EP Learning on infra VLAN

HelenaC · ‎06-30-2017

Hello,

I've read (and checked in our fabric) that there's no IP EP Learning on infra VLAN, and I would like to know the reason for this behaviour. I've looked for it into the documentation but I haven't found an explanation.

In this case, when only the MAC is learned, is there any mechanism similar to the one which is decribed in teh ACI Design Guide: "When 75 percent of this value is reached, the leaf sends three ARP requests as unicast packets in a staggered fashion (with a time delta between the requests) to check for the endpoint’s existence", in order to refresh the entry before it expires?

Thank you.

Regards.

RedNectar · ‎06-30-2017

Hi helena.cornic,

there's no IP EP Learning on infra VLAN, and I would like to know the reason for this behaviour.

The infra VLAN is used outside of the ACI Fabric only when the APIC needs to communicate with a remote VTEP - which would be an AVS vswitch has been configured on an ESXi host. There will never be any end points on this VLAN, so there will never be any EP learning.

And since there are no end points on the infra VLAN, there would be no point in sending ARP requests at 75% of the ageing timer.

Now, if say your infra VLAN is VLAN 3967, and you want to also map VLAN 3967 to an EPG, then you might be in trouble. You may be able to map that VLAN to an EPG, but if you did you would have to make sure that it was mapped via an AEP that didn't include the Infrastructure VLAN.

So I guess we need to know exactly why you are WANTING to see any EP learning on the infra VLAN?

HTH

RedNectar

aka Chris Welsh

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

HelenaC · ‎06-30-2017

Hi Chris,

In our setup, we have Openstack integrated with ACI, and we use infra VLAN for communication between agent-ovs on compute nodes and opflex-proxy on the connected leafs. We see the MAC addresses of the nodes in the EPG but not the IPs, as expected. We don't want to see them, we were just trying to understand why on infra BD EP learning is different from a standard BD.

We have this doubt because we had some issues in this VLAN, but they are already solved by our TAC support.

Thank you,

Regards,
Helena

RedNectar · ‎06-30-2017

Hi Helena,

That certainly paints a clear picture for me. Now first of all let me say that I have never implemented an OpenStack integration with ACI, so I may not have the details exactly correct. But my understanding is that ACI communicates with the Opflex Proxy to a) pass the policy to the OVS and b) learn those MAC addresses you are seeing.

Now at a guess, I'm thinking that it could be that if policy is being applied between the servers at the OVS level, there aren't any packets reaching the leaf switch for the leaf switch to learn the IP addresses - but I admit that this is a long shot. But the answer can be found if you go to the EPG and click on the Operational tab - when you see the the MAC addresses, do they show up as Learned or VMM? If they show up as Learned, then my theory is completely wrong. But if they only show VMM, then that is the same behaviour that I'd expect from any other implementation.

Of course, if they show up as only VMM, but you are sure that there are packets from these servers traversing the Leaf, then we are back to square #1.

CW

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.