Service Graph Introduction

Service Graph Introduction

Service Graph Introduction

Service Graph Introduction:

ACI Service Graph is method through which a Layer 4 to Layer 7 functions or device can be integrated in ACI. This helps ACI to re-direct the traffic between different security zones of FW or load balancer.

With the help of ACI service graph, Security and LB admins can straightly defines Security and LB policies and via APIC, these policies are associated to traffic path between source and destination.

Layer 4 – Layer 7 device can be integrated to ACI with or without ACI Service graph. But if Service graph is used, it automates the deployment of Layer 4 to Layer 7 service in the network.

Different Management models of Service Graph:

Unmanaged Mode (Network Policy Mode): In this Mode, ACI will configure Network Portion of Fabric and Configuration related to L4-L7 is done by ACI, rather Security or LB admin has to manually configure their devices.

Here brief work area of each admins are given below:

  • Network Admin will configure Ports, VLANs etc. to connect to FW or LB
  • FW or LB admin will configure their respected interfaces and VLANs
  • FW and LB admins will configure ACLs and Other components

Also Network admin will manage only fabric not FW, Security Admin will manages the FW and LB not fabric.

This Mode is used only when FW and LB admin does not allow APIC to configure their device and this L4-L7 device to be used for Traffic redirect or if it is to be appeared as object model, and APIC is not allowed to talk to third party controller.

Managed Mode (Service Policy Mode): in this mode ACI will configure both network portion of fabric as well as config related to L4-L7 device through APIC.

Network Admin will configure the Fabric Security and LB admin will provide the configurations to network admin and Network admin will push these policies to Fabric via APIC as a function profile.

This Mode is used only when FW and LB admin does allow APIC to configure their device and if you want APIC to allocates the VLANs and collect health scores of device and push policy to L4-L7 device upon EPG discovery

Service Manager Mode: In this mode, ACI will configure the Network portion of fabric, L4-L7 VLANS etc. and APIC admins associates these policy defined by Network policy tool.


  • dk

    Nice way trainer has explained all the topics.

  • JO

    Very deep dive explanation , helped me to understand this complex topic more easily and cleared my all confusion.


Please login here to comment.