cancel
Showing results for 
Search instead for 
Did you mean: 
Payal_S_
Cirrus
Cirrus

Deployment considerations

It is usually an easy decision to have BIG-IP as part of your ACI deployment as BIG-IP is a mature feature rich ADC solution. Where time is spent is nailing down the design and the deployment options for the BIG-IP in the environment. Below we will discuss a few of the most commonly asked questions:

SNAT or no SNAT

There are various options you can use to insert the BIG-IP into the ACI environment. One way is to use the BIG-IP as a gateway for servers or as a routing next hop for routing instances. Another option is to use Source Network Address Translation (SNAT) on the BIG-IP, however with enabling SNAT the visibility into the real source IP address is lost. If preserving the source IP is a requirement then ACI's Policy-Based Redirect (PBR) can be used to make sure the return traffic goes back to the BIG-IP.

BIG-IP redundancy

F5 BIG-IP can be deployed in different high-availability modes. The two common BIG-IP deployment modes: active-active and active-standby. Various design considerations, such as endpoint movement during fail-overs, MAC masquerade, source MAC-based forwarding, Link Layer Discovery Protocol (LLDP), and IP aging should also be taken into account for each of the deployment modes.

Multi-tenancy

Multi-tenancy is supported by both Cisco ACI and F5 BIG-IP in different ways. There are a few ways that multi-tenancy constructs on ACI can be mapped to multi-tenancy on BIG-IP. The constructs revolve around tenants, virtual routing and forwarding (VRF), route domains, and partitions. Multi-tenancy can also be based on the BIG-IP form factor (appliance, virtual edition and/or virtual clustered multiprocessor (vCMP)).

Tighter integration

Once a design option is selected there are questions around what more can be done from an operational or automation perspective now that we have a BIG-IP and ACI deployment? The F5 ACI ServiceCenter is an application developed on the Cisco ACI App Center platform built for exactly that purpose. It is an integration point between the F5 BIG-IP and Cisco ACI. The application provides an APIC administrator a unified way to manage both L2-L3 and L4-L7 infrastructure. Once day-0 activities are performed and BIG-IP is deployed within the ACI fabric using any of the design options selected for your environment, then the F5 ACI ServiceCenter can be used to handle day-1 and day-2 operations. The day-1 and day-2 operations provided by the application are well suited for both new/greenfield and existing/brownfield deployments of BIG-IP and ACI deployments. The integration is loosely coupled, which allows the F5 ACI ServiceCenter to be installed or uninstalled with no disruption to traffic flow, as well as no effect on the F5 BIG-IP and Cisco ACI configuration.

All of the above topics and more are discussed in detail here in the white paper.

Hands on Lab

It is always easier to understand with some practical hands on experience. A lab on "Cisco ACI with F5 ServiceCenter" is hosted on the Cisco dCloud environment. This environment has a lab which is

  • Free for all
  • Can be scheduled
  • Contains a comprehensive user guide
  • Self-paced lab

Access dCloud:

Step 1: Keep your Cisco CCO ID username and password handy. If you do not have and ID create one using link: https://identity.cisco.com/ui/tenants/global/v1.0/enrollment-ui.

Step 2: Login to https://dcloud.cisco.com/ and accept terms

Step 3: Under menu item 'Catalog' search for "Cisco ACI with F5 ServiceCenter"

Step 4: Schedule a lab as per your convenience

Step 5: Execute the lab using the lab guide provided in the resources section

Below is a video with a walk through of the lab BUT is it recommended that you try and execute the lab on your own first.

References

Learn more about F5 and ACI check out this article series: https://devcentral.f5.com/s/seriesarticlelist?id=aBy1T000000H5KwSAK

Version history
Last update:
‎12-Aug-2020 09:52
Updated by:
Contributors