cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
680
Views
0
Helpful
4
Replies
rocky1
Beginner

L4-L7 Concept

Hello Friends,

 

I am trying to digest concept of L4-L7 feature in ACI

 

if i understood correct, if we use ASAv in L4-l7, then we dont need physical ASA in network to filter port traffic and ACI l4-l7 ASAv will do port based filtering ? Is it?

If we use f5 LB in L4-L7, then we dont need physical f5 LB in network to load balance traffic towards server and all these will do by ACI L4-L7 f5 image ?

and etc etc different images..    so once we use any LB image or firewall image then we dont need physical device in network and all things will take care by ACI itself ?

 

please suggest

1 ACCEPTED SOLUTION
4 REPLIES 4
Sergiu.Daniluk
VIP Advisor

Hi,

 

Yes, you can use both physical or virtual L4-L7 devices.In newer version (>4.2.x) you can even have cloud based L4-L7 integration:

l4l7.png

The integration can be either unmanaged, where ACI is only redirecting traffic to your L4L7 devices, fully managed, where you use a device package to provision L2-7 the device, or hybrid, where you use the device package for L2-3 provisioning and a service device controller for L4-7 policies.

l4l7.png

You can find the supported L4L7 devices along with the device packages here: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-734587.html 

If you are interested on more design details and requirements, I would suggest the following whitepapers, in this order:

1. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-734298.html 

2. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

3. https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html 

 

Cheers,

Sergiu

Hello,

Thank you for your reply!!!

 

 

As i Understood, we can basically redirect traffic to FW/FTD/Citrix/f5 etc or add device package of these devices under L4-L7 and configure them and push to those devices..

 

but what if if i don't know how to configure FW/FTD/Citrix/f5 etc device package then ? who will be the responsible for this? basically if i dont know what information to put under L4-L7 for particular package for example f5 LB ?

 

thank you

Hi,

In that case, you can leave your colleagues who are in charge of FW/FTD/Citrix/f5 to configure them as they normally do, and you attach them to ACI in unmanaged mode (either EPG model or unmanaged service graphs).

Regards,

Sergiu