05-06-2019 02:40 PM - edited 05-06-2019 02:41 PM
Dear Community,
we have the requiremt to connect a Load Balaner and Firewall to ACI which bridge traffic between them. The Layer 3 Interfaces for the linknetwork remain on the Load Balancer and Firewall. ACI will only switch the Traffic.
Firewall 10.10.10.1/29 VLAN 150 <-> ACI EPG (static Port to FW and LB) BD without IP <-> LB 10.10.10.5/29 VLAN 150
My question is now regarding the Bridge Domain settings. Is there any Best Pratice out there?
ARP Flooding, Layer 2 Unicat Flood, Multi Destinaton Flooding etc...
Kind Regards
Patrick
05-06-2019 03:18 PM
Without a Layer 3 subnet configured and Unicast Routing enabled on the BD you need to set L2 Unknown Unicast to Flood rather than Hardware Proxy.
L3 Unknown Multicast should be set to Flood to enable multicast between all ports in the BD (there is no IGMP querier to help discover where multicast clients are).
Multi Destination flooding should be set to flood in BD (assuming one EPG for this BD there is no difference between flood in BD or flood in encap).
ARP flooding should be enabled to ensure ARP and GARP messages reach all devices as firewalls and load balancers often use GARP on failover.
05-06-2019 11:49 PM
HI Richmond,
thx for the info, i will use your provided parameters.
Kind Regards
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide