August 2022

One Arm Load Balancer with ACI PBR Destination in an L3out

2 Comments /
One Arm LB with ACI PBR Destination in an L3out - logical drawing

When inserting a load balancer into a Cisco ACI fabric, it is important to understand the desired traffic flow, the advantage of using the ACI fabric anycast gateway, the benefit of selective traffic redirection and if DSR is required. Load balancers can be inserted into ACI fabric using the following deployment options. Policy based redirect is a feature to selectively steer traffic to service nodes. PBR with load balancers (one-arm, two-arm) plays a key role on returning traffic back to the same load balancer as the incoming traffic while keeping the client IP as a source IP.

One Arm Load Balancer with ACI PBR Destination in an L3out Read More »

One Arm Load Balancer with ACI Policy Based Redirect

5 Comments /

When inserting a load balancer into a Cisco ACI fabric, it is important to understand the desired traffic flow, the advantage of using the ACI fabric anycast gateway, the benefit of selective traffic redirection and if DSR is required. Load balancers can be inserted into ACI fabric using the following deployment options. Policy based redirect is a feature to selectively steer traffic to service nodes. PBR with load balancers (one-arm, two-arm) plays a key role on returning traffic back to the same load balancer as the incoming traffic while keeping the client IP as a source IP.

One Arm Load Balancer with ACI Policy Based Redirect Read More »

VxLAN EVPN Multi-Site Configuration

1 Comment /

VxLAN EVPN Multi-site architecture is one of the widely deployed DC network solutions that can be scaled to thousands of switches across a wide range of geographical regions. VxLAN and MPBGP creates a powerful technology used to build a large, secure, and resilient multi-tenant web scale fabric that can scale to host hundreds of thousands of systems. In this document, VxLAN EVPN Multisite with two sites (SITE1 and SITE2) and inter-site network (ISN) will be configured for seamlessly extending layer 2 and layer 3 using anycast BGWs. All configurations necessary for full operation will be included…

VxLAN EVPN Multi-Site Configuration Read More »

ACI Transit Routing

Leave a Comment /

ACI fabric supports transit routing. This feature enables a border leaf to perform bidirectional redistribution between routing domains. A transit traffic can pass from one layer 3 domain to another layer 3 domain through ACI (the ACI acting as a transit between the two layer 3 domains). A transit route is defined to import traffic through a Layer 3 outside network of an L3out where it is to be imported. A different transit route is defined to export traffic through another L3out to the destination routing domain.

The route-maps for import and export route controls are made up of prefix-list matches. Each prefix-list consists of bridge domain (BD), external subnet prefixes in the VRF and the export prefixes that need to be advertised outside. Route control policies are defined in an l3out and controlled by properties and relations associated with the l3Out. APIC uses the enforce route control property of the l3Out to enforce route control directions. The default is to enforce control on export and allow all on import. The default scope for every route is import. These are the routes and prefixes which form a prefix-based EPG…

ACI Transit Routing Read More »