BD between two Layer 3 Devices

PatrickH1 · ‎05-06-2019

Dear Community,

we have the requiremt to connect a Load Balaner and Firewall to ACI which bridge traffic between them. The Layer 3 Interfaces for the linknetwork remain on the Load Balancer and Firewall. ACI will only switch the Traffic.

Firewall 10.10.10.1/29 VLAN 150 <-> ACI EPG (static Port to FW and LB) BD without IP <-> LB 10.10.10.5/29 VLAN 150

My question is now regarding the Bridge Domain settings. Is there any Best Pratice out there?

ARP Flooding, Layer 2 Unicat Flood, Multi Destinaton Flooding etc...

Kind Regards

Patrick

richmond · ‎05-06-2019

Without a Layer 3 subnet configured and Unicast Routing enabled on the BD you need to set L2 Unknown Unicast to Flood rather than Hardware Proxy.

L3 Unknown Multicast should be set to Flood to enable multicast between all ports in the BD (there is no IGMP querier to help discover where multicast clients are).

Multi Destination flooding should be set to flood in BD (assuming one EPG for this BD there is no difference between flood in BD or flood in encap).

ARP flooding should be enabled to ensure ARP and GARP messages reach all devices as firewalls and load balancers often use GARP on failover.

PatrickH1 · ‎05-06-2019

HI Richmond,

thx for the info, i will use your provided parameters.

Kind Regards

Patrick