Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Prime Network Services Controller Adaptor for DFA
  5. Leaflet

Cisco Cisco Prime Network Services Controller Adaptor for DFA Leaflet

Download
Page of 45
 
 
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 
Page 20 of 45 
Case 2a: Unified Fabric with East-West Layer 3 Firewall and Dynamic Routing Protocol (OSPF) 
Figure 11.    East-West Layer 3 Firewall with Dynamic Routing Between the Appliance and the Fabric 
 
In the deployment scenario in Figure 11, the Layer 3 east-west firewall acts as a default gateway for the protected 
networks.  
Following are some of the configuration parameters for the components: 
● 
Hosts A1 and B1 reside in their respective networks, protected by the firewall. All host networks and outside 
interface networks in this example belong to the same VRF instance.  
● 
Both workloads residing in the networks and the inside interface of the Layer 3 east-west firewall are 
defined by the same network autoconfiguration profile: defaultNetworkL2Profile
● 
Hosts must be configured with IP address and default gateway information either statically or using a third-
party in-band DHCP server. Another option is to configure DHCP relay on the firewall.  
● 
Depending on the firewall capabilities, the inside interfaces can either be configured as separate physical 
interfaces carrying a single IEEE 802.1Q VLAN each, or as one IEEE 802.1Q trunk carrying multiple VLANs 
for each of the protected networks. 
● 
The network, to which the outside interface of the firewall is attached, should be configured with the 
networking autoconfiguration profile serviceNetworkIpv4DynamicRoutingFWProfile.
1
 
● 
The Layer 3 east-west firewall is expected to use OSPF with area 0 as a routing protocol to establish 
routing adjacency on its outside interface. The firewall also has to advertise all protected networks (inside 
networks) in area 0 using the OSPF routing protocol. 
● 
The fabric expects to establish OSPF routing adjacency with the firewall on its outside interface and to 
receive all route prefixes for protected networks through OSPF from the firewall. 
● 
The configuration of the profile serviceNetworkIpv4DynamicRoutingFWProfile for the outside network 
includes the configuration of the vrf-common-FW partition profile. This partition profile promotes the 
redistribution of the dynamically learned prefixes from OSPF to the fabric MP-BGP. 
                                                 
1
 
The serviceNetworkIpv4DynamicRoutingFWProfile and serviceNetworkIpv4DynamicRoutingLBProfile profiles are 
equivalent.