Scribd Logo
Upload

Welcome to Scribd!

  • BRKACI-2644 p1

    Uploaded by

    Carlos Alonzm
    5 views7 pages
    This document discusses troubleshooting policy based redirect (PBR) in ACI. It provides an agenda that covers an overview of how service graphs and shadow EPGs work, the path a policy redirected packet takes, and additional PBR features. It also compares traditional service insertion using multiple contracts and VLANs versus PBR which uses a single contract and redirect rules to insert services.

    Original Description:

    tshoot aci p1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses troubleshooting policy based redirect (PBR) in ACI. It provides an agenda that covers an overview of how service graphs and shadow EPGs work, the path a policy redirected packet takes, and additional PBR features. It also compares traditional service insertion using multiple contracts and VLANs versus PBR which uses a single contract and redirect rules to insert services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views7 pages

    BRKACI-2644 p1

    Uploaded by

    Carlos Alonzm
    This document discusses troubleshooting policy based redirect (PBR) in ACI. It provides an agenda that covers an overview of how service graphs and shadow EPGs work, the path a policy redirected packet takes, and additional PBR features. It also compares traditional service insertion using multiple contracts and VLANs versus PBR which uses a single contract and redirect rules to insert services.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Troubleshooting ACI

    Policy Based Redirect (PBR)

    Carlo Schmidt
    Technical Solutions Architect

    BRKACI-2644
    Cisco Webex Teams

    Questions?
    Use Cisco Webex Teams to chat
    with the speaker after the session

    How
    1 Find this session in the Cisco Events Mobile App
    2 Click “Join the Discussion”
    3 Install Webex Teams or go directly to the team space
    4 Enter messages/questions in the team space

    BRKACI-2644 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
    Agenda

    • Overview
    • How Service Graphs work
    • Shadow EPGs
    • Path of a Policy redirected packet
    • Additional Features

    BRKACI-2644 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    Service Insertion
    Traditional Contract

    VRF Route pcTag Flags


    V1 S1 1 proxy
    V1 EP1 EPG1 Enforce Policy
    V1 S2 1 proxy
    V1 EP2 EPG2 Enforce Policy
    EP1 EP2

    Consumer Provider
    Contract VRF Action Src Dst Filter
    BD1, EPG1 BD2, EPG2
    C1 V1 permit EPG1 EPG2 HTTP
    Subnet S1 Subnet S2
    V1 permit EPG2 EPG1 HTTP
    implicit V1 deny any any all

    BRKACI-2644 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
    Service Insertion
    Traditional Service Insertion Inserting additional
    VRF Route pcTag Flags
    Service devices
    V1 S1 1 proxy
    significantly increases
    V1 S2 FW1 Enforce Policy
    contracts & VLANs to
    V2 S1 FW2 Enforce Policy
    manage
    V2 S2 1 proxy

    EP1 EP2
    Contract VRF Action Src Dst Filter
    C1 V1 permit EPG1 FW1 HTTP
    V1 permit FW1 EPG1 HTTP Consumer Provider
    implicit V1 deny any any all BD1, EPG1 BD2, EPG2
    C1 V2 permit EPG2 FW2 HTTP Subnet S1 Subnet S2
    V2 permit FW2 EPG2 HTTP
    implicit V2 deny any any all

    BRKACI-2644 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
    Service Insertion
    Policy Based Redirect
    VRF Route pcTag Flags
    V1 S1 1 proxy
    V1 EP1 EPG1 Enforce Policy
    V1 S2 1 proxy
    V1 EPG2 EPG2 Enforce Policy

    EP1 EP2

    Contract VRF Action Src Dst Filter Consumer Provider


    C1 V1 redir EPG1 EPG2 HTTP BD1, EPG1 BD2, EPG2
    V1 redir EPG2 EPG1 HTTP Subnet S1 Subnet S2
    implicit V1 deny any any all

    BRKACI-2644 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

    You might also like