cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
0
Replies

Service Graph, load balancer and security issue?

IT-ina
Level 1
Level 1

Hi,

We have a F5 device deployed on a tenant. I would like to use it for load balancing some applications.

The load balancer is created in one armed mode, in goto mode without PBR  and  on a dedicated service Bridge domain.

 

I create a vip in my F5, and create and apply a LB  service graph between EPG A and EPG B, based on a contract between these 2 EPGs. Everything is ok.

In another Application profile I apply  the same SG between EPG C and EPG D, based on a contract between these 2 EPGs.

 

But now ... EPG A can see the vip created between EPG C and D ... and EPG C (for example) can see the vip created between A et B.

So , without any contract I open EPG A to EPG D, through this vip.

 

It means that I can't share a device for 2 different application?

I think that is because it(s the same SG / device / BD i'm using but i thought contract will drop trafic...

 

Is there a way to secure this ?

Contract filter ? PBR ?

wthout multiple vlan in my LB ?

 

Thanks

 

 

 

 

0 Replies 0

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License