Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1123
Views
0
Helpful
4
Replies

L4-L7 Concept

Go to solution
rocky2024
Level 1
Level 1

‎03-29-2020 12:53 AM

Hello Friends,

 

I am trying to digest concept of L4-L7 feature in ACI

 

if i understood correct, if we use ASAv in L4-l7, then we dont need physical ASA in network to filter port traffic and ACI l4-l7 ASAv will do port based filtering ? Is it?

If we use f5 LB in L4-L7, then we dont need physical f5 LB in network to load balance traffic towards server and all these will do by ACI L4-L7 f5 image ?

and etc etc different images..    so once we use any LB image or firewall image then we dont need physical device in network and all things will take care by ACI itself ?

 

please suggest

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-29-2020 03:11 AM

Hi,

 

Yes, you can use both physical or virtual L4-L7 devices.In newer version (>4.2.x) you can even have cloud based L4-L7 integration:

l4l7.png

The integration can be either unmanaged, where ACI is only redirecting traffic to your L4L7 devices, fully managed, where you use a device package to provision L2-7 the device, or hybrid, where you use the device package for L2-3 provisioning and a service device controller for L4-7 policies.

l4l7.png

You can find the supported L4L7 devices along with the device packages here: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-734587.html 

If you are interested on more design details and requirements, I would suggest the following whitepapers, in this order:

1. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-734298.html 

2. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

3. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html 

 

Cheers,

Sergiu

0 Helpful

Go to solution
rocky2024
Level 1
Level 1
In response to Sergiu.Daniluk

‎03-29-2020 09:18 PM

Hello,

Thank you for your reply!!!

 

 

As i Understood, we can basically redirect traffic to FW/FTD/Citrix/f5 etc or add device package of these devices under L4-L7 and configure them and push to those devices..

 

but what if if i don't know how to configure FW/FTD/Citrix/f5 etc device package then ? who will be the responsible for this? basically if i dont know what information to put under L4-L7 for particular package for example f5 LB ?

 

thank you

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to rocky2024

‎03-29-2020 10:22 PM

Hi,

In that case, you can leave your colleagues who are in charge of FW/FTD/Citrix/f5 to configure them as they normally do, and you attach them to ACI in unmanaged mode (either EPG model or unmanaged service graphs).

Regards,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License