Explanation about interns Vlans and IPs ACI APIC

willytech007 · ‎05-22-2025

Hi community

I'm studying about the certification 300-620 ACI exam and topics.

I got some terms and concepts about 3 different IPs and I got confused, they are: Infraestructure VLAN- IP VLAN, PTEP IP and FTEP IP, they are 3 differents IPs, my questiosn are: what's the function each one? some area the same in all switches? some examples about their use?

Thanks in advance

RedNectar · ‎05-22-2025

Hi @willytech007 ,

Let's start with the easy one - the PTEP or physical TEP

PTEP Addresses

As each LEAF switch boots up, it requests a DHCP address from the primary APIC. It assigns this address to lo0 within the overlay-1 VRF, and is pretty much used to identify that leaf for everything. For instance, all the following commands will show the VTEP address:

apic1# show switch
 ID    Pod   Address       In-Band IPv4  OOB IPv4     Version        Flags   Name
 ----  ----  ------------  ------------  ------------ -------------- -----   ---------
 1101  1     10.1.112.65   10.10.2.8     172.16.11.8  n9000-15.3(2a) asiv    Spine1101
 1201  1     10.1.112.64   10.10.2.5     172.16.11.5  n9000-15.3(2a) aliv    Leaf1201
 1202  1     10.1.112.66   10.10.2.6     172.16.11.6  n9000-15.3(2a) aliv    Leaf1202

and

apic1# fabric 1201-1202 show ip interface lo0 vrf overlay-1
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------
IP Interface Status for VRF "overlay-1"
lo0, Interface status: protocol-up/link-up/admin-up, iod: 4, mode: ptep
  IP address: 10.1.112.64, IP subnet: 10.1.112.64/32
  IP broadcast address: 255.255.255.255
  IP primary address route-preference: 0, tag: 0


----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------
IP Interface Status for VRF "overlay-1"
lo0, Interface status: protocol-up/link-up/admin-up, iod: 4, mode: ptep
  IP address: 10.1.112.66, IP subnet: 10.1.112.66/32
  IP broadcast address: 255.255.255.255
  IP primary address route-preference: 0, tag: 0

and

apic1# fabric 1201-1202 show isis dteps vrf overlay-1
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------

IS-IS Dynamic Tunnel End Point (DTEP) database:
DTEP-Address       Role    Encapsulation   Type
10.1.8.65          SPINE   N/A             PHYSICAL,PROXY-ACAST-MAC
10.1.8.67          SPINE   N/A             PHYSICAL,PROXY-ACAST-V4
10.1.112.65        SPINE   N/A             PHYSICAL #VTEP of Spine
10.1.8.66          SPINE   N/A             PHYSICAL,PROXY-ACAST-V6
10.1.8.64          LEAF    N/A             PHYSICAL
10.1.112.66        LEAF    N/A             PHYSICAL #VTEP of OTHER leaf


----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------

IS-IS Dynamic Tunnel End Point (DTEP) database:
DTEP-Address       Role    Encapsulation   Type
10.1.112.65        SPINE   N/A             PHYSICAL #VTEP of Spine
10.1.8.66          SPINE   N/A             PHYSICAL,PROXY-ACAST-V6
10.1.8.65          SPINE   N/A             PHYSICAL,PROXY-ACAST-MAC
10.1.8.67          SPINE   N/A             PHYSICAL,PROXY-ACAST-V4
10.1.112.64        LEAF    N/A             PHYSICAL
10.1.8.64          LEAF    N/A             PHYSICAL #VTEP of OTHER leaf

and

apic1# fabric 1201-1202 show ip interface brief vrf overlay-1
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------
IP Interface Status for VRF "overlay-1"(4)
Interface            Address              Interface Status
eth1/49              unassigned           protocol-down/link-down/admin-up
eth1/50              unassigned           protocol-down/link-down/admin-up
eth1/51              unassigned           protocol-up/link-up/admin-up
eth1/51.8            unnumbered           protocol-up/link-up/admin-up
                     (lo0)
eth1/52              unassigned           protocol-down/link-down/admin-up
eth1/53              unassigned           protocol-down/link-down/admin-up
eth1/54              unassigned           protocol-down/link-down/admin-up
vlan7                10.1.0.30/27         protocol-up/link-up/admin-up
lo0                  10.1.112.64/32       protocol-up/link-up/admin-up #VTEP Address
lo1                  10.1.8.64/32         protocol-up/link-up/admin-up
lo1023               10.1.0.32/32         protocol-up/link-up/admin-up. #FTEP Address


