cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
357
Views
15
Helpful
4
Replies
Highlighted
Beginner

ACI one-arm unidirectional service graph

Hello experts!

 

I am migrating existing services from a legacy network to ACI fabric. There is an F5 load balancer that I need to migrate to the fabric. The existing F5 is one-armed and I should redirect only server-to-client traffic on it. (topology in the attachment).

I have read the PRB Service Graph Design

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html#UnidirectionalPBRconfigurationexample

Here I found the configuration example for unidirectional PBR, but, unfortunately, only for two-armed service node.

The question is whether it's possible to configure a unidirectional PBR with a one-armed service node? 

Is it possible to complete the task by creating a two-arm service graph template, and then, choose the same cluster interface to consumer and provider connectors during the template deployment? (like in the attached screenshot)

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: ACI one-arm unidirectional service graph

You can go with the one arm, option during deployment. After the device is configured, go to the location mentioned above and you will see both the consumer and the provider interface. Select the one you do not want to PBR and remove the selected PBR policy.

Untitled.png

 

Cheers,

Sergiu

View solution in original post

4 REPLIES 4
Highlighted
Rising star

Re: ACI one-arm unidirectional service graph

Hi @Oleg Bukhalov 

Yes, it is possible to have one-arm unidirectional PBR in ACI. The configuration implies that you will apply the PBR policy only on one of the connectors - virtual interfaces configured for the PBR node:

 

Tenant -> Services -> L4L7 -> Device Selection Policy -> DEVICE -> Consumer (or provider depending on the direction) -> L4-L7 PBR policy:

 

Stay safe,

Sergiu

Highlighted
Beginner

Re: ACI one-arm unidirectional service graph

Hi Sergiu,

Thank you for the quick response! 

I would like to clarify the configuration of the service graph for my case.

If I choose one-arm option during the template creation (screen1 in the attachment) I have only one connector at the service graph deployment step (screen2 in the attachment). So it is impossible to apply PRB policy only on one of the connectors.

 

In order for such an option to appear, I have to choose two-arm option during the template creation (screen3). After that, it is possible to set up the PRB policy only for one of the connectors. What confuses me is that I have to specify the same cluster interface on both connectors (screen4).

 

Could you, please, confirm that this config is correct?

Highlighted
Rising star

Re: ACI one-arm unidirectional service graph

You can go with the one arm, option during deployment. After the device is configured, go to the location mentioned above and you will see both the consumer and the provider interface. Select the one you do not want to PBR and remove the selected PBR policy.

Untitled.png

 

Cheers,

Sergiu

View solution in original post

Highlighted
Beginner

Re: ACI one-arm unidirectional service graph

Thanks a lot!