1. If all three (3) CEs fail, after a timeout period (120 seconds max.) traffic will be forwarded normally as if the CEs were not there. You can use an ACL to block outbound traffic that is not sourced from the CEs. This would prevent traffic that is not redirected from accessing the Internet when all three (3) CEs are down.
2. The hash function is deterministic, therefore both switches would assign IP addresses to the same hash buckets. The "lead" CE is responsible for telling the switches which CEs service which buckets.
3. If I understand your diagram correctly, it looks like you have placed the CEs outside the firewall? This is generally not recommended, as it exposes the CEs unnecessarily to the Internet. It would be better for the CEs to reside inside the firewall.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...