Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1422
Views
1
Helpful
11
Replies

Can a Domain have multiple AAEPs?

BertiniB
Level 1
Level 1

‎10-11-2023 08:25 PM - edited ‎10-11-2023 08:34 PM

Hello,
I am studying for the DCACI 300-620 through the book and I came across with this:

BertiniB_0-1697080995911.png

Can't a Domain reference only a single AAEP? I can't add AAEPs to my single domain in my ACI 5.2(7g).

EDIT: I also came across with this:

BertiniB_0-1697081632343.png

Domains can be used in more than one EPG, for example I can use the same VMM Domain in two different EPGs.

Labels:
0 Helpful
11 Replies 11

RedNectar
VIP
VIP

‎10-11-2023 08:57 PM - edited ‎10-11-2023 09:00 PM

Hi @BertiniB ,

You've never been able to add AAEPs to Domains EXCEPT at the time of creation! (You can't remove an AAEP from a Domain, or change the AAEP via the Domain configuration either)

But you've ALWAYS been allowed to add/remove Domains to/from AAEPs

So the many-to-many relationship is correct.

Example:

Lets say you have an interface or VPC connected to a router that is configured for multiple sub-interfaces or SVIs

Each VLAN represents the link to that router for a particular Tenant.

Each Tenant has been allocated their own VLAN pool and a L3 Domain.

For it to be possible for multiple L3 Domains (which in my example represent different Tenants) you need to be able associate all those L3 Domains with the same AAEP

Re the 2nd diagram.  It is wrong.  Your statement is correct. Send feedback to the authors of the diagram

I hope this helps.

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

BertiniB
Level 1
Level 1

‎10-11-2023 09:19 PM

Thanks @RedNectar for the reply. What I understood from the diagram is that it is possible to associate multiple AAEPs to the same Domain, but it doesn`t seem possible

BertiniB_0-1697084321295.png

Here I am creating a L3 Domain, and I can only select a single AAEP, not many.

0 Helpful

RedNectar
VIP
VIP
In response to BertiniB

‎10-11-2023 10:34 PM

Hi @BertiniB 

OK. I'll revise the answer

You've never been able to add AAEPs to Domains EXCEPT at the time of creation when ONLY one AAEP can be linked as your diagram shows

But you've ALWAYS been allowed to add/remove Domains to/from AAEPs

RedNectar_0-1697088853212.png

So if you want multiple AAEPs to be linked to a Domain, you have to go to each AAEP and link it to that Domain

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

BertiniB
Level 1
Level 1

‎10-11-2023 11:29 PM

So is it a many-to-many or a one-to-many relationship between AAEPs and Domains? Seems like one-to-many: an AAEP can have multiple domains, but a domain can have only one AAEP. 

0 Helpful

RedNectar
VIP
VIP
In response to BertiniB

‎10-11-2023 11:44 PM

Hi @BertiniB ,

So is it a many-to-many or a one-to-many relationship between AAEPs and Domains? Seems like one-to-many: an AAEP can have multiple domains, but a domain can have only one AAEP. 

It's actually a bit more complicated than that - will add more if I get time.  But essentially it is a many-to-many, but whomever wrote the user interface only implemented the configuration from the AAEP side.  Don't know why - one of my bug-bears

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

BertiniB
Level 1
Level 1
In response to RedNectar

‎10-12-2023 12:00 AM - edited ‎10-12-2023 12:01 AM

Understood, I am still quite confused as to why it is many-to-many. I would be grateful if you could elaborate further when you have more time. This modularity is one of the wonders of ACI, but it seems quite complex when I try to imagine different scenarios.
I understood that in the AAEP, I can add many Domains. 