----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------
IP Interface Status for VRF "overlay-1"(4)
Interface            Address              Interface Status
eth1/49              unassigned           protocol-down/link-down/admin-up
eth1/50              unassigned           protocol-down/link-down/admin-up
eth1/51              unassigned           protocol-up/link-up/admin-up
eth1/51.10           unnumbered           protocol-up/link-up/admin-up
                     (lo0)
eth1/52              unassigned           protocol-down/link-down/admin-up
eth1/53              unassigned           protocol-down/link-down/admin-up
eth1/54              unassigned           protocol-down/link-down/admin-up
vlan7                10.1.0.30/27         protocol-up/link-up/admin-up
lo0                  10.1.112.66/32       protocol-up/link-up/admin-up #VTEP Address
lo1                  10.1.8.64/32         protocol-up/link-up/admin-up
lo1023               10.1.0.32/32         protocol-up/link-up/admin-up #FTEP Address

FTEP Address

Now - if you look at this last example, you'll see another loopback address lo1023 . This is the FTEP address, (Fabric TEP address I THINK) that is the same on all switches in the fabric - note in the example above, it is 10.1.0.32/32 on both switches. It is used if the switch has a vSwitch attached that is using VXLAN encapsulation between vSwitches (i.e. in certain VMM environments)

"Infraestructure VLAN- IP VLAN"

Now I'm a bit confused about this one - I'm not sure what you are referring to with "Infraestructure VLAN- IP VLAN"

The Infrastructure VLAN is the VLAN used between leaf switches and the APIC. The only place you'll see an IP on the Infrastructure VLAN is on the APIC. On my APIC, the infrastructure VLAN is VLAN 3961, so...

apic1# ifconfig bond0.3961
bond0.3961: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.0.1  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::36ed:1bff:fe8b:5a2b  prefixlen 64  scopeid 0x20
        ether 34:ed:1b:8b:5a:2b  txqueuelen 1000  (Ethernet)
        RX packets 90334557  bytes 60247196551 (60.2 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64888897  bytes 33932495663 (33.9 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

You'll see that each leaf has a tunnel between this APIC IP and it's PTEP - on my Leaf1202 it happens to be on Tunnel1so you'll see it with this command:

apic1# fabric 1202 show interface tunnel 1
----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------
Tunnel1 is up
    MTU 9000 bytes, BW 0 Kbit
    Transport protocol is in VRF "overlay-1"
    Tunnel protocol/transport is ivxlan
    Tunnel source 10.1.112.66/32 (lo0)  #This switch's PTEP
    Tunnel destination 10.1.0.1         #APIC infrastructure VLAN IP address
    Last clearing of "show interface" counters never
    Tx
    0 packets output, 1 minute output rate 0 packets/sec
    Rx
    0 packets input, 1 minute input rate 0 packets/sec

so I'm assuming that this answers your question - if not, give me a bit more detail about this one.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

willytech007 · ‎05-24-2025

Hi dear

I have a question about the FTEP when you said all switches , they include spines?

and about the Infraestructure VLAN, in your image of leaf switch displays vlan7 with IP, is it right? or what's does means that number?

and what function lo1 do?

In this image extract from book, show vlan8

The explanation of PTEP is for encapsulation and decap VXLAN dataplane

Infra Vlan is for communication between apic and switches control-mgmt traffic

What do you think about these sentences?

Thanks in advance