Solved: Re: Virtual IPs, Load Balancer and cisco ACI

ITforever · ‎02-13-2018

Hello,

I am working on stitching Citrix Netscaler LB to ACI Platform via Service Graph Unmanaged. The most of the documents I saw so far says EPGs for consumer (say internet users) and EPG for provider (say internet users). I am trying to understand how the ACI will know/learn about Virtual IPs on the LB as I don't see how I will specify them or will I need to specify them at all?

Many thanks.

Marcel Zehnder · ‎02-14-2018

In a LB-PBR scenario your VIPs will typically be part of the LB-service BD itself, so the VIP-subnet is directly connected to ACI. Have a look at the following whitepaper:

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

HTH

View solution in original post

ITforever · ‎02-13-2018

Just realized that I mentioned internet users for both sides. I actually meant:
- BD/EPG for say internal real servers (192.168.99.0/24), AND
- BD/EPG for say internet users (any)
- What about Virtual IPs (199.99.99.128/25) ??
How ACI learns VIPs or it does not need to? How it knows this is the traffic for VIPs/LB?

Marcel Zehnder · ‎02-14-2018

In a LB-PBR scenario your VIPs will typically be part of the LB-service BD itself, so the VIP-subnet is directly connected to ACI. Have a look at the following whitepaper:

https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

HTH

ITforever · ‎02-24-2018

Great, thanks. Having the VIPs in LB_BD resolved the problem.

p.hruby · ‎07-10-2019

What if VIP subnet is configured only inside of load balancer and external interface of the loadbalancer uses different IP subnet? Is such a scenario supported with ACI? In standard DC network I'd use a static route for VIP range towards the external LB interface.

stcorry · ‎07-10-2019

Actually the most flexible way to attach an LB is to do so via and L3 External. This way Static routes are easier to configure in situations like this as well as for servers that may sit behind the LB. So yes, I'd say this is definitely supported.

edit: Responded too quickly. You can also configure /32 routes on the BD for the VIPs in cases like this as well. I believe in newer versions you should be able to use PBR service graphs with L3 Externals and configure static routes as I mentioned above, but I would double check the PBR white paper and release notes.

p.hruby · ‎07-11-2019

Thanks.

For reference here is the link which describes how to configure static route on a BD. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_01000.html

suneq · ‎12-10-2019

@stcorry wrote:
Actually the most flexible way to attach an LB is to do so via and L3 External. This way Static routes are easier to configure in situations like this as well as for servers that may sit behind the LB. So yes, I'd say this is definitely supported.

edit: Responded too quickly. You can also configure /32 routes on the BD for the VIPs in cases like this as well. I believe in newer versions you should be able to use PBR service graphs with L3 Externals and configure static routes as I mentioned above, but I would double check the PBR white paper and release notes.

Hi @stcorry, may I ask if a service graph can support this scenario (VIP subnet is different than LB-ACI subnet)? I understood from your post that L3out should work but I have a client who wants a service graph because of the PBR. Thanks.

stcorry · ‎12-10-2019

Hello suneq!

Depending on the version your customer’s version, you should be able to configure PBR when the LB is attached via L3out, and that includes if the VIP subnet is different than the LB-ACI subnet. Here is the PBR white paper which should help with both high level and configuration: https://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

Let me know if you don’t find what you are looking for.

suneq · ‎12-16-2019

Nice. I will test and let you know. Thanks for your quick reply.