through Replication Policy
2 level GSLB algorithm support No No Yes Yes
3rd party Load Balancer No No Yes Yes

support
Geolocation support No No Yes Yes
IPv6 support No No Yes Yes
Multitenancy support No No Yes Yes
Hybrid Cloud support No No Yes Yes
Site Maintenance support No No Yes Yes
GSLB Config from any Site No No Yes Yes
Adaptive Replication Mode No No Yes Yes
Cookie timeout for GSLB Site No No Yes Yes

Persistent Cookies
5
APPLICATION SECURITY
ENTERPRISE WITH
ESSENTIALS ENTERPRISE CLOUD SERVICES COMMENTS
FEATURE BASIC EDITION
WEB APPLICATION FIREWALL
Bot Management No No No Yes
Custom Bot Classification No No No Yes
OWASP Top 10 protection No No Yes Yes
Positive Security Model No No Yes Yes
WAF Application Learning No No Yes Yes
Allowlist No No Yes Yes
Virtual Patching support No No Yes Yes
IP geolocation No No Yes Yes
HTTP RFC compliance No No Yes Yes
Custom rule support No No Yes Yes
Pulse Cloud signature updates No No Yes Yes
API protection for JSON/XML No No Yes Yes
False-positive mitigation No No Yes Yes

workflow
Granular security insights on No No Yes Yes
traffic flows and rule matches
ICAP Support No No Yes Yes
ICAP with HTTP 2.0 Support No No Yes Yes
VDI Specific WAF Profile No No Yes Yes
Configurable Request Body No No Yes Yes

Processors for WAF
RATE LIMITING & DDoS
HTTP DDoS Limit Settings No No Yes Yes
HTTP DDoS Rate Limiters No No Yes Yes
TCP & UDP DoS Rate Limiters No No Yes Yes
DNS Rate-Limiting No No Yes Yes
DNS DDoS Protection No No Yes Yes
SSL/TLS
Support RSA + ECC Cert No

simultaneously per VS No Yes Yes
OCSP Stapling No No Yes Yes
TLSv1.3 No No Yes Yes
6
ENTERPRISE WITH
ESSENTIALS CLOUD SERVICES
FEATURE BASIC EDITION ENTERPRISE EDITION COMMENTS
EDITION EDITION
Client SSL Termination No Limited Yes Yes Limited: L7 only
No Yes Yes
Backend Server SSL Encryption Limited Limited: L7 only
No Yes Yes
SSL Session Reuse Limited Limited: L7 only
No Yes Yes
Server Mutual SSL/TLS Cert Limited Limited: L7 only
Auth
No Limited: L7 only, No support
Client Mutual SSL/TLS Cert Yes Yes for dynamic CRL
Auth and validation with CRL Limited
SSL/TLS CERTIFICATE MANAGEMENT
HSM Integration No No Yes Yes
Integration with 3rd party Cert No Limited Yes Yes Limited: With external
Management tools automation
Generate CSR No Yes Yes Yes
Event for Cert expiration No Yes Yes Yes
HTTP CLIENT/USER AUTHENTICATION AND AUTHORIZATION
HTTP Basic Auth No No Yes Yes
SSO using SAML No No Yes Yes
Authorization for SAML No No Yes Yes
PingAccess Agent No No Yes Yes
OAuth No No Yes Yes
GENERIC
True Client IP Support No No Yes Yes
7
CONTAINER INGRESS
ENTERPRISE WITH
EDITION EDITION
Ingress Security No No Yes Yes
Multi-k8s-Cluster GSLB No No Yes Yes
TLS edge termination for k8s No No Yes Yes

secrets
Host & Path based Ingress No Yes Yes
switching
No NOT YET QUALIFIED Yes Yes
Route & Ingress service support
LoadBalancer service support Yes Yes Yes
8
ADVANCED ANALYTICS
ENTERPRISE WITH
EDITION EDITION
Real-Time Metrics No No Yes Yes
Anomaly Detection No No Yes Yes
Health Score No No Yes Yes
Request logs for HTTP No No Yes Yes

Applications
Connection Logs for non-HTTP No No Yes Yes
Applications
Log Analytics No No Yes Yes
Client Insights No No Yes Yes
Client log streaming No No Yes Yes
Sensitivity rules for client logs No No Yes Yes
Customizable application error No No Yes Yes

behavior
TLS encryption for App log No No Yes Yes
streaming
Mask URI query parameters in No No Yes Yes
Application logs
Limited: Virtual Service: Open
Connections, CPS, Throughput,
Request Rate
Yes Yes Pool and Pool Members: Total

Bytes in/out, Bytes in/out rate,
Limited Limited Packet in/out rate, Total Sessions,
Rich Telemetry Max Sessions, Current Sessions,
Current Sessions Rate, HTTP
Requests, HTTP Requests Rate
Historical Metrics Yes Yes Yes Yes
9
CLOUD SERVICES
ENTERPRISE WITH
ESSENTIALS CLOUD ERVICES
EDITION EDITION
Central Licensing No No No Yes
Application Rule Updates No No No Yes
Live IPReputation Updates No No No Yes
User Agent (Bot) Updates No No No Yes
WAF CRS Rule Notification No No No Yes

* CRS Updates are still being
WAF CRS Rule Updates No No No* Yes provided for downloads and
manual uploads to the controller.
Basic Case Management No No No Yes
Proactive Case Management No No No Yes
10
SOFTWARE DEFINED PLATFORM
ENTERPRISE WITH
EDITION EDITION
INFRASTRUCTURE AND OPERATIONAL AUTOMATION
Automated capacity No No Yes Yes
management
SE life cycle management No No Yes Yes
Automated Application No No Yes Yes

placement
Application self-healing and No No Yes Yes
rebalance
Aggressive failure detection No No Yes Yes
Application Autoscale No No Yes Yes
IPAM Integration for Application No No Yes Yes

VIP
User preferred IP in IPAM No No Yes Yes
DNS Integration for VIP No No Yes Yes

Limited: Active/Standby only.
Service Engine and Application Limited Limited Yes Yes Active/Active and N+M modes
HA Mode are not supported
Limited: Service Engineswill only
Gateway Monitor Limited Limited Yes Yes useinternal gateway monitor
AUTOMATED ECOSYSTEMS ORCHESTRATION

vCenter Yes No Yes Yes
AWS Native Cloud No No Yes Yes
Azure Native Cloud No No Yes Yes
GCP Native Cloud No No Yes Yes
Oracle Native Cloud No No Yes Yes
OpenStack No No Yes Yes
Cisco CSP No No Yes Yes
Nutanix Platform No No Yes Yes
Linux KVM Platform No No Yes Yes
Linux Server Cloud No No Yes Yes
No Orchestrator Yes Yes Yes Yes
NSX-T with vCenter No Yes Yes Yes
OPERATIONS
Configurable Alerts Based on No No Yes Yes
Events
Configurable Alerts Based on No No Yes Yes
Metrics
Alert Destination to Email No No Yes Yes
Alert Action as ControlScript No No Yes Yes
VS-level Traffic Capture No No Yes Yes
Run scheduled automation No No Yes Yes

scripts
System Events Yes Yes Yes Yes
11
Avi Essentials (NSX Advanced Load Balancer) Feature List
ENTERPRISE WITH
FEATURE ESSENTIALS EDITION BASIC EDITION ENTERPRISE EDITION CLOUD SERVICES COMMENTS
EDITION
Config Audit Trail Yes Yes Yes Yes
Alert Destination to Syslog Yes Yes Yes Yes
Configuration Backup Yes Yes Yes Yes
LICENSING
Per App Load Balancing No No Yes Yes
Bandwidth limited Service No No Yes Yes

