ACI, 2 BD´s and 2 EPGs in L2 mode won´t talk even with contract supplied

odahlqvist · ‎03-16-2015

Hi experts

I tried to make a L2 connection between 2 EPG in different BD, both BD are in L2 mode and in the same Private network, I saw in the sniffer that the traffic was send between the EPG ( hosts) but the "ping" between the hosts did not got answered. we had a contract between the EPG´s that was allow any in both directions.

the connection works between the 2 host with the 2 EPG´s in the same BD with the same any contract.

is it intended that 2 BDS won´t let 2 EPG´s talk in L2 mode ( Floodmode ) ?.

And I read that the L2 external is not a separate BD but 2 EPG´s in a " L2 construct" with a contract between and the AEP stuff to get physical to work

/Ola

dpita · ‎03-17-2015

Just to understand, you created two BDs in flood and L2 mode and two EPGs. The two hosts are using the same subnet/address space to talk to each other and you have a contract in between the two EPGs yet the communication is not working.

When you put the two EPGs in the same BD it works? correct?

Its a very interesting question, but there is something you must remember about ACI. The BD is the flood/forwarding boundary. Since you are using two different flood domains and no routing (unicast off and no subnet/SVI on the BD), ARPs and general data flood/packets will not traverse the flood domains, even with a contract.

What other questions do you have? Thanks for using Support Forums, hope that helps!

Muhammad Anser Khan · ‎03-24-2015

It is absolutely correct that answered by dpita. To add on this for the communication between these two EPGs in different BDs, You can use any layer 2 device or firewall as a bridge outside the fabric to extend the EPGs and make them bridge to communicate.

This is more or less the current workaround for the micro-segmentation in ACI :)

Regards,

Anser