Re: Unmanaged Service Graph, without PBR?

Timothy ACI · ‎09-19-2020

Is this case practically unused? I have asked around for some production deployments that have Service Graph, and they all use PBR.

As far as I could understand, Service Graph (in case of Routed firewall and ADCs) makes ACI render connectivity and contract. The Routed firewall will be the gateway of the EPGs. However, this can be easily achieved by using Static Port or VMM association already, and since ACI is not the gateway, L2 BDs for those EPGs are sufficient. Same goes for ADCs.

With PBR though, the ACI can be the gateway, but still can redirect traffic to L4-L7 devices at will. It also has bypass mechanism (manually remove graph binding to contract subject, or SLA-based)

Is anyone still using Unmanaged Service Graph without PBR in their deployment?

m1xed0s · ‎03-30-2023

It is a little bit surpised that no one answered on this...

To me, without PBR, ACI can still be the default gateway for the consumer/provider EPGs' workloads of the service graph but you would lose the flexibility. Plus if the service graph template was added without Route Redirect option enabled, you would have to delete and recreate the template if you want to use the PBR with the same service graph template down the road in production.

RedNectar · ‎03-31-2023

Hi @Timothy ACI ,

I think your question ...

Is anyone still using Unmanaged Service Graph without PBR in their deployment?

...has answered itself.

The number of sites "using Unmanaged Service Graph without PBR in their deployment" is probably = the number of "Yes" replies you have got to this post in 2.5 years

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.