Implementing Cisco Application Centric Infrastructure (DCACI) — Question 173

A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?

Answer options

• A. Configure ACI Service Graph with Unidirectional PBR.
• B. Implement ACI Service Graph with GIPo.
• C. Implement ACI Service Graph Two Nodes with GIPo.
• D. Configure ACI Service Graph with Symmetric PBR.

Correct answer: D

Explanation

The correct answer is D because Symmetric PBR allows for traffic redirection based on policies while ensuring that return traffic follows the same path, which is essential for maintaining stateful connections with firewalls. The other options either do not support the necessary bidirectionality or do not effectively manage the load distribution across multiple firewalls.