I am trying to digest concept of L4-L7 feature in ACI
if i understood correct, if we use ASAv in L4-l7, then we dont need physical ASA in network to filter port traffic and ACI l4-l7 ASAv will do port based filtering ? Is it?
If we use f5 LB in L4-L7, then we dont need physical f5 LB in network to load balance traffic towards server and all these will do by ACI L4-L7 f5 image ?
and etc etc different images.. so once we use any LB image or firewall image then we dont need physical device in network and all things will take care by ACI itself ?
Solved! Go to Solution.
Yes, you can use both physical or virtual L4-L7 devices.In newer version (>4.2.x) you can even have cloud based L4-L7 integration:
The integration can be either unmanaged, where ACI is only redirecting traffic to your L4L7 devices, fully managed, where you use a device package to provision L2-7 the device, or hybrid, where you use the device package for L2-3 provisioning and a service device controller for L4-7 policies.
You can find the supported L4L7 devices along with the device packages here: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-734587.html
If you are interested on more design details and requirements, I would suggest the following whitepapers, in this order:
Thank you for your reply!!!
As i Understood, we can basically redirect traffic to FW/FTD/Citrix/f5 etc or add device package of these devices under L4-L7 and configure them and push to those devices..
but what if if i don't know how to configure FW/FTD/Citrix/f5 etc device package then ? who will be the responsible for this? basically if i dont know what information to put under L4-L7 for particular package for example f5 LB ?
In that case, you can leave your colleagues who are in charge of FW/FTD/Citrix/f5 to configure them as they normally do, and you attach them to ACI in unmanaged mode (either EPG model or unmanaged service graphs).