Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1979
Views
0
Helpful
1
Replies

Firewalls and load balancers in ACI without service graph question

radsamda
Level 1
Level 1

‎09-20-2018 11:30 AM - edited ‎03-01-2019 05:39 AM

Hi all,

 

Basically looking for maybe an example of L4-L7 service insertion without a service graph. It is mentioned plenty of places this is possible, but never seen an example. Every google search just ends up with a service graph example.

 

I am guessing the options are create contracts between EPGs with a permit and the endpoints having a gateway of an IP on the firewall (or say a snat on a load balancer) that the firewall would get the traffic and subject it to its ACL.

I guess another option in the right situation would be a preferred group or even unenforcing contracts on the vrf.

I would also guess I would need to flood arp and etc.

Is there any type of guide on this?

TIA!

 

2 people had this problem
Labels:
0 Helpful
1 Reply 1

bl80
Level 1
Level 1

‎01-12-2021 08:55 AM

Did you ever find a solution for this?  Building out ACI now.  Service Graphs working for our environment but I envision some scenarios where we might need to go around that and provide direct connections to VIPs on our load Balancers without using an SG.  Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License