Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
2
Replies

ACI MultiPod Independet Firewalls per pod

spinning2008
Level 1
Level 1

‎03-15-2025 05:42 AM

Hi team,

I need some guidance regarding an ACI Multi-Pod design and would like to know the best recommendation.

The design includes three firewalls per data center: MPLS, SD-WAN, and INET (active-standby independent), each connected to a separate L3Out. To ensure symmetric traffic, PBR seems like the best choice, correct? I also plan to use AS-path prepending.

Would you recommend any additional best practices or considerations?

Looking forward to your advice.

Best regards.

Labels:
0 Helpful
2 Replies 2

AshSe
VIP
VIP

‎03-17-2025 01:10 AM

Hello @spinning2008 

Your plan to use PBR and AS-path prepending is a solid foundation. Pay close attention to the details of your L3Out design, contract design, PBR implementation, and firewall configuration. Thorough testing and comprehensive monitoring are essential for a successful ACI Multi-Pod deployment. Remember to document everything!

You may share (if doesn't breach your NDA agreement) your specific design for detailed response.

HTH

 

0 Helpful

spinning2008
Level 1
Level 1
In response to AshSe

‎04-03-2025 11:12 AM

Hi  AshSe 

thanks for the reply, I'm still checking the design, cisco does not reommed using for example  0.0.0.0/0  in multiple L3out, can use 0.0.0.0/1 + 128.0.0.0/1 in 1 L3out and 0.0.0.0/0 in another L3out. Best solution is use 1 L3out with multiples eBGP sessions ?? 

Thanks and regards, 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License