Engines
Market place licensing No No Yes Yes
Custom load balancing cores No No Yes

per Service Engine Yes
MANAGEMENT
Granular Role Based Access No No Yes Yes
Control
Tenancy No No Yes Yes
TACACS+ Auth No No Yes Yes
Per Tenant Upgrade No No Yes Yes

Limited: No support for custom
Role Based Access Control Limited Limited Yes Yes roles
Local Auth Yes Yes Yes Yes
SSO Yes Yes Yes Yes
LDAP/AD based Auth Yes Yes Yes Yes
Support second interface on Avi Yes Yes Yes Yes

Controller
VMware, Inc. 340 1 Hillview Avenue Palo Alto C A 9430 4 USA Tel 877-486-9273 Fax 650 -427-50 0 1 www.vmware.com.
Copyright © 2019 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents
listed at vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names mentioned
herein may be trademarks of their respective companies. c08.20. Item No: vmw-ds-temp-word-103-proof 5/19

Feature List - Avi ESSENTIALS Vs BASIC Vs ENTERPRISE - 22 - 1 - 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Feature List - Avi ESSENTIALS Vs BASIC Vs ENTERPRISE - 22 - 1 - 1

Uploaded by

Copyright:

Available Formats

Avi (NSX Advanced LB)

(Central Licensing, Live Security Threat Intelligence, Proactive Support)

(Application Health, End-to-End Latency, Log Analytics, Security Insights)

Avi Enterprise with Cloud

Local Traffic Management

Global Traffic Management

Detailed feature comparison between Avi Editions (Licensing Tiers)

LOCAL TRAFFIC MANAGEMENT

LOAD BALANCING APPLICATION TYPES

DNS No No Yes Yes

External Health Monitors No No Yes Yes

HTTP APPLICATION AND PROXY

Limited: VirtualService of type EVH

No Limited Yes Yes Following is not available:

Websockets No Yes Yes Yes

TCP APPLICATION LB AND PROXY

Network (L4) Security Policy No No Yes Yes

Preserve Client IP (via Default

Connection Mirroring No Yes Yes Yes

UDP APPLICATION LB AND PROXY

Network (L4) Security Policy No No Yes Yes

Direct Server Return (DSR) No No Yes Yes

DataScript No No Yes Yes

DNS APPLICATION LB AND PROXY

GSLB support No No Yes Yes

eDNS support No No Yes Yes

A/AAAA, SRV, CNAME, SOA, No No Yes Yes

Custom TCP & UDP Controls No No Yes Yes

BGP-based Route Health No No Yes Yes

NAT with Default Gateway No No Yes Yes

Auto Gateway No No Yes Yes

VRF No No Yes Yes

SNAT with custom IP per VS No Yes Yes Yes

VIP as SNAT IP No Yes Yes Yes

SNAT using SE Interface IP Yes Yes Yes Yes

Horizon Mobile Virtualization No No Yes Yes

GLOBAL TRAFFIC MANAGEMENT

Active/Active and Active/DR No No Yes Yes

NAT aware GSLB for No No Yes Yes

Control & data plane health No No Yes Yes

GSLB Site Persistence No No Yes Yes

2 level GSLB algorithm support No No Yes Yes

3rd party Load Balancer No No Yes Yes

Geolocation support No No Yes Yes

IPv6 support No No Yes Yes

Multitenancy support No No Yes Yes

Hybrid Cloud support No No Yes Yes

Site Maintenance support No No Yes Yes

GSLB Config from any Site No No Yes Yes

Adaptive Replication Mode No No Yes Yes

Cookie timeout for GSLB Site No No Yes Yes

WEB APPLICATION FIREWALL

Bot Management No No No Yes

Custom Bot Classification No No No Yes

OWASP Top 10 protection No No Yes Yes

Positive Security Model No No Yes Yes

WAF Application Learning No No Yes Yes

Allowlist No No Yes Yes

Virtual Patching support No No Yes Yes

IP geolocation No No Yes Yes

HTTP RFC compliance No No Yes Yes

Custom rule support No No Yes Yes

Pulse Cloud signature updates No No Yes Yes