Redirect Policy
Location in GUI: Tenants » XXX » Policies » Protocol » L4-L7 Policy-Based Redirect
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”services (apic.tenants)
Section titled “services (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| redirect_policies | List | [redirect_policies] | No |
redirect_policies (apic.tenants.services)
Section titled “redirect_policies (apic.tenants.services)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| anycast | Boolean | true, false | No | false |
| type | Choice | L3, L2, L1 | No | L3 |
| hashing | Choice | sip-dip-prototype, sip, dip | No | sip-dip-prototype |
| threshold | Boolean | true, false | No | false |
| max_threshold | Integer | min: 0, max: 100 | No | 0 |
| min_threshold | Integer | min: 0, max: 100 | No | 0 |
| pod_aware | Boolean | true, false | No | false |
| resilient_hashing | Boolean | true, false | No | false |
| redirect_backup_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| threshold_down_action | Choice | permit, deny, bypass | No | permit |
| rewrite_source_mac | Boolean | true, false | No | |
| l1l2_destinations | List | [l1l2_destinations] | No | |
| l3_destinations | List | [l3_destinations] | No | |
| ip_sla_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
l1l2_destinations (apic.tenants.services.redirect_policies)
Section titled “l1l2_destinations (apic.tenants.services.redirect_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| mac | MAC | No | ||
| weight | Integer | min: 1 | No | |
| pod | Integer | min: 1, max: 255 | No | |
| redirect_health_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| concrete_interface | Class | [concrete_interface] | Yes |
l3_destinations (apic.tenants.services.redirect_policies)
Section titled “l3_destinations (apic.tenants.services.redirect_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip | IP | Yes | ||
| ip_2 | IP | No | ||
| mac | MAC | No | ||
| pod | Integer | min: 1, max: 255 | No | 1 |
| redirect_health_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
concrete_interface (apic.tenants.services.redirect_policies.l1l2_destinations)
Section titled “concrete_interface (apic.tenants.services.redirect_policies.l1l2_destinations)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l4l7_device | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| concrete_device | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| interface | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
Examples
Section titled “Examples”Example-1: This data model creates an L3-type Redirect Policy named L4L7_PBR, which redirects traffic to the PBR destinations specified under l3_destinations. The L3 PBR node interface is expected to reside within an L3Out (specified in the Device Selection Policies).
To monitor destination health and prevent traffic black-holing, the IP SLA Policy PingEach20sec and Redirect Health Group L4L7RedirectHealthGroup are utilized. These monitoring policies are defined in the following modules:
- apic.tenants.policies.ip_sla_policies
- apic.tenants.services.redirect_health_groups
apic: tenants: - name: PBR_ServGraph services: redirect_policies: - name: L4L7_PBR description: L4-L7 PBR with SG type: L3 ip_sla_policy: PingEach20sec l3_destinations: - name: FW_Virtual_Interface description: FW virtual interface ip: 10.0.0.5 mac: AA:AA:BB:BB:CC:CC redirect_health_group: L4L7RedirectHealthGroupSimple example:
apic: tenants: - name: ABC services: redirect_policies: - name: PBR1 l3_destinations: - ip: 1.1.1.1 mac: 00:00:00:11:22:33 - name: PBR_L1 type: L1 l1l2_destinations: - name: L1_DEST1 concrete_interface: l4l7_device: DEV-L1 concrete_device: DEV1-L1 interface: INT1 - name: PBR_L2 type: L2 l1l2_destinations: - name: L2_DEST1 concrete_interface: l4l7_device: DEV-L2 concrete_device: DEV1-L2 interface: INT1Full example:
apic: tenants: - name: ABC services: redirect_policies: - name: PBR1 alias: PBR1 description: My Desc type: L3 anycast: false hashing: sip-dip-prototype threshold: false max_threshold: 0 min_threshold: 0 threshold_down_action: permit resilient_hashing: false redirect_backup_policy: L4L7_REDIRECT_BACKUP1 rewrite_source_mac: false l3_destinations: - description: My Desc name: L3_DEST1 ip: 1.1.1.1 ip_2: 2.2.2.2 mac: 00:00:00:11:22:33 pod: 1 redirect_health_group: HEALTH_GROUP_1 - name: PBR_L1 alias: PBR_L1 description: My Desc type: L1 hashing: sip-dip-prototype resilient_hashing: false l1l2_destinations: - description: L1 destination name: L1_DEST1 redirect_health_group: HEALTH_GROUP_L1 concrete_interface: l4l7_device: DEV-L1 concrete_device: DEV1-L1 interface: INT1 - name: PBR_L2 alias: PBR_L2 description: My Desc type: L2 hashing: sip-dip-prototype resilient_hashing: false l1l2_destinations: - description: L2 destination name: L2_DEST1 mac: 00:00:00:11:22:34 weight: 1 pod: 1 redirect_health_group: HEALTH_GROUP_L2 concrete_interface: l4l7_device: DEV-L2 concrete_device: DEV1-L2 interface: INT1