Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4080
Views
10
Helpful
2
Replies

BD subnet, unicast routing and flooding

petercinvest
Level 1
Level 1

‎03-22-2018 01:45 AM - edited ‎03-01-2019 05:29 AM

when we create a BD, there are different kinds of flooding, ARP flooding and L2 unknown unicast flooding, are they the same? if I choose arp flooding, do i need to select L2 unknown unicast flooding? or I can leave it as hardware proxy?

 

by default BD use unicast routing, under which situation, I should not choose unicast routing for my BD?

 

in web, I define a subnet with selection of adverise externaly and shared between vrf. in the corresponding EPG, do i need to define subnet using the same parameter? can i choose advertise externally and without choosing shared between vrf in my epg?

Labels:
0 Helpful
2 Replies 2

micgarc2
Cisco Employee
Cisco Employee

‎03-22-2018 02:35 PM - edited ‎03-22-2018 02:36 PM

Hello, 

 
By default "ARP flooding" will be enabled if you try to set L2 unknown unicast flooding to "Flood" in the BD. These settings have to be enabled for layer 2 traffic to work. Typically, those two options are needed when you are using the bridge domain purely for layer 2 functionality. A typical use case would be if the GW for the EPs tied to this BD lived outside of ACI and traditional ARP flooding was needed. Since this is all L2, we will only learn MAC addresses in that BD. Therefore, HW proxy would not be ideal. We can't proxy for unknown addresses because we don't learn IPs in layer 2 BDs. 
 
Hardware Proxy is a feature that is used to limit the unnecessary amount of broadcasts in the fabric.With hardware proxy, when a packet comes into the local leaf, the leaf will do a local lookup to see if it has information about where the destination IP TEP. If so, it will unicast the packet to the destination TEP.  If the destination is not known in the leaf's local cache, the leaf will send the packet to the hardware proxy (function on the spines) which have a full table of all the EP IPs and where they reside. From there, the spine will unicast the packet appropriately. If the spines do not know about the IP it will simply drop the packet. Note:  For this feature to work you must have IP routing enabled in the BD.
 
When you create a subnet under the BD in the "L3 configurations", you are creating an anycast GW. By this I mean this GW will be deployed across all TORs in the fabric wherever this particular BD of a tenant is present.  For this GW to be programmed, you also need to have unicast routing enabled. Unicast routing will turn the bridge domain into a L3 bridge domain. This is a common deployment when the GW for the EPs tied to the bridge domain lives on ACI. In a layer 3 BD, we will learn MACs along with the IPs binded to them.
 
 
IP Address-Based Routed Traffic (L3)
 
Recommended bridge domain settings are as follows:
 
 L2 Unknown Unicast—Hardware Proxy
ARP Flooding—Disabled
Unicast Routing—Enabled
Subnet Configured—Yes, if required
Enforce Subnet Check for IP Learning—Yes
 
In this scenario, most of the bridge domain settings can be left at their default, optimized values.
A subnet (that is, a gateway address) should be configured as required and you should enforce
the subnet check for IP learning.
 
 Non-IP Address-Based Switched Traffic (L2)
 
Recommended bridge domain settings are as follows:
 
L2 Unknown Unicast: Flood
ARP Flooding: N/A (enabled automatically due to no unicast routing)
Unicast Routing: Disabled
Subnet Configured: No
Enforce Subnet Check for IP Learning: N/A
 
In this scenario, all optimizations inside the bridge domain are disabled
and the bridge domain is operating in a "traditional" manner. Silent hosts are dealt with
through normal ARP flooding, which is always enabled when unicast routing is turned off.
 
Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.
 
Regards,
Michael G.

micgarc2
Cisco Employee
Cisco Employee

‎03-22-2018 02:38 PM

Hello,
 
By default "ARP flooding" will be enabled if you try to set L2 unknown unicast flooding to "Flood" in the BD. These settings have to be enabled for layer 2 traffic to work. Typically, those two options are needed when you are using the bridge domain purely for layer 2 functionality. A typical use case would be if the GW for the EPs tied to this BD lived outside of ACI and traditional ARP flooding was needed. Since this is all L2, we will only learn MAC addresses in that BD. Therefore, HW proxy would not be ideal. We can't proxy for unknown addresses because we don't learn IPs in layer 2 BDs. 
 
Hardware Proxy is a feature that is used to limit the unnecessary amount of broadcasts in the fabric.With hardware proxy, when a packet comes into the local leaf, the leaf will do a local lookup to see if it has information about where the destination IP TEP. If so, it will unicast the packet to the destination TEP.  If the destination is not known in the leaf's local cache, the leaf will send the packet to the hardware proxy (function on the spines) which have a full table of all the EP IPs and where they reside. From there, the spine will unicast the packet appropriately. If the spines do not know about the IP it will simply drop the packet. Note:  For this feature to work you must have IP routing enabled in the BD.
 
When you create a subnet under the BD in the "L3 configurations", you are creating an anycast GW. By this I mean this GW will be deployed across all TORs in the fabric wherever this particular BD of a tenant is present.  For this GW to be programmed, you also need to have unicast routing enabled. Unicast routing will turn the bridge domain into a L3 bridge domain. This is a common deployment when the GW for the EPs tied to the bridge domain lives on ACI. In a layer 3 BD, we will learn MACs along with the IPs binded to them.
 
The two common scenarios are as follows: 
 
Non-IP Address-Based Switched Traffic (L2)
 
Recommended bridge domain settings are as follows:
 
L2 Unknown Unicast: Flood
ARP Flooding: N/A (enabled automatically due to no unicast routing)
Unicast Routing: Disabled
Subnet Configured: No
 
Enforce Subnet Check for IP Learning: N/A
 
In this scenario, all optimizations inside the bridge domain are disabled
and the bridge domain is operating in a "traditional" manner. Silent hosts are dealt with
through normal ARP flooding, which is always enabled when unicast routing is turned off.
 
IP Address-Based Routed Traffic (L3)
 
Recommended bridge domain settings are as follows:
 L2 Unknown Unicast—Hardware Proxy
ARP Flooding—Disabled
Unicast Routing—Enabled
Subnet Configured—Yes, if required
Enforce Subnet Check for IP Learning—Yes
 
In this scenario, most of the bridge domain settings can be left at their default, optimized values.
A subnet (that is, a gateway address) should be configured as required and you should enforce
the subnet check for IP learning.
 
Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.
 
Regards,
Michael G.
 
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License