For example, you cannot put the PBR node in VRF3, which is neither a consumer nor a provider VRF instance.įigure 3. The PBR node must be in either the consumer or provider VRF instance (Figure 3). The PBR node can be between VRF instances or within one of the VRF instances. Example of supported PBR topologies 1įigure 2. More information about service graph designs is provided later in this document.įigure 1. These examples show two-arm-mode PBR nodes, but you can also deploy a one-arm-mode PBR node except in L1/L2 PBR. This section shows supported and unsupported topology examples for PBR.
The traffic instead is redirected to the node based on the PBR policy. The use of PBR simplifies configuration because the VRF sandwich configuration is now not required to insert a Layer 3 firewall between security zones.
With PBR, the Cisco ACI fabric can redirect traffic between security zones to L4-L7 devices, such as a firewall, Intrusion-Prevention System (IPS), or load balancer, without the need for the L4-L7 device to be the default gateway for the servers or the need to perform traditional networking configuration such as Virtual Routing and Forwarding (VRF) sandwiching or VLAN stitching.
#Cisco asav policy based routing how to#
This article describes how to configure Policy-Based Redirect (PBR) service in the Cisco ACI using Cisco ASAv as a PBR node.
0 kommentar(er)
