Re: (ASK) ACI Service graph PBR Backup Configuration

williammanurung · ‎10-14-2020

Hi,

I want configure service graph PBR in ACI Multipod, first firewall ASA I deploy in POD-1 and second one I deploy in POD-2.

My goal is all traffic should be redirect to firewall ASA in POD-1 as primary, if this ASA down, traffic will be redirect to second ASA in POD-2.

I already know, how to configure PBR to one device only.

Thanks

Sergiu.Daniluk · ‎10-14-2020

Hi @williammanurung

One of the most common options is the deployment of an active-standby service node (FW) pair in different pods: the active firewall node is in Pod1 and the standby node is in Pod2. In this case, all the traffic for communication with the external network (north-south) or between internal endpoints (east-west) must be hair-pinned to the pod in which the active service node is located.

Reference: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html#Activestandbyfirewallspairstretchedacrosspods

Stay safe,

Sergiu

williammanurung · ‎10-15-2020

Hi @Sergiu.Daniluk

Thanks for reply.
In my design i will deploy independent active-standby firewalls pair in each pod, then will integrate using service graph.
Because my goal is some traffic will be direct to Firewall in POD 1, but another traffic will be direct to Firewall in POD 2.
Do you have idea to achieve that?

Thanks.