Cisco Community
English
Register
JOIN thousands of technologists and change-makers at Transform 2020, a one-of-a-kind virtual event! RESERVE YOUR SPOT NOW
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4840
Views
10
Helpful
9
Replies
ITforever
Beginner
Beginner
‎02-13-2018 05:23 PM
‎02-13-2018 05:23 PM

Virtual IPs, Load Balancer and cisco ACI

Hello,

 

I am working on stitching Citrix Netscaler LB to ACI Platform via Service Graph Unmanaged. The most of the documents I saw so far says EPGs for consumer (say internet users) and EPG for provider (say internet users). I am trying to understand how the ACI will know/learn about Virtual IPs on the LB as I don't see how I will specify them or will I need to specify them at all?

 

Many thanks.

 

Labels:
1 person had this problem
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Marcel Zehnder
Participant
Participant
In response to ITforever
‎02-14-2018 10:26 PM
‎02-14-2018 10:26 PM

In a LB-PBR scenario your VIPs will typically be part of the LB-service BD itself, so the VIP-subnet is directly connected to ACI. Have a look at the following whitepaper:

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

 

HTH

 

 

View solution in original post

9 REPLIES 9
ITforever
Beginner
Beginner
‎02-13-2018 10:26 PM
‎02-13-2018 10:26 PM

Just realized that I mentioned internet users for both sides. I actually meant:
- BD/EPG for say internal real servers (192.168.99.0/24), AND
- BD/EPG for say internet users (any)
- What about Virtual IPs (199.99.99.128/25) ??
How ACI learns VIPs or it does not need to? How it knows this is the traffic for VIPs/LB?


0 Helpful
Marcel Zehnder
Participant
Participant
In response to ITforever
‎02-14-2018 10:26 PM
‎02-14-2018 10:26 PM

In a LB-PBR scenario your VIPs will typically be part of the LB-service BD itself, so the VIP-subnet is directly connected to ACI. Have a look at the following whitepaper:

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

 

HTH

 

 

View solution in original post

ITforever
Beginner
Beginner
In response to Marcel Zehnder
‎02-24-2018 12:45 AM
‎02-24-2018 12:45 AM

Great, thanks. Having the VIPs in LB_BD resolved the problem.

0 Helpful
p.hruby
Beginner
Beginner
In response to Marcel Zehnder
‎07-10-2019 05:56 AM
‎07-10-2019 05:56 AM

What if VIP subnet is configured only inside of load balancer and external interface of the loadbalancer uses different IP subnet? Is such a scenario supported with ACI? In standard DC network I'd use a static route for VIP range towards the external LB interface.

0 Helpful
stcorry
Cisco Employee
Cisco Employee
In response to p.hruby
‎07-10-2019 06:44 AM
‎07-10-2019 06:44 AM

Actually the most flexible way to attach an LB is to do so via and L3 External. This way Static routes are easier to configure in situations like this as well as for servers that may sit behind the LB. So yes, I'd say this is definitely supported.

 

edit: Responded too quickly. You can also configure /32 routes on the BD for the VIPs in cases like this as well. I believe in newer versions you should be able to use PBR service graphs with L3 Externals and configure static routes as I mentioned above, but I would double check the PBR white paper and release notes. 

p.hruby
Beginner
Beginner
In response to stcorry
‎07-11-2019 05:54 AM
‎07-11-2019 05:54 AM

Thanks.

For reference here is the link which describes how to configure static route on a BD. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_01000.html

 

 

0 Helpful
suneq
Beginner
Beginner
In response to stcorry
‎12-10-2019 04:13 PM
‎12-10-2019 04:13 PM

@stcorry wrote:

Actually the most flexible way to attach an LB is to do so via and L3 External. This way Static routes are easier to configure in situations like this as well as for servers that may sit behind the LB. So yes, I'd say this is definitely supported.

 

edit: Responded too quickly. You can also configure /32 routes on the BD for the VIPs in cases like this as well. I believe in newer versions you should be able to use PBR service graphs with L3 Externals and configure static routes as I mentioned above, but I would double check the PBR white paper and release notes. 

Hi @stcorry, may I ask if a service graph can support this scenario (VIP subnet is different than LB-ACI subnet)? I understood from your post that L3out should work but I have a client who wants a service graph because of the PBR. Thanks.

0 Helpful
stcorry
Cisco Employee
Cisco Employee
In response to suneq
‎12-10-2019 04:51 PM
‎12-10-2019 04:51 PM

Hello suneq!

Depending on the version your customer’s version, you should be able to configure PBR when the LB is attached via L3out, and that includes if the VIP subnet is different than the LB-ACI subnet. Here is the PBR white paper which should help with both high level and configuration: https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html


Let me know if you don’t find what you are looking for.
0 Helpful
suneq
Beginner
Beginner
In response to stcorry
‎12-16-2019 03:49 AM
‎12-16-2019 03:49 AM

Nice. I will test and let you know. Thanks for your quick reply.

0 Helpful
Latest Contents
#CiscoChat Live - Cisco and HashiCorp Deliver IaC Automation...
Created by Kelli Glass on 04-06-2021 03:33 PM
0
0
0
0
Join us live on Thursday, April 8 at 10 am PT (and on demand after) as we join Cisco and HashiCorp executives to discuss the importance of IaC automation, Intersight Service for Terraform, and how to better manage hybrid cloud infrastructure at scale... view more
#CiscoChat Live - Cisco and HashiCorp Deliver IaC Automation...
Created by Kelli Glass on 04-06-2021 03:24 PM
2
0
2
0
Join us live on Thursday, April 8 at 10 am PT (and on demand after) where Cisco and HashiCorp executives will discuss the importance of IaC automation, Cisco Intersight Service for Hashicorp Terraform, and how to better manage hybrid cloud infrastructure... view more
Cisco ACI Resources
Created by roxadiaz on 03-31-2021 11:10 AM
0
5
0
5
          Start       Design      Deploy    Integration  Learn    Best Practice      Start   What's new in Cisco ACI 5.1(3) Video - What's New in Ci... view more
Infrastructure as a Code for Cisco Cloud Solutions
Created by roxadiaz on 03-29-2021 02:31 PM
0
0
0
0
How to START with Infrastructure as a code for Cisco Cloud Solutions   ACI Ansible Modules Documentation Guide Cisco Collections on Ansible Galaxy   Cisco DevNet Learning Labs DevNet Introduction to ACI and Ansible DevNet Introduction to ACI a... view more
How to Receive Software Release Notifications
Created by roxadiaz on 03-29-2021 02:25 PM
1
0
1
0
Here's how to get notified about Cisco software releases, like the Application Policy Infrastructure Controller (APIC) (APIC Software) Go to software.cisco.com - where you download all Cisco software Select Software Download Choose P... view more
Content for Community-Ad