Common Concepts For Cisco ACI Standard Service Graphs and Service Graph Redirects ::

These are common concepts for Standard Service Graphs and Service Graph Redirects. Service Graph with L4-7 Device in Go-To mode == L3 Service Graph. L4-7 Device in Go-To mode and the SGT has PBR enabled == L3 PBR Node.

Design Challenges#

steering traffic to the L4-7 Device traffic symmetry (same service node for inbound and outbound traffic), impact of hairpinning traffic on end-to-end network latency.

L4-7 Service Graph#

requires the Service Graph Template

Service Graph Contract#

aka SG Contract The contract associated with the Service Graph.

Service Node#

referrs to one concrete device. In Cisco litterature the term Service Node is used more than Concrete Device.

Consumer-side BD#

the BD, to which the EPG/ESG consumer of the Service Graph Contract is attached, e.g. where the clients requesting a service (HTTPS, FTP, SQL, etc.) are typically located. The clients might not be within the ACI network; The EPG/ESG Provider or Consumer is then an ACI L3Out EPG. sc1

Provider-side BD#

the BD, to which the EPG/ESG provider of the Service Graph Contract is attached, e.g. where the servers are typically located.

Outside BD#

The BD that attaches to the outside interface of an L4-7 Device. aka Client-side BD. For a firewall as L4-7 Device, the outside interface is typically connected to outside networks. For a ADC as L4-7 Device, the outside interface is typically connected to clients requesting access to servers.

🚫 not to be confused with ACI L2Out.

🚫not to be confused with the ACI L3Out external bridge domain

Inside BD#

the BD that attaches to the inside interface of an L4-7 Device. aka Server-side BD. For a firewall as L4-7 Device, the inside interface is typically connected to the protected networks. For a ADC as L4-7 Device, the inside interface is typically connected to the load-balanced servers.

Service Type#

defines the nature of the service that the L4-7 Device will provide. sc2 The Service Type chosen for the L4-7 Device dictates the type of ACI Concrete Devices that constitute it.

Device Type#

determines whether the L4-7 Device, and the Concrete Devices composing it, are physical or virtual. Depending on the value selected for Device Type, we are asked to provide either a Physical Domain or a VMM Domain. In either case, the Networking Domain scopes the VLAN encap IDs available for the Concrete Device Interfaces and/or the Cluster Interfaces, since an ACI Domain is associated with a VLAN Pool.

Device Type: Physical#

sc3

Device Type: Virtual#

The VMM Domain must be created beforehand. It can not be created within the creation menu. sc4 sc5 sc7 sc8 The associated VLAN Pool has a dynamic allocation. But of course it may have static and/or dynamic allocation Encap Blocks. sc9 sc10

Function Type#

The Function Type is a selectable flag that depends on the selected [[ACI L4-7 Service Insertion_Copy Service and Direct Attach Feature#Device Type|Device Type]]. The available Function Types depends on the Device Type value.

Device Type: physical
Device Type: virtual