11-06-2020 10:57 PM
Dears
i have been hearing most of the time the sentences "Traffic flows have changed from the traditional north / south flows to the more east / west traffic movement of modern applications." can anybody explain how it is ??? as what i know that the internal users were accessing their tier application like web servers, application server and a database server in their datacenter and also these were made accessible from the internet,
if i m not wrong the east west traffic is between the web server and application server and then from application to database server hecne this architecture we are following from many years and east west traffic is from many years so what ACI is helping here,
Solved! Go to Solution.
11-08-2020 07:25 PM
Hi
This is an excellent question.
What I can say is that ACI helps you secure the communication between 2 hosts in the same subnet by applying contracts which can be summarized as ACLs in an easy way.
Before it was a pain and complex implementation to do the same.
The goal is to organize your servers in different EPGs even if they are in the same L3 subnet vut allowing an easy and smooth segmentation.
This is what we call east/west security and related to micro segmentation.
Contracts are L4 ACLs. If you want to inspect traffic between EPGs within the same bridge domain, you will also be able to do service insertion to take your traffic up to your firewall for L7 inspection, always in an easier way that you would have done it in a legacy network.
Also, with ACI you are extending your network using vxlan without "managing" it as everything is taken care by the fabric.
11-08-2020 07:25 PM
Hi
This is an excellent question.
What I can say is that ACI helps you secure the communication between 2 hosts in the same subnet by applying contracts which can be summarized as ACLs in an easy way.
Before it was a pain and complex implementation to do the same.
The goal is to organize your servers in different EPGs even if they are in the same L3 subnet vut allowing an easy and smooth segmentation.
This is what we call east/west security and related to micro segmentation.
Contracts are L4 ACLs. If you want to inspect traffic between EPGs within the same bridge domain, you will also be able to do service insertion to take your traffic up to your firewall for L7 inspection, always in an easier way that you would have done it in a legacy network.
Also, with ACI you are extending your network using vxlan without "managing" it as everything is taken care by the fabric.
11-14-2020 05:11 AM
Dear Francesco
thanks for the reply , as what i was expecting i posted for experts advise and the answers is same,
thanks for the reply you will receive more question on aci from me onwards to have more understanding benefits on aci.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide