02-12-2017 12:55 AM - edited 03-01-2019 05:09 AM
Hi,
I have a basic question about creating pure L2 Bridge Domains within Tenant:
Can we use ACI Fabric as pure L2 switch between different hosts - all routing/firewalling would be done outside fabric? The reason is that I don't want to add additional p2p links between different systems - so direct links between Router-FW, FW-Proxy, Proxy-Host.
See attached diagram for clarification.
Thanks,
Robert
Solved! Go to Solution.
02-12-2017 07:39 AM
Absolutely, Robert.
In these pure L2 BD I'd suggest making sure you disable 'Unicast Routing' (Alternatively you can enable "Limit IP Learning to Subnet' but for these constructs i like disabling Unicast routing).
You need to disable ACI's "greedy" learning behavior for these or else you won't get the traffic patterns you expect.
Having said that I always caution clients to not use their ACI fabric for core or distribution functions but it can be done.
Claudia
02-12-2017 07:39 AM
Absolutely, Robert.
In these pure L2 BD I'd suggest making sure you disable 'Unicast Routing' (Alternatively you can enable "Limit IP Learning to Subnet' but for these constructs i like disabling Unicast routing).
You need to disable ACI's "greedy" learning behavior for these or else you won't get the traffic patterns you expect.
Having said that I always caution clients to not use their ACI fabric for core or distribution functions but it can be done.
Claudia
02-12-2017 09:28 AM
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide