Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1472
Views
3
Helpful
3
Replies

Packet forwarding in ACI in one bridge domain and multiple subnets

Go to solution
riad1990new
Level 1
Level 1

‎08-21-2023 10:44 PM

Hello,

Consider an ACI environment, where there's a single bridge domain, which contains multiple subnets. I have a few questions:

1- Would the APIC create an SVI for each subnet?

2- On leaf switch A: host A in subnet A sends a broadcast packet, host B in subnet B (also connected to leaf switch A) is in the same bridge domain, would host B receive this broadcast packet even if it's on a different subnet?

3- If host A on subnet A is connected to leaf switch A, and host B on subnet B is connected to leaf switch B, but both hosts are in the same bridge domain, how would broadcast traffic from A get sent to B?

Thanks,
Reyad.

 

 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to riad1990new

‎08-22-2023 11:58 AM

@riad1990new,

You're correct that in ACI, the anycast gateway addresses are typically deployed as SVIs for each subnet within a bridge domain.

ACI deploys anycast gateways as SVIs. Each subnet within a bridge domain will have an associated SVI with an IP address in that subnet.

ACI is designed to keep broadcast traffic within the same subnet. Host B in subnet B will not receive the broadcast packet from host A in subnet A, even if they are connected to the same leaf switch. This is the default behavior, ensuring segmentation between subnets.

ACI employs contracts and EPGs to facilitate communication between different subnets. If you want communication between hosts in different subnets, you would define a contract that allows this communication and associate it with the relevant EPGs. ACI will then ensure that the necessary routing and forwarding is set up to allow this communication.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

3 Replies 3

Go to solution
M02@rt37
VIP
VIP

‎08-22-2023 01:06 AM

Hello @riad1990new,

1-In ACI, the APIC does not create traditional SVIs for each subnet within a bridge domain. ACI uses a different model called "Endpoint Groups" (EPGs) to manage communication between subnets. These EPGs are associated with bridge domains and are used to group endpoints based on their common attributes. ACI takes care of the routing and forwarding without traditional SVIs.

2-ACI handles inter-subnet communication using a combination of its distributed gateway and overlay networking. Broadcast traffic would be handled within the ACI fabric, and hosts in different subnets on the same leaf switch might not receive broadcasts from each other. ACI's design aims to limit broadcast domains and provide scalability.

3-Communication between different leaf switches in ACI is managed by the APIC controllers using the MP-BGP protocol for overlay routing. Broadcast and unknown unicast traffic is contained within the leaf switch and does not cross the fabric.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
riad1990new
Level 1
Level 1
In response to M02@rt37

‎08-22-2023 11:45 AM

Thanks M02@rt37 , but according to my understanding and this document: https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-application-centric-infrastructure-design-guide.html#_Toc129073546 (The Cisco ACI fabric operates as an anycast gateway for the IP address defined in the bridge domain subnet configuration.) and to my understanding, these anycast gateways are deployed as SVIs.

And going back to my questions, I'm trying to understand how the packets will get processed in the scenarios I've mentioned above, because most online documentations go over the general cases, such as the "spine-proxy" forwarding mechanisim.

Thanks,
Reyad.

 

Go to solution
M02@rt37
VIP
VIP
In response to riad1990new

‎08-22-2023 11:58 AM

@riad1990new,

You're correct that in ACI, the anycast gateway addresses are typically deployed as SVIs for each subnet within a bridge domain.

ACI deploys anycast gateways as SVIs. Each subnet within a bridge domain will have an associated SVI with an IP address in that subnet.

ACI is designed to keep broadcast traffic within the same subnet. Host B in subnet B will not receive the broadcast packet from host A in subnet A, even if they are connected to the same leaf switch. This is the default behavior, ensuring segmentation between subnets.

ACI employs contracts and EPGs to facilitate communication between different subnets. If you want communication between hosts in different subnets, you would define a contract that allows this communication and associate it with the relevant EPGs. ACI will then ensure that the necessary routing and forwarding is set up to allow this communication.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License

Top