Re: Endpoint communication issue in same EPG

Daps · ‎08-14-2019

Hi,

I am facing one normal but unique issue with my newly ACI setup with legacy L2 switch environment.

My aci topology is currently L2 out and I have configured BD=EPG=VLAN type of configuration.

Please find the attached diagram. I am facing the issue as shown in diagram. and basic configuration is also attached with the topic. Checked everything from ACI ports to cisco Switch and end host.

request you to suggest in this.

joezersk · ‎12-02-2019

Hi Daps. Ok, I don't have the full picture of your setup, but I have some thoughts as to why your servers cannot ping. Without getting too philosophical, your servers are actually NOT in the same EPG.

When using an L2Out, you are effectively extending your VLAN from your ACI EPG, to the External EPG that lives in the outside world. Confused? Look at it like this....ACI sees the world as a series of EPGs. Everything is an endpoint and every endpoint must belong to an EPG...even for things that live outside of ACI. So conceptually ACI views "the world outside" as an "external EPG" that it does not actually own or manage, but sees as an EPG nonetheless.

We also know that in ACI, for EPGs to talk, we need a contract. I suspect in your setup, you do not have a contract on the L2 Outs. You have two choices here, and I will even dare to risk telling you the one I would prefer.

1. You can add contracts to both L2Outs that allow the protocols you want.

2. You can choose not to use L2Outs at all (and remove that config) and use what is called a "Static Binding" or in the UI called "Static Ports". You find this under the EPG itself. You are effectively telling ACI "Hey, in this EPG, there is a VLAN encap you should tag on this trunk port that leads to my legacy switch".

I prefer static bindings/ports myself.

To close, you might also wonder what is the difference between L2Out and Static Port? L2Out requires a contract, and the static port does not. Your choice.