EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USService Graph Introduction
Service Graph Introduction:
ACI Service Graph is method through which a Layer 4 to Layer 7 functions or device can be integrated in ACI. This helps ACI to re-direct the traffic between different security zones of FW or load balancer.
With the help of ACI service graph, Security and LB admins can straightly defines Security and LB policies and via APIC, these policies are associated to traffic path between source and destination.
Layer 4 – Layer 7 device can be integrated to ACI with or without ACI Service graph. But if Service graph is used, it automates the deployment of Layer 4 to Layer 7 service in the network.
Different Management models of Service Graph:
Unmanaged Mode (Network Policy Mode): In this Mode, ACI will configure Network Portion of Fabric and Configuration related to L4-L7 is done by ACI, rather Security or LB admin has to manually configure their devices.
Here brief work area of each admins are given below:
- Network Admin will configure Ports, VLANs etc. to connect to FW or LB
- FW or LB admin will configure their respected interfaces and VLANs
- FW and LB admins will configure ACLs and Other components
Also Network admin will manage only fabric not FW, Security Admin will manages the FW and LB not fabric.
This Mode is used only when FW and LB admin does not allow APIC to configure their device and this L4-L7 device to be used for Traffic redirect or if it is to be appeared as object model, and APIC is not allowed to talk to third party controller.
Managed Mode (Service Policy Mode): in this mode ACI will configure both network portion of fabric as well as config related to L4-L7 device through APIC.
Network Admin will configure the Fabric Security and LB admin will provide the configurations to network admin and Network admin will push these policies to Fabric via APIC as a function profile.
This Mode is used only when FW and LB admin does allow APIC to configure their device and if you want APIC to allocates the VLANs and collect health scores of device and push policy to L4-L7 device upon EPG discovery
Service Manager Mode: In this mode, ACI will configure the Network portion of fabric, L4-L7 VLANS etc. and APIC admins associates these policy defined by Network policy tool.
TABLE OF CONTENTS
- ACI Initial Fabric Configuration
- ACI Configure Tenant VRF & Bridge Domain
- ACI Configure Filters and Contracts
- ACI Configure Three-Tier Application Profile
- ACI Configure Baseline Interface Policies
- ACI Integration with VMWARE
- ACI Inter Tenant Connectivity
- ACI Extend Bridge Domain by External Layer 2 Connection
- ACI External Network Connectivity to External Switch via Trunk
- ACI Static Routing for External Layer 3 Connectivity
- ACI OSPF Routing for External Layer 3 Connectivity
- ACI EIGRP Routing for External Layer 3 Connectivity
- ACI EBGP Routing for External Layer 3 Connectivity
- IPN Configuration
- ACI Multipod Overview
- ACI Multi-Pod Building Control Plane
- ACI Multi-Pod Data Traffic Flow
- Multi-Pod Connectivity via External L3
- Host Tracking Subnet Check & Limit IP Learning
- Service Graph Introduction
- BD VRF & EPG Design consideration – Service Chaining
- IP Routing & VRF Design Consideration – Service Chaining
- L3Out for Routing to L4-L7 Devices
- Routed Mode ( Go-To mode ) for L4-L7 Appliance
- Transparent & One ARM mode for L4-L7 Appliance
- Policy Based Redirect in ACI
RECENT POSTS
- Enterprise Network Access Control and Policy Enforcement using Cisco ISE
- Secure Device Administration and Network Access Using AAA Architecture
- Designing Enterprise-Class Hybrid Cloud Connectivity Using AWS Networking Services
- Exploring Core AWS Networking and Messaging Concepts for Modern Cloud Architectures
- Understanding Key AWS Services for Modern Cloud Architectures
- Building a Strong AWS Foundation with Amazon S3, EC2, and Virtual Private Cloud
- Understanding the ENSDWI Course: Advanced Cisco SD-WAN (Viptela) Concepts
- A Complete Guide to the DCACI-A Course: Mastering Advanced Cisco ACI Concepts
- How Our Online Python Certification Will Prepare You for a Career in Network Automation
- What You'll Learn in Juniper Mist Labs: A Deep Dive into AI-Driven Wireless Networking
LEAVE A COMMENT
Please login here to comment.