cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6877
Views
10
Helpful
4
Replies

Cisco ACI -Role of IS-IS and MP-BPG

Dear All,

Please provide your suggestions /feedback to understand on the following key Technical queries in Cisco ACI .

1)  What is the Role of IS-IS and MP-BPG under Cisco ACI Fabric  in terms of routing and packetflow ?

2)  Can we configure  F5 LB ( LTM/APM/ASM ) completely through Device package  or do we need 

iapps . if yes,Please  mention if its ready to be deployed in  production environment.

3) What is Static Path Binding in ACI.

4) What is the difference between  enable flooding  / unknown unicast /Unicast routing under Bridge domain

5) Do we need OOB for APIC devices only ( spine & leaf ) and  can the same /16 shall be used for NoN - APIC devices for OOB management .

6) What is the purpose of  default three Tenants ( Infra/Mgmt.,etc) in APIC 

Thank you for your response in advance .

Cheer,

Akber.

1 Accepted Solution

Accepted Solutions

As far as MP-BGP you need to configure the router reflectors on the spine and assign a BGP AS number. For the client RR, the APIC will configure all leaf nodes as MP-BGP route reflector clients once you set the route reflectors on the spines. The BGP AS number is used as a domain identifier. The public range is 1-64,495. If you go to the Fabric Tab under Fabric Policies > Pod Polices > Polices > BGP Route Reflector you will see where you assign an BGP AS number and where you configure your spines as route reflectors. An example in the image attached.  

Regards,

Michael G

View solution in original post

4 Replies 4

micgarc2
Cisco Employee
Cisco Employee

1)  What is the Role of IS-IS and MP-BPG under Cisco ACI Fabric  in terms of routing and packetflow ?

The role of MP-BGP is to distribute routing information through the domain to each of the leaf switches that require that information. This is also needed to allow distribution of external routes in the fabric. By default, MP-BGP is actually not enabled by default in the fabric. It order to actually turn this on you need to assign a BGP AS number and also configure the spines as BGP route reflectors. Once this is done, the APIC is what configures the leafs as route-reflector clients.

IS-IS is a routing protocol that is used between the leaf and spine switches. It is what is actually building the routing table between the VTEPS. All the convergence happens independently of the APIC.

2)  Can we configure  F5 LB ( LTM/APM/ASM ) completely through Device package  or do we need 
iapps . if yes,Please  mention if its ready to be deployed in  production environment.

I believe you need to install an F5 device package but I would have to get back to you on this. In the mean time, here is an ACI integration demo integrating an F5 LB and a link that could be helpful.

https://www.youtube.com/watch?v=5Nw2vtid7Zs

https://devcentral.f5.com/articles/under-the-hood-of-f5-big-ip-ltm-and-cisco-aci-integration-role-of-the-device-package

3) What is Static Path Binding in ACI.

A static binding is when you use a specific path on specific ports to connect to an external device. This can be configured as a bridged or routed interface. The static path will be associated with an EPG which will also have an encapsulation VLAN set that must be part of the static VLAN pool you set. When you deploy a static path you will also configure it to whether its trunking, untagged, or 802.1p.

4) What is the difference between  enable flooding  / unknown unicast /Unicast routing under Bridge domain

Please look under the bridge domain and subnets tabs to see the difference between the difference types of bridge domain packet behavior. But flooding is disabled by default inside the fabric but can be enabled if desired.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/b_ACI-Fundamentals/b_ACI-Fundamentals_chapter_010001.html

5) Do we need OOB for APIC devices only ( spine & leaf ) and  can the same /16 shall be used for NoN - APIC devices for OOB management.

Out of band management is used for the nodes and APICs in your fabric. The APIC and fabric switches have dedicated physical interfaces in order to provide management communication. During the initial setup of the APIC via CIMC you will assign a TEP address pool usually with a /16 address. This is your tunnel end point and is used for VXLAN traffic and is needed to send traffic over VXLAN. This is different from OOB. The actual node management addresses are separate and are going to be your OOB management IPs which are applied to the interface eth0 (mgmt0). These will be the IP addresses assigned to your APICs and each node you configure.


6) What is the purpose of  default three Tenants ( Infra/Mgmt.,etc) in APIC 

There are three default tenants in ACI: Common, Infra, Management:

Common - contains policies that govern operations of resources that are accessible to all the tenants (ex. firewalls, load balancers)

Infra - contains polices that handle the operations of the infrastructure space such as the fabric VXLAN overlay

Management - contains polices that are used for management configurations used for in-band and and out-of-band configuration of the fabric nodes. It has a private OOB address space for APIC and fabric internal communications that are outside of the fabric path. This is what I referred to earlier with access to the management port to the switches.

Hope this helps!

Regards,

Michael G

Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.

Thank you Mic for the wonderful explanation !

In regards to my Question#1 ,

As per your above comments, I understood that  For communication between Spine to Leaf switches only IS-IS routing protocol will be used which is within the Fabric .

In addition, For communication outside the fabric , we need to first enable the MP-BGP and then configure RR on Spine and RR client on Leaf to establish communication outside the Fabric.

Please confirm if we have any certain recommendations for assigning BGPAS number or will it be done automatically.

Once again ..thank you for valuable inputs and appreciate it.

Cheers,Akber.

As far as MP-BGP you need to configure the router reflectors on the spine and assign a BGP AS number. For the client RR, the APIC will configure all leaf nodes as MP-BGP route reflector clients once you set the route reflectors on the spines. The BGP AS number is used as a domain identifier. The public range is 1-64,495. If you go to the Fabric Tab under Fabric Policies > Pod Polices > Polices > BGP Route Reflector you will see where you assign an BGP AS number and where you configure your spines as route reflectors. An example in the image attached.  

Regards,

Michael G

Thank you Michael for the detailed explanation and appreciate your quick response.

Cheers,Akber .

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License