F5 with ACI in network centric mode

sumesh.nair · ‎01-11-2018

Hi Folks

Seek to know if its better to connect F5 with manual connection using EPG or use F5 service insertion when deploying ACI in network centric mode

Thanks

Sumesh

satyendra · ‎01-16-2018

Hi

You should integrate F5 with ACI via Service graph . You can use Managed mode in the case where F5 need to be configured through APIC or in unmanaged mode where F5 admin will configure to F5 .

Rick1776 · ‎01-16-2018

I find in 90% of my customer deployments they want unmanaged mode. You can run into issues with the managed mode.

juned.shaikh@ferc.gov · ‎10-18-2018

We are following same architecture - can you please point me to the right configuration article. What we have learned so far that you create Portchannel with ACI and do f5 config as if you would connect f5 to traditional datacenter. f5 will treat the upstream ACI as simple switch.

What we are absolutely clueless about is what to configure on ACI side?

HelenaC · ‎10-19-2018

Hi,

If you are not using l4-l7 insertion for the F5 device, then you configure the ACI side like for a baremetal server. I would recomend a vPC on the ACI side rather than a PortChannel (it depends on how you are deploing your services, but it's good practice to use vPC with ACI whenever it's possible). On the F5 it is like a regular portchannel. LACP should be enabled on the F5 side (I don't remember if it is enabled by default).
So, on the ACI side you have to configure the access policies, etc... Then the assotiation is done at the EPG level with an static binding path for each VLAN where you want to attach the F5. If this is the part you are not familiar with, a good resource to start could be some trainning videos from de Cisco Learning Network(https://learningnetwork.cisco.com/docs/DOC-33220), but you can find more resources on the web.

It's true than from the F5 side there's no big difference from connecting it to a traditional switch, but from de ACI side the configuration is completely different. For a F5 it's good practice to enable ARP Flooding and GARP on the bridge domains where the F5 is connected.

juned.shaikh@ferc.gov · ‎10-19-2018

Thanks for the reply. The issue here is that we are switching to Network centric mode precisely for ACI to simply process L3 traffic and not be bother with L4-7 whatsoever.

Is there a document / article / knowledge base which assists in configuring f5 such that ACI simply processes the traffic at L3 level and let f5 manage the l4-7 just like classic environment.

Thanks,

Jayesh Singh · ‎10-19-2018

Hi Juned,

I guess below article should help, it also contains video link for F5-ACI configuration steps in unmanaged mode:

https://devcentral.f5.com/articles/unmanaged-mode-what-it-means-for-aci-and-big-ip-integration

Regards,

Jayesh

Rate all posts that are helpful.

kamalJpmc · ‎03-18-2019

the Video is not available now

@Jayesh Singh wrote:

Hi Juned,

I guess below article should help, it also contains video link for F5-ACI configuration steps in unmanaged mode:

https://devcentral.f5.com/articles/unmanaged-mode-what-it-means-for-aci-and-big-ip-integration

Regards,

Jayesh

Rate all posts that are helpful.

arunthirupati19289 · ‎01-06-2020

juned.shaikh@ferc.gov Hi, I was trying to find some doc on it. Right now I am on the same situation where we need to migrate the F5 into ACI as a traditional way and need to find what exactly the config has to be done. If you have anything documented or any resource on it, can you please share them. Thank you