Endpoint Dataplane Learning configuration for PBR node

Summary of Cisco ACI PBR with Service Graph in Go-Through Mode
This setup demonstrates how traffic is routed through a service node (e.g., firewall or load balancer) using Policy-Based Redirect (PBR) with a service graph in Cisco ACI.

Traffic Flow:

Traffic from the Client EPG (e.g., 192.168.1.0/24) is redirected through a service node before reaching the Web EPG (e.g., 192.168.2.0/24).
The service node processes traffic (e.g., security inspection) in a go-through mode without taking over routing.
Bridge Domains:

Client-BD: Associated with the Client EPG; handles incoming client traffic.
Svc-external-BD and Svc-internal-BD: Bridge domains isolating the service node's external and internal interfaces, with data-plane learning disabled to ensure predictable traffic forwarding.
Web-BD: Associated with the Web EPG; delivers traffic to destination servers.
Service Graph and Contract:

A service graph is applied to the contract between the Client and Web EPGs.
The service graph defines the PBR node (the service node) to inspect all traffic between the endpoints.
Key Configurations:

Data-Plane Learning Disabled: Ensures all traffic is forwarded through the service node instead of bypassing it.
Default Gateways: Subnet gateways are defined for each BD to ensure proper routing.
This design allows seamless integration of Layer 4-7 devices (e.g., firewalls or load balancers) in a transparent go-through mode, ensuring traffic is inspected while maintaining routing control within the ACI fabric.

Видео Endpoint Dataplane Learning configuration for PBR node канала Network Technician