Manualsbrain.com
  1. 份说明书
  2. 个品牌
  3. Cisco
  4. Cisco Prime Network Services Controller Adaptor for DFA
  5. 产品宣传页

Cisco Cisco Prime Network Services Controller Adaptor for DFA 产品宣传页

下载
页码 45
 
 
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 
Page 6 of 45 
Service Policy Creation 
After a service node is deployed and integrated into the network, you can configure specific policies that control 
filtering or policing (in the case of a firewall), service redirection and load balancing, application server farms, and 
other parameters. You can perform this task in a wide variety of ways. Most frequently, application administrators 
use a web GUI or a command-line interface (CLI) to specify the necessary configurations. As the demand for more 
efficient and automated orchestration tools arise, GUI and CLI may be replaced by APIs, integrated into 
orchestrators. 
Cisco Unified Fabric Network Integration  
With Cisco Unified Fabric, you can manually integrate Firewalls. In addition, you can use the tools built into the 
fabric to automate many of the steps for service node integration. In the latter case, the network administrator 
needs to provision all relevant network autoconfiguration profiles in Cisco Prime
 Data Center Network Manager 
(DCNM), and the Cisco Unified Fabric will automatically configure an appropriate network profile when the service 
node is attached to fabric. The details of planning and deploying of such networking profiles and configurations are 
provided in the next section. 
Service node integration and service policy creation tasks can be performed manually through the service 
appliances GUI, but they can also be automated and orchestrated. Cisco Prime Network Services Controller (NSC) 
together with orchestrators such as Cisco UCS
®
 Director and OpenStack allow automated deployment of the virtual 
service nodes and service policies.  
Planning and Configuring Network Autoconfiguration Profiles 
This section discusses how to plan, manually create, and deploy network autoconfiguration profiles to integrate 
firewall nodes into Cisco Unified Fabric. 
Keep in mind as you plan and configure profiles to integrate firewalls into your data center that unlike traditional in 
Layer 2 and Layer 3 networks, in Cisco Unified Fabric with optimized networking, hosted workloads gain significant 
benefits due to the changes in the forwarding behavior. Following are some of the differences: 
● 
When Enhanced Forwarding (EF) mode is configured, Address Resolution Protocol (ARP), Generic 
Attribute Registration Protocol (GARP), and Neighbor Discovery Protocol (NDP) traffic are contained at the 
leaf layer. As a benefit, flood and fault domains are reduced to a single switch port on the leaf node. 
(Typically a top-of-rack [ToR] switch is a leaf node.) 
● 
With Enhanced and Traditional Forwarding modes, Cisco Unified Fabric uses control-plane-based learning, 
instead of the data-plane-based learning used in traditional Layer 2 networks. BGP is used to distribute end-
host reachability information. 
● 
With Enhanced and Traditional Forwarding modes, the default gateway is configured and instantiated on 
any of the leaf nodes, where the appropriate workload is connected. That is, the same default gateway 
virtual IP address can exist simultaneously on multiple leaf nodes if end hosts using the same network are 
attached to multiple leaf nodes. 
The Cisco Unified Fabric takes full advantage of common firewall deployment profiles to significantly simplify 
deployment of security solutions: 
● 
Identify the kind of deployment that is required. Following are some sample deployment scenarios: 
◦ 
No firewall, load balancer, or any other Layer 4 to 7 service appliance is deployed. Simple network 
connectivity for end hosts needs to be provided.