03-29-2020 12:53 AM
Hello Friends,
I am trying to digest concept of L4-L7 feature in ACI
if i understood correct, if we use ASAv in L4-l7, then we dont need physical ASA in network to filter port traffic and ACI l4-l7 ASAv will do port based filtering ? Is it?
If we use f5 LB in L4-L7, then we dont need physical f5 LB in network to load balance traffic towards server and all these will do by ACI L4-L7 f5 image ?
and etc etc different images.. so once we use any LB image or firewall image then we dont need physical device in network and all things will take care by ACI itself ?
please suggest
Solved! Go to Solution.
03-29-2020 01:28 AM - edited 03-29-2020 01:51 AM
Hi
Depends on the mode ASAv or F5 is deployed.
https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKACI-2506.pdf
HTH
03-29-2020 01:28 AM - edited 03-29-2020 01:51 AM
03-29-2020 03:11 AM
Hi,
Yes, you can use both physical or virtual L4-L7 devices.In newer version (>4.2.x) you can even have cloud based L4-L7 integration:
The integration can be either unmanaged, where ACI is only redirecting traffic to your L4L7 devices, fully managed, where you use a device package to provision L2-7 the device, or hybrid, where you use the device package for L2-3 provisioning and a service device controller for L4-7 policies.
You can find the supported L4L7 devices along with the device packages here: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-734587.html
If you are interested on more design details and requirements, I would suggest the following whitepapers, in this order:
Cheers,
Sergiu
03-29-2020 09:18 PM
Hello,
Thank you for your reply!!!
As i Understood, we can basically redirect traffic to FW/FTD/Citrix/f5 etc or add device package of these devices under L4-L7 and configure them and push to those devices..
but what if if i don't know how to configure FW/FTD/Citrix/f5 etc device package then ? who will be the responsible for this? basically if i dont know what information to put under L4-L7 for particular package for example f5 LB ?
thank you
03-29-2020 10:22 PM
Hi,
In that case, you can leave your colleagues who are in charge of FW/FTD/Citrix/f5 to configure them as they normally do, and you attach them to ACI in unmanaged mode (either EPG model or unmanaged service graphs).
Regards,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide