Hi,
My question is to use policy based service insertion/service graphs between the EPGs communications to redirect traffic to ASA firewall & F5 slb.
Below are Cisco ACI components:
1- Spines & Leafs
2- APIC Controllers
3- Cisco ASA Firewall attached to the APIC via device package
4- F5 SLB attached to the APIC via device package
I have the below scenario for the communication between the EPGs e.g:
WEB-EPG (consumer)
APP EPG (provider) (consumer for DB)
DB (provider)
I want to use contract that includes filter on port 80 to permit and action for service insertion to provide SLB (F5) service between the WEB & APP communications.
I want to use contract that includes filter on port any* to permit and action for service insertion to provide firewall (ASA) service between the APP & DB communications.
Can I do policy based "traffic redirection" through service graphs in the contract's service insertion?
Is it supported in version 1.0(3i)?
I believe, NSH (Network services header) will add in the VXLAN header before reaching the dest VNID and redirect the traffic to the clusters of the services node i.e. SLB or FW, Then traffic will reach the destination address after striping all services.
Regards,
Anser