L2 external network with ACI
L2 External Network with ACI
This topic will help you to understand how and what methods are used to extend the layer 2 network outside the ACI fabric.
There are various methods extend the layer 2 domain beyond ACI fabric.
- Extending the EPG out of the ACI Fabric: An EPG can be extended out of ACI fabric by statically assigning port to an EPG. As soon as leaf receives the traffic and determines the end point information, it assigns the traffic to Proper EPG by matching the VLAN ID on port.
- Extending the Bridge Domain out of the ACI Fabric: It is also possible to extend the bridge domain by creating the layer 2 outside connection (External Bridge network). By doing so, it extend the bridge domain to the outside network.
Now we will be discussing the both above scenarios in detail.
Extending the EPG out of the ACI Fabric:
An EPG can be extended out of ACI fabric by statically assigning port with VLAN ID to an EPG. Once it is done traffic received on the leaf port which is configured in particular VLAN ID, will be mapped to the EPG and the policy for this EPG will be enforced to leaf switch. END points can be directly connected to leaf ports or it can be behind a layer 2 network and is connected to ACI fabric.
To configure the port to an EPG, we have to follow the following steps:
- Go to Tenant -- Application Profiles – EPG – Static Port.
- Click the ACTION menu to assign the port to an EPG.
Below example shows interface eth1/15 from leaf node 101 is assigned to VLAN 10 which is WEB EPG.
Here there are two option available:
- Deployment Immediacy: It means when actual configuration will be applied on leaf switch, its related configuration and policy will be programmed right away. And the Option ON-Demand will enforce the EPG and its related Policy on leaf switch hardware only when data frame is received for this EPG.
- Mode: Mode has three options, Trunk means the port will be configured as Trunk port, if it is trunk port then it will except the received frame tagged with VLAN ID. Access (802.1P) means Leaf will except the frame untagged.
The Following figure is the USE case or various ways of extending EPG to Outside Network:
- Option 1: Connecting Physical Server to ACI fabric
- Option 2: Connecting Hypervisor Platforms like Xen , KVM integrated with APIC to ACI fabric
- Option 3: Connecting legacy Ethernet network to ACI , which connect the legacy Ethernet network of DC
For Legacy network, each of the VLAN in the legacy network will be mapped to an EPG in the ACI fabric, ACI leafs will provide the Layer 3 forwarding between VLANs by enforcing contracts between EPGs.
All Endpoints which are learned on the non-fabric uplinks are stored on Local Station tables and Endpoints (remote endpoints) that are learned on fabric uplinks ports are stored on global station table.