Accepted Solutions
Hi @modular182,
I've been reading and watching many videos on how to configure and Application on ACI. I understand that you create an application profile and in that profile you create endpoint groups.
Correct. The key component is the endpoint group or EPG - the Application Profile plays a very minor role in ACI.
Each group is linked to a broadcast domain.
Correct - the broadcast domain is called a Bridge Domain in ACI, and is different to a normal broadcast domain in the way it handles unknown L2 destination MAC addresses, and potentially different in the way it handles ARP broadcasts - and both of these are configurable in ACI unlike a normal broadcast domain
But you are also missing part of the story here. Each EPG must also be linked to either a Physical Domain or/and a Virtual Machine Management Domain - both of which can present to the EPG a range of ports and VLANs that could possibly used to carry traffic for that EPG.
- In the case of the EPG being connected to a Physical Domain you must also then specify which of the available ports and which VLAN is to define that EPG. The chosen port and VLAN MUST be associated with the linked Physical Domain
- In the case of the EPG being connected to a VMM Domain the available ports are discovered automatically, and the VLAN that defines that EPG is allocated automatically
Each broadcast domain has a subnet configured under it and is linked to a VRF.
Correct. Usually. You also have the option of defining a Subnet under the EPG - either in addition to or instead of defining the subnet under the Bridge Domain. If an EPG is providing a contract which is consumed by and EPG linked to a different VRF, it is obligatory to have a subnet defined under the EPG and marked as Shared between VRFs
That VRF is in a Tenant.
Correct.
You create contracts that allow traffic from one endpoint group to communicate with another endpoint group.
Correct.
All of this is academic... but what about the physical configuration of the leaf switch ports in ACI?
Part of that answer lies in my discussion above about connecting the EPG to a Physical or VMM Domain
My question is this: In all of this how do you configure the physical ports on the leaf switches?
Can I suggest you do a google search for "ACI Access Policy Chain" - you should find a good tutorial
This summary picture may also help
Hi @modular182,
I've been reading and watching many videos on how to configure and Application on ACI. I understand that you create an application profile and in that profile you create endpoint groups.
Correct. The key component is the endpoint group or EPG - the Application Profile plays a very minor role in ACI.
Each group is linked to a broadcast domain.
Correct - the broadcast domain is called a Bridge Domain in ACI, and is different to a normal broadcast domain in the way it handles unknown L2 destination MAC addresses, and potentially different in the way it handles ARP broadcasts - and both of these are configurable in ACI unlike a normal broadcast domain
But you are also missing part of the story here. Each EPG must also be linked to either a Physical Domain or/and a Virtual Machine Management Domain - both of which can present to the EPG a range of ports and VLANs that could possibly used to carry traffic for that EPG.
- In the case of the EPG being connected to a Physical Domain you must also then specify which of the available ports and which VLAN is to define that EPG. The chosen port and VLAN MUST be associated with the linked Physical Domain
- In the case of the EPG being connected to a VMM Domain the available ports are discovered automatically, and the VLAN that defines that EPG is allocated automatically
Each broadcast domain has a subnet configured under it and is linked to a VRF.
Correct. Usually. You also have the option of defining a Subnet under the EPG - either in addition to or instead of defining the subnet under the Bridge Domain. If an EPG is providing a contract which is consumed by and EPG linked to a different VRF, it is obligatory to have a subnet defined under the EPG and marked as Shared between VRFs
That VRF is in a Tenant.
Correct.
You create contracts that allow traffic from one endpoint group to communicate with another endpoint group.
Correct.
All of this is academic... but what about the physical configuration of the leaf switch ports in ACI?
Part of that answer lies in my discussion above about connecting the EPG to a Physical or VMM Domain
My question is this: In all of this how do you configure the physical ports on the leaf switches?
Can I suggest you do a google search for "ACI Access Policy Chain" - you should find a good tutorial
This summary picture may also help
