Policy-Based Redirect
Cisco Application Centric Infrastructure (ACI) policy-based redirect (PBR) enables provisioning service appliances, such as firewalls or load balancers, as managed or unmanaged nodes without requiring a Layer 4 to Layer 7 package. Typical use cases include provisioning service appliances that can be pooled, tailored to application profiles, scaled easily, and have reduced exposure to service outages. PBR simplifies the deployment of service appliances by enabling the provisioning consumer and provider endpoint groups to be all in the same virtual redirect and forwarding (VRF) instance.
PBR deployment consists of configuring a route redirect policy and a cluster redirect policy, and creating a service graph template that uses the route and cluster redirect policies. After the service graph template is deployed, use the service appliance by enabling endpoint groups to consume the service graph provider endpoint group. This can be further simplified and automated by using vzAny. While performance requirements may dictate provisioning dedicated service appliances, virtual service appliances can also be deployed easily using PBR.
Creating Layer 4-Layer 7 Policy Based Redirect
Procedure
Step 1 |
Choose . |
Step 2 |
On the Network page, choose the account under Multi-Domain Managers. |
Step 3 |
Click the row with the APIC account and click View Details. |
Step 4 |
Click Tenant(s). |
Step 5 |
Click the row with the tenant that you want to update and click View Details. |
Step 6 |
Click L4-L7 Policy Based Redirect. |
Step 7 |
Click Add. |
Step 8 |
On the Create Policy Based Redirect screen, complete the following fields:
|
Step 9 |
Click Submit. |
Creating Layer 4 - Layer 7 Redirect Health Group
Procedure
Step 1 |
Choose . |
Step 2 |
On the Network page, choose the account under Multi-Domain Managers. |
Step 3 |
Click the row with the APIC account and click View Details. |
Step 4 |
Click Tenant(s). |
Step 5 |
Click the row with the tenant that you want to update and click View Details. |
Step 6 |
Click L4 L7 Redirect Health Group. |
Step 7 |
Click Add. |
Step 8 |
On the Create L4-L7 Redirect Health Group screen, enter a unique name and description for L4-L7 Redirect Health Group. |
Step 9 |
Click Submit. |
When a redirect health group is no longer consumed by the PBR, you can delete the redirect health group. To delete the redirect health group, click the row with the redirect health group on the L4 L7 Redirect Health Group screen and click Delete.
Creating a Destination of Redirect Traffic
Before you begin
The redirect health group that needs to be associated with the redirect traffic is created.
Procedure
Step 1 |
Choose . |
Step 2 |
On the Network page, choose the account under Multi-Domain Managers. |
Step 3 |
Click the row with the APIC account and click View Details. |
Step 4 |
Click Tenant(s). |
Step 5 |
Click the row with the tenant that you want to update and click View Details. |
Step 6 |
Click L4-L7 Policy Based Redirect. |
Step 7 |
Click the row with the L4-L7 policy-based redirect record that you want to update and click View Details. |
Step 8 |
Click Destination of Redirect Traffic. |
Step 9 |
Click Add. |
Step 10 |
On the Add Destination of Redirected Traffic screen, complete the following fields:
|
Step 11 |
Click Submit. |
Creating an IP SLA Monitoring Policy
Procedure
Step 1 |
Choose . |
Step 2 |
On the Network page, choose the account under Multi-Domain Managers. |
Step 3 |
Click the row with the APIC account and click View Details. |
Step 4 |
Click Tenant(s). |
Step 5 |
Click the row with the tenant that you want to update and click View Details. |
Step 6 |
Click IP SLA Monitoring Policy. |
Step 7 |
Click Add. |
Step 8 |
On the Create IP SLA Monitoring Policy screen, complete the following fields:
|
Step 9 |
Click Submit. |