Service Graph Configuration Workflow

Cisco ACI defines a L4-L7 device as an object to represent the service devices such as firewall or load balancer. These service devices typically form a cluster and Cisco ACI treats them as one single logical entity and call it a device cluster or a logical device. A device cluster has cluster (logical) interfaces.

A concrete device represents a service device, for example one load balancer, or one firewall. A concrete device can be either a physical device or a virtual machine.

• Concrete device: Represents a service device, physical or virtual.

• Logical device: Represents a cluster of devices; defines logical interfaces.

Service Graph template defines how traffic should flow from Consumer to Provider and service device mode.

A service graph template defines the following elements:

• Function node: A function node represents a function that is applied to the traffic, such as a firewall.

• Terminal node: A terminal node enables input and output from the service graph.

• Connector: A connector enables input and output from a node.

• Connection: A connection determines how traffic is forwarded through the network.

When you apply the service graph template, first you need to specify the consumer EPG, provider EPG, and contract between these two EPGs that the service graph will be applied to. The contract specifies the traffic allowed to go to the service device.