We're trying to replicate an existing design in our legacy network in ACI and are experiencing some issues. In our legacy network, we used PBR on a pair of N7Ks to set the nexthop address of matching application traffic to a load-balancer.
In trying to construct a similar configuration in a network-centric ACI fabric design with unmanaged F5 load-balancer, I've used a one-armed service graph with the F5 as a GoTo function node and with route redirect enabled, and in deploying the graph the backend server BD was selected for both the consumer and provider LIFs. The route redirect policy destination is the F5 self-IP interface on the backend server BD and a filter (matching HTTP) is used to match application traffic to be PBR'ed to the F5.
The service graph works in the configuration for requests to the F5 service VIP, however direct requests to the backend servers from consumer EPGs do not work. A traffic capture shows that the SYNs for direct connections to the backend servers (e.g. for monitoring) are PBR'ed to the F5s first where they are subsequently dropped.
Has anybody had any experience with a similar configuration or set of requirements for PBR?
did you resolve this direct access to servers? Can you advise what actions need to be taken in order to have the same access (http for example) over VIP and over direct IP access to servers, using unidirectional graph?
Hi all,not sure this is the right place to raise my question..if not..beg you pardon.problem: I have to interconnect 2 datacenter with 2 links 10gb each so...10+10physical connection is DWDM (dark fiber) and each datacenter has is own nexus93108 (as ...
Coming soon - Be the first to know about the New Product/Release Series. Join Customer Connection to register for the briefings throughout the month of October!
Membership in the Cisco Customer Connection program is required to attend. Registra...
Description:Fault delegate: A Fabric Node Group (fabricNodeGrp) configuration was not deployed on the fabric node 152 because: Node Not Registered for Node Group Policies Type:Config Cause:configuration-failed Change Set:deplSt:not-register...
<original blog published on cisco @ https://blogs.cisco.com/datacenter/cisco-mds-32g-fibre-channel-fabric-switches-small-doesnt-mean-less >
When we think about fabric switches, we tend to consider low-end hardware. These typically do ...
Cisco Champion Radio · S7|E34 Cisco HyperFlex with iSCSI Helps Consolidate Workloads
IT organizations that get the most out of their technology investments tend to grow faster than their peers. As a result, they are always exploring enhancements to exist...