EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Application Profile & EPG Configuration

Application Profile & EPG Configuration

Posted on Jan 24, 2020 (0)

Application Profile & EPG Configuration

EPG:

EPG is group of object that require similar policies. EPGs are logical entity containing a collection of endpoints with common policy requirement example Security , L4-L7 Services etc. Traffic from endpoints is grouped in to EPGs based on various configuration, and these endpoints are classified in to three types.

  • Physical Endpoints
  • Virtual Endpoints
  • External Endpoints

It must be distinguished how hardware classifies and how the transport on the wire keeps traffic. Now we will see how Hardware or administrative based on configuration classify the traffic.

  • Hardware (based on ASIC model) can classify the traffic as follows:
  • Based on VLAN or VXLAN encapsulation
  • Based on port-VLAN or Port-VXLAN
  • Based on network and mask or IP address for traffic originated outside the fabric, these traffic can be considered as part of L3 external traffic.
  • Based on source MAC address.

Now from administrative perspective, following traffic classification configuration possibilities is used for incoming traffic to the leaf as follows:

  • Based on VLAN encapsulation
  • Based on port and VLAN
  • Based on network and mask or IP address for traffic originated outside the fabric, these traffic can be considered as part of L3 external traffic.
  • Based on source IP address or subnet
  • Based on source MAC address.

EPG mapping options:

  • Map an EPG statically to a port and VLAN
  • MAP an EPG statically to a VLAN switch wide on a leaf.
  • MAP an EPG to a VMM domain

If you configure EPG mapping to a VLAN switch wide (using a static leaf binding), Cisco ACI configures all leaf ports as Layer 2 ports. If you then need to configure an L3Out connection on this same leaf, these ports cannot then be configured as Layer 3 ports. This means that if a leaf is both a computing leaf and a border leaf, you should use EPG mapping to a port and VLAN, not switch wide to a VLAN.

Connecting EPG to External Switch:

If two external switches are connected to two different EPGs within the fabric, you must ensure that those external switches are not directly connected outside the fabric. It is strongly recommended in this case that you enable BPDU guard on the access ports of the external switches to help ensure that any accidental direct physical connections are blocked immediately.

Below is the figure to describe this.


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.