Cisco ACI Deployment for a Financial Institution in Russia

In today's rapidly evolving digital landscape, financial institutions face numerous challenges when it comes to managing their Data Centers. This case study focuses on a financial institution in Russia that sought to overcome various challenges by implementing Cisco ACI as their next-generation Data Center solution. The institution required design and deployment services to address their specific needs and improve their overall network stability, security, and operational efficiency.


The financial institution faced several challenges that needed to be addressed in their Data Center infrastructure:

OSPF Stability: The customer had been experiencing issues with OSPF stability on their firewalls. They needed a more reliable routing scheme to ensure uninterrupted network connectivity.

Active-Standby to Active-Active Firewalls: Due to scale and cost considerations, the customer wanted to transition from an Active-Standby firewall setup to multiple Active-Active firewalls. This change would provide redundancy and improve network performance.

Kubernetes Clusters: The customer had Kubernetes clusters present in their datacenter and required seamless integration and connectivity with their network infrastructure.

Automation for Data Center Operations: To speed up the deployment of new services and improve operational efficiency, the customer wanted to introduce automation for their datacenter operations.


To address the challenges faced by the financial institution, a Cisco ACI Multi-Pod design was deployed. The solution included the following features:

Symmetric PBR for Active-Active Firewalls: To ensure reliable inspection of East-West traffic, a symmetric Policy-Based Routing (PBR) solution was implemented. This approach allowed for multiple Active-Active firewalls and simplified network management with a single static default route on the firewalls.

Endpoint Security Groups (ESG): To simplify the application of security policies, Endpoint Security Groups (ESG) were implemented. This feature allowed for easier management and enforcement of security policies within the network.

Kubernetes Connectivity: The connectivity of the Kubernetes clusters was tested using both ACI Container Networking Interface (CNI) and Calico CNI. After thorough evaluation, Calico CNI was selected as the production solution for seamless integration and connectivity between the Kubernetes clusters and the network infrastructure.

Infrastructure as Code (IaC) Approach: To automate the creation of new Bridge Domains, ESG, EPG, and other policies, an Infrastructure as Code (IaC) approach using Terraform was implemented. This approach allowed for faster and more efficient deployment of new services, reducing manual errors and improving overall operational efficiency.


The implementation of Cisco ACI with the aforementioned features provided significant benefits to the financial institution. The results of the deployment were as follows:

Improved Network Stability: The implementation of a more reliable routing scheme through symmetric PBR resolved the OSPF stability issues on the firewalls. This ensured uninterrupted network connectivity and improved overall network stability.

Enhanced Security: The introduction of Endpoint Security Groups (ESG) simplified the application of security policies, allowing for better control and enforcement of security measures within the network.

Seamless Kubernetes Integration: The selection of Calico CNI as the production solution for Kubernetes connectivity ensured seamless integration between the Kubernetes clusters and the network infrastructure. This allowed for efficient management and deployment of containerized applications.

Increased Operational Efficiency: The adoption of an Infrastructure as Code (IaC) approach using Terraform enabled the automation of various datacenter operations. This resulted in faster deployment of new services, reduced manual errors, and improved overall operational efficiency.

By deploying Cisco ACI with the specific features mentioned above, the financial institution in Russia successfully addressed their challenges and achieved their desired outcomes. The implementation of a more reliable routing scheme, transition to Active-Active firewalls, seamless Kubernetes integration, and automation of datacenter operations significantly improved network stability, security, and operational efficiency. This case study highlights the importance of selecting the right solution and implementing it effectively to overcome challenges and drive positive outcomes in the financial industry.

Related Content


We are here to help

Schedule a Meeting

+44 (0) 20 7131 0263