Hello @BertiniB
Your issue seems to revolve around how Cisco ACI learns endpoints and how the Bridge Domain (BD) configuration impacts endpoint learning and traffic forwarding. Let’s break this down and address your concerns step by step.
1. Endpoint Learning in ACI
In Cisco ACI, endpoints are learned in two primary ways:
- Data Plane Learning: When traffic is received on a leaf switch, ACI learns the source MAC and/or IP address and associates it with the port where the traffic was received.
- Control Plane Learning: ACI uses the COOP (Council of Oracles Protocol) to distribute endpoint information across the fabric. This is especially important when using the "Hardware Proxy" mode for L2 unknown unicast traffic.
2. Bridge Domain Configuration and Its Impact
Your Bridge Domain configuration is as follows:
- L2 Unknown Unicast: Hardware Proxy: This means that unknown unicast traffic is not flooded but instead relies on the fabric's control plane to determine the destination. If the endpoint is not learned, the traffic will be dropped.
- ARP Flooding: Enabled: This causes ARP requests to be flooded within the BD, regardless of whether the endpoint is known or not.
- Unicast Routing: Enabled: This allows the BD to route traffic at Layer 3.
- IP in Bridge Domain: This enables IP address learning in the BD.
3. Why Are Endpoints Not Learned?
There are several reasons why endpoints might not be learned in your scenario:
a. Silent Hosts
Silent hosts are devices that do not send any traffic until they receive traffic first. Examples include some IoT devices, printers, or servers waiting for incoming connections. ACI cannot learn silent hosts via the data plane because they do not generate any traffic.
- Impact of ARP Flooding: Even with ARP Flooding enabled, ACI will only flood ARP requests. If the silent host does not respond to ARP requests or does not generate any traffic, it will not be learned.
b. ARP Gleaning
ARP Gleaning is a mechanism where ACI intercepts ARP requests and uses them to learn endpoints. However, ARP Gleaning is disabled when ARP Flooding is enabled. This is because ARP Flooding bypasses the control plane and floods ARP requests directly to all ports in the BD.
- Impact: With ARP Flooding enabled, ACI cannot use ARP Gleaning to learn endpoints. This could explain why endpoints are not being learned in your case.
c. Hardware Proxy and Unknown Unicast Traffic
When "Hardware Proxy" is enabled for L2 unknown unicast traffic, ACI relies on the control plane to determine the destination of unknown unicast traffic. If the endpoint is not learned (e.g., due to silent hosts or ARP Gleaning being disabled), the traffic will be dropped.
- Impact: If the endpoint is not learned, ACI cannot forward unknown unicast traffic, and communication will fail.
d. VMM Integration
You mentioned that some endpoints are learned via VMM (Virtual Machine Manager) but not via the data plane. This suggests that ACI is receiving endpoint information from the VMM domain but is not learning endpoints dynamically from traffic. This could be due to silent hosts or the BD configuration (e.g., ARP Flooding disabling ARP Gleaning).
4. Why Does Flooding Work?
When you enable flooding for L2 unknown unicast traffic, ACI floods the traffic to all ports in the BD. This ensures that the traffic reaches its destination, even if the endpoint is not learned. However, this is not an ideal solution because:
- It increases unnecessary traffic in the fabric.
- It does not solve the root cause of why endpoints are not being learned.
5. Recommendations
To address your issue, consider the following steps:
a. Disable ARP Flooding
Disabling ARP Flooding will allow ACI to use ARP Gleaning to learn endpoints. This is generally the recommended approach unless you have a specific requirement to flood ARP traffic.
b. Verify Endpoint Behavior
Check if the endpoints are silent hosts. If they are, you may need to generate some traffic from these endpoints to ensure they are learned by ACI.
c. Use Static Endpoint Configuration
For silent hosts or devices that do not generate traffic, you can configure static bindings for their MAC and/or IP addresses in ACI. This ensures that ACI knows where to forward traffic for these endpoints.
d. Verify VMM Integration
Ensure that the VMM domain is properly integrated with ACI and that endpoint information is being correctly propagated to the fabric.
e. Use Flooding as a Last Resort
If you cannot resolve the issue with endpoint learning, you can enable flooding for L2 unknown unicast traffic as a temporary workaround. However, this should only be used as a last resort.
6. Summary
The root cause of your issue is likely the combination of ARP Flooding being enabled (which disables ARP Gleaning) and the presence of silent hosts. Disabling ARP Flooding and relying on ARP Gleaning should help ACI learn endpoints dynamically. If silent hosts are the issue, consider generating traffic from these hosts or configuring static bindings.
Hope This Helps!!!
AshSe
Forum Tips:
- Insert photos/images inline - don't attach.
- Always mark helpful and correct answers, it helps others find what they need.
- For a prompt reply, kindly tag @name. An email will be automatically sent to the member.
