Solved: ACI Multi Site - Infra TEP

AdrianT · ‎05-22-2025

Hello Team,

I have a concern about the following statement taken from the below Cisco guide that will apply to ACI Multi Site setup:

" The original infra TEP pools used for each fabric bring-up (10.1.0.0/16 and 10.2.0.0/16 in the example in Figure 1) do not need to be exchanged across sites and should hence not being redistributed between protocols"

Cisco guide can be found here.

Questions:

1). In our setup on the ISN there is only OSPF area 0. The redistribution found there is if for ISN to Spine is using OSPF and ISN to ISN is using BGP?

2). Why this should be a concern since the APIC Infra TEPs are in different subnets?

Looking forward to your feedback. Thank you.

Manuel Velasco · ‎05-22-2025

Hi Adrian,

The internal TEP pool prefixes used within each site, and assigned at the fabric bring-up time, do not need to be exchanged across sites to allow intersite communication. Therefore, there are no technical restrictions regarding how those pools should be assigned, and ACI fabrics using overlapping internal TEP pools could still be part of the same Multi-Site domain. However, the internal TEP pool summary prefix is always sent from the spines toward the ISN, because this is required for the integration of Cisco ACI Multi-Pod and Multi-Site architectures. It is therefore a best practice to ensure that those internal TEP pool prefixes are filtered on the first ISN device so that they are not injected into the ISN network (as they may overlap with the address space already deployed in the backbone of the network or in remote fabrics).

Cisco ACI Multi-Site Architecture White Paper

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739609.html

View solution in original post

Manuel Velasco · ‎05-22-2025

Hi Adrian,

The internal TEP pool prefixes used within each site, and assigned at the fabric bring-up time, do not need to be exchanged across sites to allow intersite communication. Therefore, there are no technical restrictions regarding how those pools should be assigned, and ACI fabrics using overlapping internal TEP pools could still be part of the same Multi-Site domain. However, the internal TEP pool summary prefix is always sent from the spines toward the ISN, because this is required for the integration of Cisco ACI Multi-Pod and Multi-Site architectures. It is therefore a best practice to ensure that those internal TEP pool prefixes are filtered on the first ISN device so that they are not injected into the ISN network (as they may overlap with the address space already deployed in the backbone of the network or in remote fabrics).

Cisco ACI Multi-Site Architecture White Paper

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739609.html

AdrianT · ‎05-25-2025

Hi,

Thank you for the provided answer. I have reviewed the White Paper mentioned section, but my question is what will happen if they are not filtered? Will this lead to unpredicted consequences?

Manuel Velasco · ‎05-26-2025

Hi Adrian,

If you don’t filter them and they overlap with other services in your backbone network, something may happen will be that the traffic from those services may be impacted as you will have another route in the network that may blackhold the traffic.

AdrianT · ‎05-26-2025

Hi Manuel,

The VRF where the infra TEP routes are found in ISN, do not overlap with other services, since that VRF is used only for one customer.

Manuel Velasco · ‎05-26-2025

In that case you should be okay if you don’t stop those routes from being advertised.