L3 Datapath Scenarios
Let’s understand how L3 Forwarding is done. Forwarding flow of the left side is based on L2 that was already explained earlier.
If the packet coming into leaf is L3 based, the first thing leaf checks is familiarity with destination IP address of EP. If the leaf switch already knows the IP address it forwards the packet to local port (if destination IP is on local leaf) or to remote leaf (if destination IP is not on local leaf).
If leaf doesn‘t know the destination IP address of EP, it will check its routing table to see if it has BD subnet for that destination IP in its routing table.
If BD subnet is present, ingress leaf will forward the packet to Spine Proxy. Spine Proxy will check its COOP database and forward the packet to remote leaf or start with ARP glean (if destination IP is not in COOP database).
If BD subnet is not present in routing table, it searches for any other entry in routing table. If there is a L3Out route the ingress leaf will forward the packet to appropriate border leaf. If there isn‘t any route in the routing table, ingress leaf will drop the packet.
Pervasive GW is configured as “Subnets” under BD .Pervasive GW is a default GW and at the same time
Represents subnets (IP ranges) which belong to the BD. Pervasive GW is installed as SVI to all leaf switches which have Endpoints for the BD (so that every server can have one-hop away default GW) When multiple Pervasive GWs are configured on the same BD, SVI will have secondary IP Pervasive Routes may be propagated to leaf switches that don’t have local EP for that BD.
BD-A/EPG-A only on Leaf-1, BD-B/EPG-B only on Leaf2 and a contract is tied between EPG-A and B. SVI-A is created on Leaf-1, SVI-B is created on Leaf-2 due to the contract
- Route-A is installed on Leaf-2 without SVI-A
- Route-B is installed on Leaf-I without SVI-B
From version 3.0 you have an option to select “No default SVI Gateway.” If you enable this, Pervasive SVI will not be configured for this subnet. It is used to leak more specific prefix routes to other VRFs. Also, when using Cisco ACI Multi-Site with this APIC fabric domain (site), indicates that the VRF, EPG, or BD using this subnet are mirrored from another site, which has a relationship to this site through a contract. Do not modify or delete the mirrored objects.
Pervasive Gateway Example 1:
On this slide there is an example to see where pervasive GW will be programmed. Pervasive GW 192.168.0.254/24 is programmed on first three leaf switches because there are endpoints belonging to EPGs that are part of BD1. On the fourth and fifth leaf there is no endpoint from EPG 1, 2 or 3 so GW 192.168.0.254/24 is not programmed on those two leaf switches.