Requirement: Particular Traffic (HTTPS) from one EPG to another must pass through Firewall or F5 load balancer & rest of traffic must be allowed through normal contract between two EPG.
Service Graph with PBR use cases
Insertion of firewalls or load balancers in the path between endpoints, while keeping the default gateway on the Cisco ACI fabric.
Insertion of a Layer 4 to Layer 7 device in the path between endpoints that are in the same subnet.
Selectively separating traffic that is based on protocol and port filtering that is sent to Layer 4 to Layer 7 devices.
Using symmetric PBR to horizontally scale the performance of Layer 4 to Layer 7 devices.
Service Graph Templates: How traffic should flow.
True: PBR service graph
2. Device: The Device tells us how many interfaces and logical connectors there are on the Service Devices. Physical Device & Interfaces it connects to the fabric.
3. Device Selection Policy: It defines how devices will communicate with fabric. Ties the physical device to a graph template and contract.
4. Contract: It selects traffic to redirect to Firewall. Places contract between Consumer and Provider and the shadow EGP.
5. Disable data plane learning on PBR node bridge domain.
6. Pending
Comments