cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3210
Views
5
Helpful
8
Replies

F5 with ACI in network centric mode

sumesh.nair
Level 1
Level 1

Hi Folks

 

Seek to know if its better to connect F5 with manual connection using EPG or use F5 service insertion when deploying ACI in network centric mode

 

Thanks

Sumesh

 

 

8 Replies 8

satyendra
Level 1
Level 1

Hi

 

You should integrate F5 with ACI via Service graph . You can use Managed mode in the case where F5 need to be configured through APIC or in unmanaged  mode  where F5  admin will configure to F5 .

Rick1776
Level 5
Level 5
I find in 90% of my customer deployments they want unmanaged mode. You can run into issues with the managed mode.

We are following same architecture - can you please point me to the right configuration article. What we have learned so far that you create Portchannel with ACI and do f5 config as if you would connect f5 to traditional datacenter. f5 will treat the upstream ACI as simple switch. 

 

What we are absolutely clueless about is what to configure on ACI side?

 

 

Hi,

If you are not using l4-l7 insertion for the F5 device, then you configure the ACI side like for a baremetal server. I would recomend a vPC on the ACI side rather than a PortChannel (it depends on how you are deploing your services, but it's good practice to use vPC with ACI whenever it's possible). On the F5 it is like a regular portchannel. LACP should be enabled on the F5 side (I don't remember if it is enabled by default).
So, on the ACI side you have to configure the access policies, etc... Then the assotiation is done at the EPG level with an static binding path for each VLAN where you want to attach the F5. If this is the part you are not familiar with, a good resource to start could be some trainning videos from de Cisco Learning Network(https://learningnetwork.cisco.com/docs/DOC-33220), but you can find more resources on the web.

It's true than from the F5 side there's no big difference from connecting it to a traditional switch, but from de ACI side the configuration is completely different. For a F5 it's good practice to enable ARP Flooding and GARP on the bridge domains where the F5 is connected.

Thanks for the reply. The issue here is that we are switching to Network centric mode precisely for ACI to simply process L3 traffic and not be bother with L4-7 whatsoever.

 

Is there a document / article / knowledge base which assists in configuring f5 such that ACI simply processes the traffic at L3 level and let f5 manage the l4-7 just like classic environment.

 

Thanks,

Hi Juned,

I guess below article should help, it also contains video link for F5-ACI configuration steps in unmanaged mode:

 

https://devcentral.f5.com/articles/unmanaged-mode-what-it-means-for-aci-and-big-ip-integration

 

Regards,

Jayesh

 

Rate all posts that are helpful.

the Video is not available now 


@Jayesh Singh  wrote:

Hi Juned,

I guess below article should help, it also contains video link for F5-ACI configuration steps in unmanaged mode:

 

https://devcentral.f5.com/articles/unmanaged-mode-what-it-means-for-aci-and-big-ip-integration

 

Regards,

Jayesh

 

Rate all posts that are helpful.


 

juned.shaikh@ferc.gov Hi, I was trying to find some doc on it. Right now I am on the same situation where we need to migrate the F5 into ACI as a traditional way and need to find what exactly the config has to be done. If you have anything documented or any resource on it, can you please share them. Thank you 

Save 25% on Day-2 Operations Add-On License