[ASK] Forwading Packet in ACI

williammanurung · ‎04-07-2019

Hi,

I am newbie on ACI , is there any document about forwarding packet in ACI?

The basic workflow in ACI, like traffic between EPG to another EPG including Encapsulation on the packet.

or

anyone can explain in deep how the traffic flow in ACI with the circumstance below:

1.The traffic two endpoint with One BD, One EPG and attach on same Leaf

2.The traffic two endpoint with One BD, One EPG and attach on different Leaf

3.The traffic two endpoint with One BD, Two EPG, and attach on same Leaf

4.The traffic two endpoint with One BD, Two EPG, and attach on different Leaf

5.The traffic two endpoint with Two BD, Two EPG, and attach on same Leaf

6.The traffic two endpoint with Two BD, Two EPG, and attach on different Leaf

Jayesh Singh · ‎04-07-2019

Hi @williammanurung,

There is an amazing Cisco live session explaining the ACI packet forwarding in depth.

Mastering ACI Forwarding Behaviour – A Day in the Life of a Packet

If you want to go too deep there is a troubleshooting technote, however, I would suggest going through that Cisco Live session, it will answer most of your question on ACI forwarding.

EX Hardware: ACI Packet Forwarding Deep Dive

Regards,

Jayesh

***Rate all posts that are helpful. Mark it as a solution if it solves your problem, it might help other users who have the same query.***

HelenaC · ‎04-08-2019

Hi,

I would also recommend the ACI Fabric Endpoint Learning White Paper

Regards.

williammanurung · ‎04-08-2019

Hi @HelenaC

Thanks for your reply, but I have been read it and still don't get it what i want.

williammanurung · ‎04-08-2019

Hi @Jayesh Singh

Thanks for your information.

williammanurung · ‎07-02-2019

Hi @Jayesh Singh

I have some question on your advice before (Mastering ACI Forwarding Behaviour – A Day in the Life of a Packet),

Let take a look on Page 16, on the field VxLAN.

What the information on VxLAN Field? is it VxLAN has VRF? Or BD VNID?
When we using VxLAN VRF and when we using BD VNID?

Based on this capture.

The scenario 3 exist, If the ARP Flooding set to Disable and Unicast Routing Set to Enable on BD Configuration.

The Scenario 4 Exist, If the ARP Flooding set to Enable.

Am I Wrong? Please correct me.

RedNectar · ‎04-09-2019

Hi williammanurung,
I thought about replying, but I really could not do a better job then the Cisco Live presentation that Jayesh mentioned (Mastering ACI Forwarding Behaviour – A Day in the Life of a Packet) but let me know if you can't access the presentation and I'll see what I can do.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

CaoMinhThinh4782 · ‎07-08-2019

Dear,

I thought this link will consistent with your requirements: https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/213346-ex-hardware-aci-packet-forwarding-deep.html

In theory, the main concepts of ACI using VXLAN to forward packet within fabric are:

1. All spines, leaves in ACI have its own VTEP address (just like a Loopback address) => This information will be used to leaves can connect together.

2. The routing information to one leaf reach VTEP will be distributed through IS-IS.

3. Packet from Endpoint go to Leaf => Leaf will classify the packet into EPG based on configured at APIC (VLAN, interface, IP address...) and look up its database (ie. Local Enpoint, Global/Remote Endpoint, learned from Endpoint Learning process). The lookup result also help leaf decide the packet is local forwarding (EPG on the same leaf) or forwarding throught fabric (EPG on different leaf). In case of forwarding thought fabric, leaf decides which remote leaf will be used to reach remote endpoint. In addition, the contract will be applied if the result showing up the different EPGs forwarding.

4. Ingress leaf do encapsulation:

- VXLAN that contain the information describing about EPG, BD that packet belong to (this information is useful for egress leaf can classify packet to EPG)

- UDP header, contaning an information to describe upper layer is using => this case, we're talking abt VXLAN => UDP port = 4789.

- VTEP address - Layer 3 header, containing the information to leaf can send traffic directly to egress leaf

- MAC address - Layer 2 header, just like an traditional network.

5. Egress leaf do decapsulation:

- Based on VXLAN ID (VNID), egress leaf can classifying packet into EPG, BD, and look up the local database to decide whether or not the bounce entry or local endpoint => The behaviour will be processed based on the lookup result: forwarding to another leaf if bounce entry has been determined or remove VXLAN header + forwarding to local endpoint if local endpoint determined.

About details processes for each cases, you can refer the above link I pasted.

Please correct me if have any problems.

Thanks & Brgs,

Thinh Cao Minh