You are here
DC0030 - ACI Service Graph - Managed FW (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Datacenter
The video introduces you to the concept of Service Graph in Cisco ACI, and show you how to insert a firewall between EPGs. We will be configuring managed firewalls in two different mode; Go-To and Go-Through, using Cisco ASA. You will learn basic building blocks to instantiate a service device. This is the first of many videos we will have around Service Graph and Service Insertion.
Part 1 of this video covers physical configuration of Go-To mode firewall
Topic:
- ASA Go-To mode (Routed)
- ASAv Go-Through Mode (Transparent)
- Device Package
- Function Profile Group
- Function Profile
- Service Device
- Graph Template
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
2 comments
PBR migration
In the traditional architecture, traffic steering relied on two hop-by-hop PBR policies, applied on successive SVIs , using the same ACL to progressively forward traffic toward the Firewall DC.
After migrating to Cisco ACI—where intermediate switches are removed and replaced by the fabric, the question arises: How should the two existing PBR policies be handled or redesigned in Cisco ACI, given that ACI does not support hop-by-hop PBR on SVIs and instead enforces policy-based traffic steering at ingress?
PBR migration
You will probably need to deploy multiple VRFs or do Service Chaining to force traffic to flow through multiple Service Devices.