Solved: Thanks.

robertke1 · ‎02-12-2017

Hi,

I have a basic question about creating pure L2 Bridge Domains within Tenant:

Can we use ACI Fabric as pure L2 switch between different hosts - all routing/firewalling would be done outside fabric? The reason is that I don't want to add additional p2p links between different systems - so direct links between Router-FW, FW-Proxy, Proxy-Host.

See attached diagram for clarification.

Thanks,

Robert

Claudia de Luna · ‎02-12-2017

Absolutely, Robert.

In these pure L2 BD I'd suggest making sure you disable 'Unicast Routing' (Alternatively you can enable "Limit IP Learning to Subnet' but for these constructs i like disabling Unicast routing).

You need to disable ACI's "greedy" learning behavior for these or else you won't get the traffic patterns you expect.

Having said that I always caution clients to not use their ACI fabric for core or distribution functions but it can be done.

Claudia

View solution in original post

Claudia de Luna · ‎02-12-2017

Absolutely, Robert.

In these pure L2 BD I'd suggest making sure you disable 'Unicast Routing' (Alternatively you can enable "Limit IP Learning to Subnet' but for these constructs i like disabling Unicast routing).

You need to disable ACI's "greedy" learning behavior for these or else you won't get the traffic patterns you expect.

Having said that I always caution clients to not use their ACI fabric for core or distribution functions but it can be done.

Claudia

robertke1 · ‎02-12-2017

Thanks.

Pure L2 Bridge Domain in Tenant