EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFService Node Integration with Multi-Pod
Service Node Integration with Multi-Pod
Cisco ACI offers the capability to insert Layer 4 to Layer 7 services, for example, firewalls, load balancers, and intrusion prevention systems (IPSs), using a manual configuration of bridge domains and EPGs, or with a managed-mode service graph or an unmanaged-mode service graph.
Several deployment models are available for integrating network services in a Cisco ACI Multi-Pod fabric. To determine the best options to choose, you should consider all the specific requirements and characteristics of the design, more precisely:
-
Service node location and function
-
North-south service node (or perimeter service node), for controlling communications between the data center and the external Layer 3 network domain. An example is a firewall that protects web servers from an external network.
-
East-west service node, for applying policies for traffic flows within the data center. For the east-west enforcement, there are two cases to consider:
-
The service node, such as firewall, is used to apply policies between EPGs that are part of the same VRF.
-
The service node, such as firewall (or firewall context), is front-ending each tenant/VRF (very commonly deployed), which enables you to apply security policies to all inter-VRF traffic. This option can be used also to apply north-south policies when the external network domain is also reachable by a VRF through a firewall.
-
-
-
Service node mode of operation
-
Transparent (Layer 2 mode)
-
Routed as default gateway for the endpoints
-
Routed with L3Out peering
-
Routed with PBR
-
-
Service node high-availability model
-
Active-standby service node pair stretched across pods
-
Active-active service node cluster stretched across separate pods (supported from Cisco ACI Release 3.2(4d))
-
Independent active-standby service node pair in each pod
-
-
Connectivity to the external Layer 3 network domain
-
Traditional L3Outs deployed on the border leaf nodes
-
Layer 3 EVPN services over fabric WAN
-
When integrating service nodes with Cisco ACI Multi-Pod fabrics, such as firewalls, the following provides more details for the options depending on the chosen high-availability model:
Comment
TABLE OF CONTENTS
RECENT POSTS
- Cisco UCS Solutions — Unified Computing Knowledge
- Navigating the SD-WAN Revolution: Insights for Modern Network Architects
- Cisco Data Center Career: Getting Started with Nexus Training
- Lock Down Your Networks in a Digital World: The Ultimate Guide to Learning Mastering Cisco Identity Services Engine (ISE)
- How to Become an AWS Solution Architect — Your Ultimate Guide to Cloud Mastery
- The Docker Training Course Outline - Your Guide to Becoming a Docker Expert
- Develop Next-Level Azure Networking Skills with AZ-700 Training
- Reasons to Choose DClessons for Your SD-WAN Velocloud Training Needs
- Learn to Network: Get More Out Of Cisco ACI and DCACIA with DClessons
- Learn Cisco CCIE Data Center, Certified data center professional with DClessons in Data Center Technologies
LEAVE A COMMENT
Please login here to comment.