Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
5
Helpful
5
Replies

Service Chaining - How vEdge redirects traffic to the service?

Go to solution
muthumohan
Level 1
Level 1

‎06-15-2021 08:33 PM

Hi,

 

In Service chaining, how does vEdge direct the traffic to the service running on its LAN side? Does it use GRE, WCCP etc.?

Or is it a requirement that the service (say Firewall) must be directly attached to the vEdge?

 

I have been searching answer for this question for more than a year and no one is able to tell me

Would appreciate any help.

Mohan

 

PS: Please note that I know how service chaining works over SDWAN overlay, my question is very specific on how the vEdge that is connected to the service (FW) directs/redirects the traffic to that service, on its LAN side.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎06-16-2021 10:39 PM

Hi,

 

good questions...

if you do chaining with central control policy, then you will have normal routing as fallback.

if you do chaining with central data policy and "strict" is chosen in set service-VPN action, you will have drop. If not chosen, then normal routing happens.

 

Why does normal routing happen in this case? Because, normally vSMART changes label value in route advertisement (in central control policy scenario) or adds respective TLOC values with label (in central data policy scenario) when service is assumed online. If it is not available (because originator withdrew route), then vSmart don't change label values and router does routing based on normal OMP routes.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kanan Huseynli
VIP
VIP

‎06-16-2021 05:18 PM - edited ‎06-16-2021 05:28 PM

Hi,

 

router does simple routing (without any additional encapsulation), if service is configured with IP address. If interface GRE or IPSEC is used, then traffic is redirected through GRE or IPSEC interface to firewall - service.

 

It is not mandatory that service should be directly connected. You may do routing toward firewall (static routing for example). But you must be careful here. Intermediate node may immediately return traffic to router due to configured routing. You must use different VRF for in-out traffic or you may use PBR to route toward firewall.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
muthumohan
Level 1
Level 1
In response to Kanan Huseynli

‎06-16-2021 08:17 PM

Hi Kanan,

 

Thank you for your reply. It clarifies the connectivity to the service.

One other related question: I know the vEdge will monitor the service (reachability to that service IP) to avoid blackholing the traffic if the service is not available. I believe the router will withdraw the service route if the service is not reachable. But happens to the user traffic if the service IP (say FW) becomes unavailable? Will the service chaining policy will not take effect and the traffic will be forwarded without the service in between, or will the traffic be dropped?

Thank you and I appreciate your reply.

Regards,

Mohan

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎06-16-2021 10:39 PM

Hi,

 

good questions...

if you do chaining with central control policy, then you will have normal routing as fallback.

if you do chaining with central data policy and "strict" is chosen in set service-VPN action, you will have drop. If not chosen, then normal routing happens.

 

Why does normal routing happen in this case? Because, normally vSMART changes label value in route advertisement (in central control policy scenario) or adds respective TLOC values with label (in central data policy scenario) when service is assumed online. If it is not available (because originator withdrew route), then vSmart don't change label values and router does routing based on normal OMP routes.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
muthumohan
Level 1
Level 1
In response to Kanan Huseynli

‎06-17-2021 12:52 AM

Thank you, Kanan. Very Much. Your reply clarified crystal clear

This is exactly what I was looking for in the documentation.

Appreciate it.

Regards,

Mohan

0 Helpful

Go to solution
JohnG2020
Level 1
Level 1

‎09-09-2021 10:11 AM - edited ‎09-14-2021 12:54 PM

Deleting my post here, I opened up new thread on it's own. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents