Transparent & One ARM mode for L4-L7 Appliance
In transparent Mode , L4-L7 device is deployed in go-through mode, all the GW for servers are not internal BD but it may be subnet on outside BD or external router, routing from outside to inside is provide by fabric itself or by external router.
In this mode, ACI will not allow to configure IP routing on both BD rather it will set for Unknown unicast flooding or ARP flooding.
Transparent mode can be used in following two design options:
- Transparent mode with Outside Layer 2 BD
- Transparent Mode with L3out
Transparent Mode with outside L2 BD: Below figure shows transparent mode deployment by external router. This contains two BD, server default gateway will be external router.
Transparent Mode with L3Out: Below figure shows transparent mode deployment by external router. This contains two BD, server default gateway will be subnet of outside BD1 and IP routing would be enable done on BD1, you need to configure Limit IP learning to subnet.
One ARM mode:
To understand the One ARM mode, let’s see the below topology with respect to classical Networking and then we see same topology in cisco ACI mode.
In one arm mode, the Default gateway for servers is the router, LB is connected to Router via One VLAN and which is the default GW for LB also. LB using Source NAT from proper return of traffic via LB only.
In above figure , in ACI On one arm mode , Default Gateway for servers are on BD2 (server side BD), and Default Gateway for LB is on BD3(to provide connectivity to LB). The contracts is configured between external EPG and server EPG which is further associated to service graph. BD1 is used here for outside or client BD.
ON BD3 , LB forwards traffic from clients to servers via routing through fabric , so make sure that only address learned learned on BD3 belongs to only BD3 subnet which is VIP of LB and NAT address. Configure limit IP learning to Subnet on BD3