Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1335
Views
0
Helpful
1
Replies

ACI PBR to FW

Ziad El Achkouty
Level 1
Level 1

‎08-19-2019 05:00 AM

Hello,

 

We currently have default gateway on ACI with Firewall redirection using service graph.

Is there a feature in ACI which verifies the firewall availability? If the firewall is reachable apply the PBR and if not apply ACI contract for the communication between 2 EPGs.

 

0 Helpful
1 Reply 1

Timothy Rothenberg
Cisco Employee
Cisco Employee

‎08-19-2019 09:31 PM

Yes, ACI has a node tracking feature. I think the best explanation you'll find is in this white paper: https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html#_Toc13803420

Specific to your question, you could configure your failover contract with the service graph. If the device is down, you can set the action to permit (or bypass, depending) and the contract will still permit allowed traffic directly through to the destination. I'm not sure if there's a way to configure it such that you have contract A with service graph, and if service graph node is down, apply contract B (which is how interpret your question). You can tell a contract to permit/deny/bypass if a service graph is unavailable, but what you'd really need is for traffic to fall through and hit a lower priority contract. I don't think that's possible today.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License