Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
7740
Views
36
Helpful
6
Replies

Cisco ACI Control Plane and Data Plane

Go to solution
thirodmorais
Level 1
Level 1

ā€Ž01-25-2021 01:25 PM

I am looking for more information to get a better understanding of how the control plane and data plane works in the ACI. I know the APIC controllers are completely separate from the operation of the ACI, even when the APIC cluster is lost the fabric will not be impacted. During this time, the new configuration will not be deployed in the fabric.

 

The data plane still resides in the devices, but the control plane is in the APIC or not? It is clear to me, that all configuration is done in the APIC and deploy in the devices including the control plane functions (IS-IS, BGP RR, and etc.).

 

Does the control plane is in the APIC?

 

Thanks in advance.

TM

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tonybourke
Level 1
Level 1

ā€Ž01-25-2021 01:50 PM

Hello, 

 

With ACI, there is the data plane, the control plane, and the policy plane. 

 

The data plane is of course the packets being forwarded by the ASICs in the spines and leafs (or via software in vLeaf/AVE/etc.). That's the same as with NX-OS. 

 

The control plane involves the L2/L3 protocols running on each individual leaf. This is also not any different from a traditional NX-OS deployment. If ACI is peering with an external router for an L3Out using OSPF, the OSPF process runs on the border leaf(s). The router updates/etc. originate and terminate on the border leafs. LLDP is turned on by default on all active ports, and the LLDP packets are generated from each leaf and spine's CPU. You can log into a leaf and run show commands like "show ip ospf neighbor vrf [Tenant:VRF]" and see the same output you'd see on an NX-OS device. 

 

In both cases, the APIC doesn't see those packets. Data plane packets do not traverse the APIC, and control plane packets do not originate or terminate at the APIC. Note, this is different from some other SDN solutions. 

 

The APIC instead is what configures the switches. While you can SSH into each leaf/spine, you cannot go into config mode (no "conf t", so to speak). The APIC, through the CLI, the GUI, or the API, has policy set on the APIC. The APIC will then take that policy and push it to the appropriate leafs/spines. When you create a Bridge Domain, Subnet, and EPG (which is attached to a domain), for example, it pushes an anycast SVI, a set of VLAN/VXLANs, etc., to the leaf to enable packets to forward as per the APIC's config. 

View solution in original post

6 Replies 6

Go to solution
tonybourke
Level 1
Level 1

ā€Ž01-25-2021 01:50 PM

Hello, 

 

With ACI, there is the data plane, the control plane, and the policy plane. 

 

The data plane is of course the packets being forwarded by the ASICs in the spines and leafs (or via software in vLeaf/AVE/etc.). That's the same as with NX-OS. 

 

The control plane involves the L2/L3 protocols running on each individual leaf. This is also not any different from a traditional NX-OS deployment. If ACI is peering with an external router for an L3Out using OSPF, the OSPF process runs on the border leaf(s). The router updates/etc. originate and terminate on the border leafs. LLDP is turned on by default on all active ports, and the LLDP packets are generated from each leaf and spine's CPU. You can log into a leaf and run show commands like "show ip ospf neighbor vrf [Tenant:VRF]" and see the same output you'd see on an NX-OS device. 

 

In both cases, the APIC doesn't see those packets. Data plane packets do not traverse the APIC, and control plane packets do not originate or terminate at the APIC. Note, this is different from some other SDN solutions. 

 

The APIC instead is what configures the switches. While you can SSH into each leaf/spine, you cannot go into config mode (no "conf t", so to speak). The APIC, through the CLI, the GUI, or the API, has policy set on the APIC. The APIC will then take that policy and push it to the appropriate leafs/spines. When you create a Bridge Domain, Subnet, and EPG (which is attached to a domain), for example, it pushes an anycast SVI, a set of VLAN/VXLANs, etc., to the leaf to enable packets to forward as per the APIC's config. 

Go to solution
Nameless-IT
Level 1
Level 1
In response to tonybourke

ā€Ž10-04-2021 02:03 PM

Thanks for the clarification.

Go to solution
thirodmorais
Level 1
Level 1

ā€Ž01-25-2021 03:37 PM

Hi tonybourke,

 

Thanks for the explanation, very clear to me.

 

Please, do you have any sites or books to suggest to me?

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to thirodmorais

ā€Ž01-26-2021 10:41 AM - edited ā€Ž01-26-2021 10:43 AM

Hi @tonybourke 

If you wish to deep dive into ACI word, I would recommend the following approach:

1. Start with "Deploying ACI" - as @tonybourke  mentioned, its a very good book.

2. Watch ciscolive videos - this are gold nuggets for learning ACI. You could use the CL learning maps, and go by pillars: 

Screenshot 2021-01-24 190716.png

Screenshot 2021-01-26 203413.png

 

If you think these are too many videos, no worries I got you. This is my recommendation:

 

i) Must watch (seriously! You must watch these ones!)

 

ii) A bit of a intro to different things. These will help building the fundamentals of ACI:

 

iii) Troubleshooting (the best ones a.k.a. the ones you learned the most from a.k.a. the ones you need to re-watch at least 2 times)

 

 

3. The third very good learning material, especially for small things which usually make the difference - whitepapers. There are whitepapers for a lot of things in ACI.

4. And finally, maybe the most important out of all. practice practice practice. If you do not have a real lab with hardware and stuff, try the always-on sandbox https://developer.cisco.com/docs/aci/#!sandbox/aci-sandboxes or the good old dcloud https://dcloud.cisco.com/

 

Hope you will find this helpful!

Good luck with the learning.

 

Sergiu

Go to solution
Nameless-IT
Level 1
Level 1
In response to Sergiu.Daniluk

ā€Ž10-04-2021 02:02 PM

Thank you so much for the clarification

Go to solution
tonybourke
Level 1
Level 1

ā€Ž01-25-2021 03:57 PM

For books, the Cisco Press book "Deploying ACI" is one of the best Cisco Press books I've come across. It's very thorough. 

For websites, The Unofficial ACI Guide http://unofficialaciguide.com is great. 

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License