This document provides PBR service graph design and configuration guidance using a variety of use cases and options. Firewall inspection can be transparently inserted in a Layer 2 domain with almost no modification to existing routing and switching configurations. Cisco ACI can selectively send traffic to L4-L7 devices based, for instance, on the protocol and the Layer 4 port.
With PBR, the Cisco ACI fabric can redirect traffic between security zones to L4-L7 devices, such as a firewall, Intrusion-Prevention System (IPS), or load balancer, without the need for the L4-L7 device to be the default gateway for the servers or the need to perform traditional networking configuration such as Virtual Routing and Forwarding (VRF) sandwiching or VLAN stitching. One of the main features of the service graph is Policy-Based Redirect (PBR).
Cisco ® Application Centric Infrastructure (Cisco ACI ®) technology provides the capability to insert Layer 4 through Layer 7 (L4-L7) functions using an approach called a service graph.