Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3155
Views
5
Helpful
2
Replies

ACI East west traffic

Go to solution
adamgibs7
Level 6
Level 6

‎11-06-2020 10:57 PM

Dears

 

i have been hearing most of the time the sentences "Traffic flows have changed from the traditional north / south flows to the more east / west traffic movement of modern applications." can anybody explain how it is ???  as what i know that the internal users were accessing their tier application like web servers, application server and a database server  in their datacenter and also these were made accessible from the internet, 

if i m not wrong the east west traffic is between the web server and application server and then from application to database server hecne this architecture we are following from many years and east west traffic is from many years so what ACI is helping here, 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-08-2020 07:25 PM

Hi

 

This is an excellent question.

What I can say is that ACI helps you secure the communication between 2 hosts in the same subnet by applying contracts which can be summarized as ACLs in an easy way.

Before it was a pain and complex implementation to do the same.

 

The goal is to organize your servers in different EPGs even if they are in the same L3 subnet vut allowing an easy and smooth segmentation.

This is what we call east/west security and related to micro segmentation.

Contracts are L4 ACLs. If you want to inspect traffic between EPGs within the same bridge domain, you will also be able to do service insertion to take your traffic up to your firewall for L7 inspection, always in an easier way that you would have done it in a legacy network.

Also, with ACI you are extending your network using vxlan without "managing" it as everything is taken care by the fabric.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-08-2020 07:25 PM

Hi

 

This is an excellent question.

What I can say is that ACI helps you secure the communication between 2 hosts in the same subnet by applying contracts which can be summarized as ACLs in an easy way.

Before it was a pain and complex implementation to do the same.

 

The goal is to organize your servers in different EPGs even if they are in the same L3 subnet vut allowing an easy and smooth segmentation.

This is what we call east/west security and related to micro segmentation.

Contracts are L4 ACLs. If you want to inspect traffic between EPGs within the same bridge domain, you will also be able to do service insertion to take your traffic up to your firewall for L7 inspection, always in an easier way that you would have done it in a legacy network.

Also, with ACI you are extending your network using vxlan without "managing" it as everything is taken care by the fabric.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
adamgibs7
Level 6
Level 6
In response to Francesco Molino

‎11-14-2020 05:11 AM

Dear Francesco

thanks for the reply , as what i was expecting i posted for experts advise and the answers is same, 

 

thanks for the reply you will receive more question on aci from me onwards to have more understanding benefits on aci.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License