Cisco 300-620 - Implementing Cisco Application Centric Infrastructure (300-620 DCACI)

To move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric and ensure that endpoints in EPG-1001 route traffic to endpoints in other EPGs while minimizing flooded traffic in the fabric, the following configuration set is needed on the bridge domain:

Enable Hardware Proxy: This step involves enabling the hardware proxy feature, which allows the fabric to learn and maintain endpoint information more efficiently7.

Enable Unicast Routing: This step involves enabling unicast routing within the bridge domain, which allows for the routing of traffic between different EPGs and minimizes flooded traffic

Enabling the “disable Remote EP learn” feature in Cisco ACI has the effect of preventing border leaf switches from receiving routes through peering with external routers. This feature is particularly useful when there is a mix of Gen1 and Gen2 hardware in the fabric, as it clears all the remote endpoints from the border leaf only. Traffic will still use hardware proxy if the endpoint is not learned on the border leaf, ensuring no operational impact12.

References :=

ACI Fabric Endpoint Learning White Paper2

Cisco Community Discussion on Disable Remote EP Learn

https://unofficialaciguide.com/2018/11/29/aci-best-practice-configurations/

To determine which user is responsible for the disappearance of a previously existing port group from vCenter, the engineer should check the EPG audit logs for any ‘deletion’ actions. By comparing the affected object and the user who performed the action, the engineer can identify the responsible individual2.

The group of settings required to meet the requirements for workload migration where servers will physically terminate at the Cisco ACI, but their gateway must stay in the existing network, is:

L2 Unknown Unicast: Flood

L3 Unknown Multicast Flooding: Flood

Multi Destination Flooding: Flood in BD

ARP Flooding: Enable5

These settings ensure that the bridge domain is configured to handle unknown unicast and multicast traffic appropriately, and ARP flooding is enabled to allow for the resolution of IP addresses when the gateway is outside the fabric5.

https://www.cisco.com/c/en/us/td/docs/switches/datac enter/aci/apic/sw/migration_guides/migrating_existing_networks_to_aci.html

 In Cisco Application Centric Infrastructure (ACI), when a subnet is configured on a bridge domain, the gateway IP address is configured on the leaf switches where the bridge domain of the tenant is present. This configuration allows for localized routing within the fabric, providing efficient east-west traffic handling without requiring traffic to traverse up to the spine nodes unless necessary for north-south routing or policy enforcement.

On border leaf switches in Cisco ACI, the two types of interfaces supported to connect to an external router are subinterface with 802.1Q tagging and Switch Virtual Interface (SVI)7. These interfaces allow for the segmentation of traffic and the extension of Layer 2 and Layer 3 services to external networks7.

In the Cisco ACI fabric, Spanning Tree Protocol (STP) Bridge Protocol Data Units (BPDUs) are flooded within the bridge domain VLAN. This allows the BPDUs to be propagated throughout the bridge domain, enabling STP to function correctly for the associated VLAN.

To monitor the statistics of unicast and BUM traffic seen in a certain EPG, the collection of statistics must be enabled at the EPG level. This is done by enabling the statistics specifically for unicast and BUM traffic within the EPG settings3.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_01011.html