cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1176
Views
0
Helpful
1
Replies

Service Insertion/Service Graphs & Policy based traffic redirection

Hi,

 

My question is to use policy based service insertion/service graphs between the EPGs communications to redirect traffic to ASA firewall & F5 slb.

  

Below are Cisco ACI components:

1- Spines & Leafs

2- APIC Controllers

3- Cisco ASA Firewall attached to the APIC via device package

4- F5 SLB attached to the APIC via device package

 

I have the below scenario for the communication between the EPGs e.g:

 

WEB-EPG (consumer)

APP EPG (provider) (consumer for DB)

DB (provider)

 

I want to use contract that includes filter on port 80 to permit and action for service insertion to provide SLB (F5) service between the WEB & APP communications.

I want to use contract that includes filter on port any* to permit and action for service insertion to provide firewall (ASA) service between the APP & DB communications.

 

Can I do policy based "traffic redirection" through service graphs in the contract's service insertion?

 

Is it supported in version 1.0(3i)?

 

I believe, NSH (Network services header) will add in the VXLAN header before reaching the dest VNID and redirect the traffic to the clusters of the services node i.e. SLB or FW, Then traffic will reach the destination address after striping all services.  

 

Regards,

Anser

1 Reply 1

Hello Muhammad, 

traffic redirection is not supported on 1.0(3i) , while NSH is still submitted to IETF as a draft from industry vendors , I think try to avoid waiting for it.

Regards

Mohammed ElSherbiny

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License