Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4252
Views
20
Helpful
4
Replies

ACI one-arm unidirectional service graph

Go to solution
Oleg Bukhalov
Level 1
Level 1

‎06-22-2020 01:28 AM

Hello experts!

 

I am migrating existing services from a legacy network to ACI fabric. There is an F5 load balancer that I need to migrate to the fabric. The existing F5 is one-armed and I should redirect only server-to-client traffic on it. (topology in the attachment).

I have read the PRB Service Graph Design

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html#UnidirectionalPBRconfigurationexample

Here I found the configuration example for unidirectional PBR, but, unfortunately, only for two-armed service node.

The question is whether it's possible to configure a unidirectional PBR with a one-armed service node? 

Is it possible to complete the task by creating a two-arm service graph template, and then, choose the same cluster interface to consumer and provider connectors during the template deployment? (like in the attached screenshot)

Labels:
Preview file
61 KB
Preview file
25 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Oleg Bukhalov

‎06-22-2020 07:19 AM

You can go with the one arm, option during deployment. After the device is configured, go to the location mentioned above and you will see both the consumer and the provider interface. Select the one you do not want to PBR and remove the selected PBR policy.

Untitled.png

 

Cheers,

Sergiu

View solution in original post

Preview file
39 KB
4 Replies 4

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎06-22-2020 03:49 AM

Hi @Oleg Bukhalov 

Yes, it is possible to have one-arm unidirectional PBR in ACI. The configuration implies that you will apply the PBR policy only on one of the connectors - virtual interfaces configured for the PBR node:

 

Tenant -> Services -> L4L7 -> Device Selection Policy -> DEVICE -> Consumer (or provider depending on the direction) -> L4-L7 PBR policy:

 

Stay safe,

Sergiu

Go to solution
Oleg Bukhalov
Level 1
Level 1
In response to Sergiu.Daniluk

‎06-22-2020 06:12 AM

Hi Sergiu,

Thank you for the quick response! 

I would like to clarify the configuration of the service graph for my case.

If I choose one-arm option during the template creation (screen1 in the attachment) I have only one connector at the service graph deployment step (screen2 in the attachment). So it is impossible to apply PRB policy only on one of the connectors.

 

In order for such an option to appear, I have to choose two-arm option during the template creation (screen3). After that, it is possible to set up the PRB policy only for one of the connectors. What confuses me is that I have to specify the same cluster interface on both connectors (screen4).

 

Could you, please, confirm that this config is correct?

Preview file
40 KB
Preview file
50 KB
Preview file
43 KB
Preview file
63 KB
0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Oleg Bukhalov

‎06-22-2020 07:19 AM

You can go with the one arm, option during deployment. After the device is configured, go to the location mentioned above and you will see both the consumer and the provider interface. Select the one you do not want to PBR and remove the selected PBR policy.

Untitled.png

 

Cheers,

Sergiu

Preview file
39 KB

Go to solution
Oleg Bukhalov
Level 1
Level 1
In response to Sergiu.Daniluk

‎06-23-2020 12:10 AM

Thanks a lot!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License