0 Helpful

RedNectar
VIP
VIP
In response to BertiniB

‎10-12-2023 02:03 AM

Hi @BertiniB ,

We are going to get into the weeds a bit here, and talk about objects.  The whole of ACI is built around objects

  • Every object is an instance of a class
  • Every object has a distinguished name (dn) to uniquely identify that instance
  • What you and I might call an AAEP, with a name of MyAAEP is actually an instance of the class infraAttEntityP and has a dn of:
    uni/infra/attentp-MyAAEP
  • What you and I might call a Domain, is actually an instance of one of the following classes:
    • l3extDomP
    • l2extDomp
    • physDomP
    • compDom
  • so if you have a Physical Domain with a name of MyPhysDom, its dn would be:
    uni/phys-MyPhysDom
  • There is no inherent relationship between these objects.  The relationships between AAEPs and Physical Domains are maintained by objects in two other classes
    • infraRtDomP - these objects hold a target relation to a l2/l3/physical or virtual domain
    • infraRsDomP - these objects hold a source relation to a l2/l3/physical or virtual domain

So to build a relationship between an AAEP and Domain, you need to create two more objects that describe that relationship, one of each class.

e.g. For the example above the dn of the infraRtDomP object would be:
 uni/phys-MyPhysDom/rtdomP-[uni/infra/attentp-MyAAEP]

e.g. For the example above the dn of the infraRsDomP object would be:
 uni/infra/attentp-MyAAEP/rsdomP-[uni/phys-MyPhysDom]

But of course these relationship objects are built for you by the ACI GUI.  The arbitrary decision of the designers of the GUI to only allow multiple relationships between Domains and AAEPs to be created via the AAEP management screen and NOT the Domain management screen is just that. Arbitrary.  I can only imagine that maybe someone decided that it would be less confusing if you only had the chance to add one AAEP when creating a Domain, which would cover 95% of cases, so is probably a fair call.

Fun time:

Try using moquery to explore this further, with commands like:

admin@apic1:~> moquery -c infraAttEntityP
admin@apic1:~> moquery -c physDomP
admin@apic1:~> moquery -c infraRsDomP
admin@apic1:~> moquery -c infraRtDomP

I hope this helps.

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

BertiniB
Level 1
Level 1

‎10-12-2023 10:47 AM - edited ‎10-12-2023 12:22 PM

Thanks @RedNectar for the awesome explanation. I saved it here in my annotations. So I could, in theory, create a single uni/infra/attentp-MyAAEP/rsdomP-[uni/phys-MyPhysDom] and for example a uni/phys-MyPhysDom/rtdomP-[uni/infra/attentp-MyAAEP] but also a[uni/infra/attentp-SecondAAEP] ?
Therefore I would have a single Domain "MyPhysDom" being referenced by two AAEPs?

Another example would be an AAEP called Sales_AAEP and another called Logistics_AAEP and they both reference the VMM Domain PROD?

Thanks for the patience, as I said in a previous post, I just recently got CCNA and CCNP is another level.

EDIT: I finally understood why you insisted that I can create such many-to-many relationship from the AAEP object

BertiniB_0-1697138498192.png

Here I have an Example of Domain that is associated with more than one AAEP.



RedNectar
VIP
VIP
In response to BertiniB

‎10-12-2023 12:40 PM

Hi @BertiniB ,

I think you answered this question yourself

So I could, in theory, create a single uni/infra/attentp-MyAAEP/rsdomP-[uni/phys-MyPhysDom] and for example a uni/phys-MyPhysDom/rtdomP-[uni/infra/attentp-MyAAEP] but also a [uni/infra/attentp-SecondAAEP] ?
Therefore I would have a single Domain "MyPhysDom" being referenced by two AAEPs?

Yes you could - by adding your MyPhysDom to both MyAAEP and to SecondAAEP as you showed in your screendump.  And BTW you'd also be adding a 2nd object of the class infraRtDomP as well - use the moquerycommands to see this.

Keep asking if it's not all clear.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

BertiniB
Level 1
Level 1

‎10-12-2023 01:10 PM

Hi @RedNectar,
So I have to create another one for the target because it is like creating a link, an arrow? I have to always point from where (infraRsDomP) to somewhere (infraRtDomP)?

0 Helpful

RedNectar
VIP
VIP
In response to BertiniB

‎10-12-2023 04:10 PM

Hi @BertiniB ,

It's more like "another relationship gets created" rather than "you have to create..." Even if you are using the APIs, you don't need to worry about the fact that these object exist. If you look at the APIC Object Model docs https://your_apic_ip/model-doc/#/objects/  and search for infraRtDomP you'll see that it is NOT a configurable object.

RedNectar_0-1697152230806.png

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License