cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1707
Views
5
Helpful
3
Replies

Service Graph shadow EPG or how to create a contract for L4-7 devices

Nik Noltenius
Spotlight
Spotlight

Hi folks,

 

I have a firewall attached to ACI as a L4-7 device using it in conjunction with Service Graph functionality and Policy-Based Redirect. Everything is fine for EPGs communicating across the Service Graph, however how do I apply a contract to the transfer network of the firewall itself?

 

I understand that by creating an L4-7 device shadow EPGs are automatically created but how do I apply policy to those. 

The firewall itself should be able to talk e.g. to the DNS server using the cluster interface configured in ACI. Therefore, I need a contract between the device and the DNS-EPG. Unfortunately I'm unable to figure out how to achieve this.

 

Any suggestions are highly appreciated!

 

Kind regards,

Nik

1 Accepted Solution

Accepted Solutions

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi,

Is DNS-EPG one of the provider or consumer EPG used in the service graph? if yes, then what you are looking for is "Direct Connect" option. Using this setting in the service graph, you can enable communication (individually):

  • from the consumer EPG to the consumer connector of the PBR node
  • from the provider EPG to the provider connector of the PBR node

For additional details about this option can be found in the ACI PBR white paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html 

 

Cheers,

Sergiu

View solution in original post

3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi,

Is DNS-EPG one of the provider or consumer EPG used in the service graph? if yes, then what you are looking for is "Direct Connect" option. Using this setting in the service graph, you can enable communication (individually):

  • from the consumer EPG to the consumer connector of the PBR node
  • from the provider EPG to the provider connector of the PBR node

For additional details about this option can be found in the ACI PBR white paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html 

 

Cheers,

Sergiu

Thank you Sergiu,

 

that is exactly what I was looking for! I already tested it in the lab and it does the job :)

 

Kind regards,

Nik

Hi Nik,

Glad to hear that the solution was helpful!

Have a nice rest of the week and stay safe!
Cheers,

Sergiu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License