Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
1
Replies

ACI and DC Firewall

JustForVoice_2
Level 4
Level 4

‎10-22-2016 04:08 AM - edited ‎03-01-2019 05:04 AM

Hello,

I want to propose a solution for one of our customer which contains ACI. I will use N7K as Core swithces while the N9K and ACI controller for DC layer only.

The setup will be like this:

N7K === N7K  (Core)

II                II

N9K === N9K ( Service Leafs)

II               II

N9K === N9K ( Spines)

II                II

N9K === N9K ( Servers Leafs)

IIIIIIIIIIIIIIIIIIIII

[Servers]

The question is where I should connect the FW. Most likely, We will use Palo Alto FW as DC FW and we will integrate with ACI.

Please advise.

Labels:
0 Helpful
1 Reply 1

liguoriariel
Level 1
Level 1

‎11-16-2016 10:11 AM

Hi,

  I believe that it depends on how are you thinking the role of that FW, are you using the Firewall as gateway? is a pure L2 transparent box? We had another firewall solution in place, at the beginning we have a connection to it in the nexus 7K layer but now we had deployed L3/L2 outs in common to send the traffic thru the FW, i believe the best option is to connect it to leafs and handle traffic with l2/l3 outs as per your convenience.

HTH,

KR,

AL

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License