Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
0
Replies

Multi-Site: Service-Graph re-direct and local l3out

SandevChopra07800
Level 1
Level 1

‎11-28-2022 01:21 PM

Hi fellas, we are doing a multi-site deployment with the service-graph re-direct use case to a FW local to each site. {We have 2 x DCs.} ACI Fabric will be the default-gateway for all Vlans/BDs. (Even for secured vlans which were previously behind the FW). The L3out is local to each site, since that is how Cisco recommends to do it. So it is created on a local-site-template from the NDO and the l3out config objects like- node profiles + logical interface profile are done from the APIC. I have a Q on where to create the Ext-EPG from? 

There is a traffic flow scenario where the Ext-EPG needs to talk to the Secure-vlan/EPG, so that needs to be steered to the FW using PBR. Since the service-graph needs to be a stretched object from the NDO, I cannot see the Ext-EPG in that Stretched template since it was created on the local-site-specific template. So shall I create the Ext-EPG as a stretched object then from the NDO? 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License