Pod ID Aware Redirection Feature for PBR in Cisco ACI
Reference: Cisco.com
Default PBR behavior for Multipod in ACI
In Cisco ACI, By default, PBR redirection is based on hashing. It does not use location awareness. For example, even though the source and destination endpoints and an available PBR node are in the same pod, traffic can be redirected to an available PBR node in a different pod. In this case, traffic would go to the different pod and then come back, which increases latency and consumes interpod network resources.
Figure below shows an example in which the endpoints and PBR nodes are in different pods:
- The destination is 192.168.1.202 in Pod2.
- Traffic from the external network is received on the border leaf nodes in Pod1 and is sent through the spine to the destination leaf on which the destination endpoint is located.
- The PBR policy is then applied on the destination leaf and, based on hashing, the PBR node in Pod1 is selected.
- Traffic must finally come back from the PBR node in Pod1 to reach the destination endpoint in Pod2. The end result is that, for this ingress flow, the traffic must hair-pin three times across the IPN.
Enable Pod ID Aware Redirection
The suboptimal traffic behavior shown in the previous figure can be avoided by combining:
- Host route advertisement from the Cisco ACI border leaf nodes (available from Cisco ACI Release 4.0 onward)
- with the Feature “location-based PBR” (available from Cisco ACI Release 3.1 onward).
With location based PBR, traffic hair-pinning across pods can be avoided because the destination leaf node in which the endpoint is located preferably selects the local service node.
Below is an example for enabling Pod ID aware redirection, for each PBR node destination in the Redirect Policy assign a Pod ID, traffic hitting a redirect policy in that Pod will be redirected to its local PBR node destination if exist, else it will redirect based on hash (default behavior):
The following diagram shows an example in which the destination is 192.168.1.201 in Pod1. Because of the host route advertisement function provided by the ACI border leaf nodes, traffic originating from an external client can be selectively steered toward Pod1 and reach the destination leaf node in which the 192.168.1.201 endpoint is located.
The destination leaf node in Pod1 then selects the local PBR node, which sends the traffic back toward the destination. Similar behavior is achieved for traffic destined for the endpoint 192.168.1.202 in Pod2.
Please note that this feature is designed (applicable) for North-South traffic only.
You may also want to give a look to: