Service Path Configuration Workflow
Service paths enable you to apply multiple services to VM traffic by binding a sequence of services to a specific port profile.
The following table identifies the tasks required to configure a service path, related topics, and the minimum role required for each task:
Task | Related Topic | Role Required | ||
---|---|---|---|---|
1. Confirm that the prerequisites are met. |
admin |
|||
2. Create the tenant and, if needed, the subordinate organization in which the service path will reside. |
See Creating a Tenant. |
admin |
||
3. Add a port profile to a Nexus 1000V VSM.
|
admin |
|||
4. Create service nodes for inclusion in the service path. |
tenant-admin |
|||
5. Create a service path with service entries. |
tenant-admin |
|||
6. Bind the service path to the VSM port profile. |
tenant-admin |
Prerequisites for Configuring Service Paths
The following table describes the prerequisites for configuring service paths:
Item | Requirement |
---|---|
Tenant |
Has at least one of the following assigned:
|
Compute firewall |
|
Edge firewall |
|
Load Balancer |
Has vPath enabled. |
Nexus 1000V |
|
Services |
The following services are deployed:
|
Adding a Port Profile to a VSM
enables you to add a port profile to an enterprise VSM. You cannot add a port profile to a cloud VSM.
If an enterprise VSM has preconfigured port profiles or virtual service configurations that were created outside of , these configurations will not be displayed in the GUI.
If you create a port profile in and specify a VLAN, you must create the VLAN itself on the VSM and then add it to the necessary system and uplink port profiles. The same steps apply for VLANs that you specify while creating service devices, such as edge or compute firewalls: you must create the VLANs on the devices, and then add them to the appropriate system and uplink port profiles.
Before you begin
Confirm the following:
-
An enterprise VSM is registered and in the applied state in by choosing Resource Management > Resources > VSMs.
-
You have admin privileges.
SUMMARY STEPS
- Choose Resource Management > Resources > VSMs > vsm, then click Edit.
- Above the Port Profile table, click Add.
- In the Add Port Profile dialog box, enter the required information as follows, then click OK:
DETAILED STEPS
Step 1 |
Choose Resource Management > Resources > VSMs > vsm, then click Edit. |
Step 2 |
Above the Port Profile table, click Add. |
Step 3 |
In the Add Port Profile dialog box, enter the required information as follows, then click OK:
|
Creating a Service Node
A service node identifies a virtual service device that can be used in a service path and provides basic configuration for that device.
- If you create multiple service nodes for a specific logical service device, the adjacencies must be different.
- You cannot create service nodes under different tenants with the same data IP address, VLAN, and adjacency, even if the logical service devices are different.
If either of these situations occurs, an error message will be generated when you attempt to bind the service path to the VSM port profile.
Before you begin
-
A logical device (compute firewall, edge firewall, or load balancer) exists.
-
You have Tenant Management privileges.
SUMMARY STEPS
- Choose Policy Management > Service Policies > root > tenant > Policy Helpers > Service Node, and then click Add Service Node.
- In the Add Service Node dialog box, provide the following information, and then click OK:
DETAILED STEPS
Step 1 |
Choose Policy Management > Service Policies > root > tenant > Policy Helpers > Service Node, and then click Add Service Node. |
Step 2 |
In the Add Service Node dialog box, provide the following information, and then click OK:
|
Creating a Service Path
After you create service nodes, you can create a service path that uses the nodes. Traffic using the service path moves from one service node to another in the sequence that you specify.
Note |
You cannot use a service node more than once in a service path. |
Before you begin
Confirm that you have Tenant Management privileges.
SUMMARY STEPS
- Choose Policy Management > Service Policies > root > tenant > Policies > Service Path, and then click Add Service Path.
- In the Add Service Path dialog box, enter a name and description for the service path, and then click Add Service Entry.
- In the Add Service Entry dialog box, provide the following information, and then click OK:
- Add additional service entries as needed for the service path and click OK.
DETAILED STEPS
Step 1 |
Choose Policy Management > Service Policies > root > tenant > Policies > Service Path, and then click Add Service Path. |
Step 2 |
In the Add Service Path dialog box, enter a name and description for the service path, and then click Add Service Entry. |
Step 3 |
In the Add Service Entry dialog box, provide the following information, and then click OK:
The service profile identifies the policies that apply to the traffic using the service path. |
Step 4 |
Add additional service entries as needed for the service path and click OK. |
What to do next
You must bind the service path to a port profile so that the service path can be created on the Nexus 1000V VSM. After the service path is bound to a port profile, the traffic using that port profile follows the service entries in the sequence indicated in the table.
Binding a Service Path to a Port Profile
Binding a service path to a port profile ensures that all traffic using that port profile will follow the configured service path. When you bind a service path to a port profile, the NICs table that is displayed in the Edit Port Profile dialog box remains empty until the service path is used for the first time. When the service path is used, the NICs table is populated automatically.
Before you begin
Confirm the following:
-
A service path exists.
-
You have Tenant Management privileges.
Procedure
Step 1 |
Choose one of the following:
|
Step 2 |
In the Port Profiles table, select the port profile you want to bind a service path to, then click Edit. |
Step 3 |
In the Service Path field, click Select. |
Step 4 |
In the Select Service Path dialog box, select the required service path, then click OK. |
Step 5 |
In the Edit Port Profile dialog Box, click Apply and then OK to apply and save the change. |