Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8961
Views
10
Helpful
9
Replies

Virtual IPs, Load Balancer and cisco ACI

Go to solution
ITforever
Beginner
Beginner

‎02-13-2018 05:23 PM - edited ‎03-01-2019 05:26 AM

Hello,

 

I am working on stitching Citrix Netscaler LB to ACI Platform via Service Graph Unmanaged. The most of the documents I saw so far says EPGs for consumer (say internet users) and EPG for provider (say internet users). I am trying to understand how the ACI will know/learn about Virtual IPs on the LB as I don't see how I will specify them or will I need to specify them at all?

 

Many thanks.

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcel Zehnder
Rising star
Rising star
In response to ITforever

‎02-14-2018 10:26 PM

In a LB-PBR scenario your VIPs will typically be part of the LB-service BD itself, so the VIP-subnet is directly connected to ACI. Have a look at the following whitepaper:

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

 

HTH

 

 

View solution in original post

9 Replies 9

Go to solution
ITforever
Beginner
Beginner

‎02-13-2018 10:26 PM

Just realized that I mentioned internet users for both sides. I actually meant:
- BD/EPG for say internal real servers (192.168.99.0/24), AND
- BD/EPG for say internet users (any)
- What about Virtual IPs (199.99.99.128/25) ??
How ACI learns VIPs or it does not need to? How it knows this is the traffic for VIPs/LB?


0 Helpful

Go to solution
Marcel Zehnder
Rising star
Rising star
In response to ITforever

‎02-14-2018 10:26 PM

In a LB-PBR scenario your VIPs will typically be part of the LB-service BD itself, so the VIP-subnet is directly connected to ACI. Have a look at the following whitepaper:

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

 

HTH

 

 

Go to solution
ITforever
Beginner
Beginner
In response to Marcel Zehnder

‎02-24-2018 12:45 AM

Great, thanks. Having the VIPs in LB_BD resolved the problem.

0 Helpful

Go to solution
p.hruby
Beginner
Beginner
In response to Marcel Zehnder

‎07-10-2019 05:56 AM

What if VIP subnet is configured only inside of load balancer and external interface of the loadbalancer uses different IP subnet? Is such a scenario supported with ACI? In standard DC network I'd use a static route for VIP range towards the external LB interface.

0 Helpful

Go to solution
stcorry
Cisco Employee
Cisco Employee
In response to p.hruby

‎07-10-2019 06:44 AM - edited ‎07-10-2019 08:07 AM

Actually the most flexible way to attach an LB is to do so via and L3 External. This way Static routes are easier to configure in situations like this as well as for servers that may sit behind the LB. So yes, I'd say this is definitely supported.

 

edit: Responded too quickly. You can also configure /32 routes on the BD for the VIPs in cases like this as well. I believe in newer versions you should be able to use PBR service graphs with L3 Externals and configure static routes as I mentioned above, but I would double check the PBR white paper and release notes. 

Go to solution
suneq
Beginner
Beginner
In response to stcorry

‎12-10-2019 04:13 PM

@stcorry wrote:

Actually the most flexible way to attach an LB is to do so via and L3 External. This way Static routes are easier to configure in situations like this as well as for servers that may sit behind the LB. So yes, I'd say this is definitely supported.

 

edit: Responded too quickly. You can also configure /32 routes on the BD for the VIPs in cases like this as well. I believe in newer versions you should be able to use PBR service graphs with L3 Externals and configure static routes as I mentioned above, but I would double check the PBR white paper and release notes. 

Hi @stcorry, may I ask if a service graph can support this scenario (VIP subnet is different than LB-ACI subnet)? I understood from your post that L3out should work but I have a client who wants a service graph because of the PBR. Thanks.

0 Helpful

Go to solution
stcorry
Cisco Employee
Cisco Employee
In response to suneq

‎12-10-2019 04:51 PM

Hello suneq!

Depending on the version your customer’s version, you should be able to configure PBR when the LB is attached via L3out, and that includes if the VIP subnet is different than the LB-ACI subnet. Here is the PBR white paper which should help with both high level and configuration: https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html


Let me know if you don’t find what you are looking for.
0 Helpful

Go to solution
suneq
Beginner
Beginner
In response to stcorry

‎12-16-2019 03:49 AM

Nice. I will test and let you know. Thanks for your quick reply.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents