10-01-2020 04:24 AM - edited 10-01-2020 04:25 AM
Hello All - I am trying to understand what should be the L2 UNKNOWN UNICAST and ARP FLOODING in BD configuration for L3OUT configuration
L2 UKNOWN UNICAST = Hardware Proxy / Flood
ARP FLOODING = Enabled / Disabled
regards,Sairam
Solved! Go to Solution.
10-01-2020 10:34 AM
Hi @snarayanaraju ,
Maybe it will help to think of it this way.
When you associate your L3Out to your BD you are basically setting up advertising the subnet or subnets associated with your BD out that L3Out. Layer 3/Routing stuff right?
The Bridge Domain settings you are asking about have to do with the Layer 2 characteristics of your Bridge Domain (think Vlan if that helps).
- If your bridge domain is only connected to end hosts (servers etc. that are well behaved) then I always recommend leaving the BD optimized (no flooding). Take advantage of that capability in ACI!
L2 UKNOWN UNICAST = Hardware Proxy
ARP FLOODING = Disabled
- If your bridge domain has external connectivity to say network devices or any host that needs see the flooding then disable the optimized behavior and enable flooding.
L2 UKNOWN UNICAST = Flood
ARP FLOODING = Enabled
These settings relate more to the hosts on your Bridge Domain and what they need from a Layer 2 perspective rather than the L3Out, if that makes sense. That is what @balaji.bandi and @jgomezve have been explaining.
10-01-2020 12:43 PM - edited 10-01-2020 12:46 PM
As Claudia said the BD settings are mostly dependent on the type End hosts connected to that bridge domain. That said, if “silent hosts” are connected you should enable flooding on the BD.
However the ACI Fabric also uses ARP Gleaning and sends probe packets once the endpoint is about to be flushed. These features are activated when the BD has a Subnet and ‘Unicast Routing’ enabled.
Then I would say that a BD which is associated with a L3Out can be configured with Hardware Proxy and ‘ARP Flooding’ enabled to deal with silent hosts as it must have ‘Unicast Routing’ and a Subnet configured.
10-01-2020 04:34 AM
Cisco ACI uses a behavior similar to that in traditional networks for L3Out connectivity. The Cisco ACI L3Out domain learns the MAC address only from the data plane. IP addresses are not learned from the data plane in an L3Out domain; instead, Cisco ACI uses ARP to resolve next-hop IP and MAC relationships to reach the prefixes behind external routers.
10-01-2020 05:34 AM
Thanks for responding. With that said, i should enable ARP Flooding. What about L2 Unknown Unicast? It should be in Flood or Hardware Proxy. As far as i know, Hardware Proxy should be DISABLED. Is that righ?
10-01-2020 06:30 AM
yes it should be, any way it flood only respect EPG.
10-01-2020 07:51 AM
10-01-2020 09:36 AM
Thank you Jorge. I meant BD because we attach the L3OUT to the BD under L3 Configuration where "Unicast Routing" enabled and IP address configured.
The question is, in that BD what should be the configuration for L2 UNKNOWN UNICAST (Flood/Hardware Proxy) and ARP FLOODING (Disable/Enable)
regards,sairam
10-01-2020 10:34 AM
Hi @snarayanaraju ,
Maybe it will help to think of it this way.
When you associate your L3Out to your BD you are basically setting up advertising the subnet or subnets associated with your BD out that L3Out. Layer 3/Routing stuff right?
The Bridge Domain settings you are asking about have to do with the Layer 2 characteristics of your Bridge Domain (think Vlan if that helps).
- If your bridge domain is only connected to end hosts (servers etc. that are well behaved) then I always recommend leaving the BD optimized (no flooding). Take advantage of that capability in ACI!
L2 UKNOWN UNICAST = Hardware Proxy
ARP FLOODING = Disabled
- If your bridge domain has external connectivity to say network devices or any host that needs see the flooding then disable the optimized behavior and enable flooding.
L2 UKNOWN UNICAST = Flood
ARP FLOODING = Enabled
These settings relate more to the hosts on your Bridge Domain and what they need from a Layer 2 perspective rather than the L3Out, if that makes sense. That is what @balaji.bandi and @jgomezve have been explaining.
10-01-2020 12:43 PM - edited 10-01-2020 12:46 PM
As Claudia said the BD settings are mostly dependent on the type End hosts connected to that bridge domain. That said, if “silent hosts” are connected you should enable flooding on the BD.
However the ACI Fabric also uses ARP Gleaning and sends probe packets once the endpoint is about to be flushed. These features are activated when the BD has a Subnet and ‘Unicast Routing’ enabled.
Then I would say that a BD which is associated with a L3Out can be configured with Hardware Proxy and ‘ARP Flooding’ enabled to deal with silent hosts as it must have ‘Unicast Routing’ and a Subnet configured.
10-01-2020 01:24 PM
Thanks everybody how shared their thoughts @balaji.bandi and @jgomezve and Claudia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide