EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USIP Routing & VRF Design Consideration – Service Chaining
IP Routing & VRF Design Consideration
IP Routing design consideration:
We enable IP routing in BD for main two reasons:
- To route traffic by ACI
- Mapping DB to hold the IP address of end points
Now if the Service graph with FW deployed in Go-through mode, Enable IP routing on BD as it provide Routing to outside , on this mapping DB learns the IP address of endpoints attached in BD2 as if they were in BD1 and MAC address of Endpoints are learned in both BD1 and BD2 as per below figure :
To enable IP routing, it must be enabled on two places in the service graph:
- The Bridge Domain
- The Graph connector
In general the connectors are set to unicast routing by default, if the connector is associated to BD which provides the L3out interface function, you must enable unicast IP routing and make sure that adjacency is set to L3 not Layer 2
In summery IP routing must be enabled on following condition matches:
- BD that provides routing to BD that provides routing to another BD or to outside
- Servers connected to BD, if EPG is to be attached for Servers.
VRF Design Consideration
In ACI all BD must have relationship with VRF. There are two options how VRF is associated to BD
- Scenario 1: Single VRF is associated with TWO BD
- Scenario 2: Two VRF will be associated to each BD
Let’s discuss one by one these Scenarios:
Scenario 1: Single VRF is associated with TWO BD
This scenario is used for very simple design, in which a single VRF instance is associated to both BD because IP routing is not enabled either on BD1 or BD2, In this design mapping DB learns the Mac address in both BD due to which Traffic entering from BD1 cannot go to BD2 by passing L4-L7 device, No NAT configuration is required on L4-L7 device.
Comment
TABLE OF CONTENTS
- ACI Initial Fabric Configuration
- ACI Configure Tenant VRF & Bridge Domain
- ACI Configure Filters and Contracts
- ACI Configure Three-Tier Application Profile
- ACI Configure Baseline Interface Policies
- ACI Integration with VMWARE
- ACI Inter Tenant Connectivity
- ACI Extend Bridge Domain by External Layer 2 Connection
- ACI External Network Connectivity to External Switch via Trunk
- ACI Static Routing for External Layer 3 Connectivity
- ACI OSPF Routing for External Layer 3 Connectivity
- ACI EIGRP Routing for External Layer 3 Connectivity
- ACI EBGP Routing for External Layer 3 Connectivity
- IPN Configuration
- ACI Multipod Overview
- ACI Multi-Pod Building Control Plane
- ACI Multi-Pod Data Traffic Flow
- Multi-Pod Connectivity via External L3
- Host Tracking Subnet Check & Limit IP Learning
- Service Graph Introduction
- BD VRF & EPG Design consideration – Service Chaining
- IP Routing & VRF Design Consideration – Service Chaining
- L3Out for Routing to L4-L7 Devices
- Routed Mode ( Go-To mode ) for L4-L7 Appliance
- Transparent & One ARM mode for L4-L7 Appliance
- Policy Based Redirect in ACI
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.