Here are some ideas to think about, if you run the firewall in transparent mode, you can do vPC to the firewall, do port-channel subinterfaces on the FW and break VLANs out into different contexts. You could do this between VDCs or put multiple customers into a single VDC, and use VRFs (Inside and Outside) for the firewall connections. In this architecture the F5 would sit on the inside VRF where the host subnets sit, along with any other services you provide. If you did this same setup with multiple VDCs, the LB would sit in the inside VDC and the FW would move between the Inside and Outside VDC instead of the Inside and Outside VRF. I like the single VDC, VRF sandwich approach because it leaves more VDCs for OTV or Storage functions, or even more customer PODs if ever needed. This approach also allows for ACTIVE/ACTIVE HSRP which is nice.
These are just a few use cases. There are a million ways to skin a cat, so it will depend greatly on user and application requirements.
## I forgot to add in my original post, that for the VLANs between the FW running a routing protocol (SVIs on Inside and Outside going through the FW) you will want to make sure that those VLANs are excluded from peer-gateway.
But I guess my lack of experience in "in-depth" virtualization has me little, more like a lot, more confused. Is there another way to portray answering this question, either via text or even better, via Visio Diagram.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...