cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

681
Views
25
Helpful
8
Replies
snarayanaraju
Enthusiast

L3OUT and ARP Handling

Hello All - I am trying to understand what should be the L2 UNKNOWN UNICAST and ARP FLOODING in BD configuration for L3OUT configuration 

L2 UKNOWN UNICAST  = Hardware Proxy / Flood

ARP FLOODING = Enabled / Disabled

regards,Sairam

2 ACCEPTED SOLUTIONS

Accepted Solutions
Claudia de Luna
Enthusiast

Hi @snarayanaraju ,

 

Maybe it will help to think of it this way.

 

When you associate your L3Out to your BD you are basically setting up advertising the subnet or subnets associated with your BD out that L3Out.  Layer 3/Routing stuff right?

 

The Bridge Domain settings you are asking about have to do with the Layer 2 characteristics of your Bridge Domain (think Vlan if that helps).    

- If your bridge domain is only connected to end hosts (servers etc. that are well behaved) then I always recommend leaving the BD optimized (no flooding).   Take advantage of that capability in ACI!  

L2 UKNOWN UNICAST  = Hardware Proxy 

ARP FLOODING =  Disabled

- If your bridge domain has external connectivity to say network devices or any host that needs see the flooding then disable the optimized behavior and enable flooding.

L2 UKNOWN UNICAST  = Flood

ARP FLOODING = Enabled 

These settings relate more to the hosts on your Bridge Domain and what they need from a Layer 2 perspective rather than the L3Out, if that makes sense.  That is what @balaji.bandi  and @jgomezve  have been explaining.   

View solution in original post

jgomezve
Cisco Employee

As Claudia said the BD settings are mostly dependent on the type End hosts connected to that bridge domain. That said, if “silent hosts” are connected you should enable flooding on the BD.

 

However the ACI Fabric also uses ARP Gleaning and sends probe packets once the endpoint is about to be flushed. These features are activated when the BD has a Subnet and ‘Unicast Routing’ enabled.


Then I would say that a BD which is associated with a L3Out can be configured with Hardware Proxy and ‘ARP Flooding’ enabled to deal with silent hosts as it must have ‘Unicast Routing’ and  a Subnet configured.

View solution in original post

8 REPLIES 8
balaji.bandi
VIP Expert

Cisco ACI uses a behavior similar to that in traditional networks for L3Out connectivity. The Cisco ACI L3Out domain learns the MAC address only from the data plane. IP addresses are not learned from the data plane in an L3Out domain; instead, Cisco ACI uses ARP to resolve next-hop IP and MAC relationships to reach the prefixes behind external routers.



BB


*** Rate All Helpful Responses ***

Thanks for responding. With that said, i should enable ARP Flooding. What about L2 Unknown Unicast? It should be in Flood or Hardware Proxy. As far as i know, Hardware Proxy should be DISABLED. Is that righ?

balaji.bandi
VIP Expert

yes it should be, any way it flood only respect EPG.



BB


*** Rate All Helpful Responses ***

jgomezve
Cisco Employee

Hello,

What do you mean by a BD in a L3OUT configuration? You mean a BD that is associated with a L3Out. In that case, most probably you have ‘unicast routing’ enabled and a Subnet configured, therefore is should be fine to Disable ‘ARP Flooding’ and use ‘Hardware Proxy’


Regards,
Jorge

Thank you Jorge. I meant BD because we attach the L3OUT to the BD under L3 Configuration where "Unicast Routing" enabled and IP address configured.

 

The question is, in that BD what should be the configuration for L2 UNKNOWN UNICAST (Flood/Hardware Proxy) and ARP FLOODING (Disable/Enable)

 

regards,sairam

Claudia de Luna
Enthusiast

Hi @snarayanaraju ,

 

Maybe it will help to think of it this way.

 

When you associate your L3Out to your BD you are basically setting up advertising the subnet or subnets associated with your BD out that L3Out.  Layer 3/Routing stuff right?

 

The Bridge Domain settings you are asking about have to do with the Layer 2 characteristics of your Bridge Domain (think Vlan if that helps).    

- If your bridge domain is only connected to end hosts (servers etc. that are well behaved) then I always recommend leaving the BD optimized (no flooding).   Take advantage of that capability in ACI!  

L2 UKNOWN UNICAST  = Hardware Proxy 

ARP FLOODING =  Disabled

- If your bridge domain has external connectivity to say network devices or any host that needs see the flooding then disable the optimized behavior and enable flooding.

L2 UKNOWN UNICAST  = Flood

ARP FLOODING = Enabled 

These settings relate more to the hosts on your Bridge Domain and what they need from a Layer 2 perspective rather than the L3Out, if that makes sense.  That is what @balaji.bandi  and @jgomezve  have been explaining.   

View solution in original post

jgomezve
Cisco Employee

As Claudia said the BD settings are mostly dependent on the type End hosts connected to that bridge domain. That said, if “silent hosts” are connected you should enable flooding on the BD.

 

However the ACI Fabric also uses ARP Gleaning and sends probe packets once the endpoint is about to be flushed. These features are activated when the BD has a Subnet and ‘Unicast Routing’ enabled.


Then I would say that a BD which is associated with a L3Out can be configured with Hardware Proxy and ‘ARP Flooding’ enabled to deal with silent hosts as it must have ‘Unicast Routing’ and  a Subnet configured.

View solution in original post

snarayanaraju
Enthusiast

Thanks everybody how shared their thoughts @balaji.bandi  and @jgomezve and Claudia 

Content for Community-Ad