What are the two types of VLANs used in Cisco ACI?

Cisco ACI uses two types of VLANs. External VLANs are used for device connectivity and communication outside the fabric, while internal VLANs, also known as Platform Independent (PI) VLANs, are locally significant VLANs assigned by APIC per EPG or bridge domain on each leaf switch.

How does the Cisco ACI approach to VLANs differ from traditional switching?

Unlike traditional switching, Cisco ACI does not rely on VLAN-based internal forwarding. External VLANs are mapped to Flooding Domains, Bridge Domains, and VXLAN IDs at the ingress leaf, while internal traffic is forwarded using VXLAN encapsulation instead of VLAN switching.

What is a PI VLAN in Cisco ACI?

A Platform Independent (PI) VLAN is an internal VLAN locally provisioned on each leaf switch for an EPG or bridge domain. PI VLAN numbers can differ from leaf to leaf and are not constrained by traditional VLAN numbering.

What is the BD-VLAN in Cisco ACI?

The BD-VLAN represents a Bridge Domain in Cisco ACI. It aggregates multiple flooding-domain VLANs and hardware VLANs and helps APIC determine whether traffic should be locally switched on the leaf or forwarded upstream. Access VLANs mapped to the same BD-VLAN belong to EPGs under the same bridge domain.

VLAN Encapsulation in ACI – Deep Dive

VLAN Encapsulation in ACI

There are two types of VLANs used in ACI

External VLAN: Used for External Communication and Integration
Internal VLAN: It is also called as Platform Independent Vlan whose scope is local to each leaf. ACI has no control how Platform VLAN is allocated to traffic going via leaf. APIC allocates PI VLAN per EPG, Per BD and these allocation is local to leaf and is different to each Leaf.

Cisco ACI fabric internally does not use VLANs as traditional switches but it translates externally connected VLANs to Flooding Domain, Bridge Domain and VXLANs. All of this is happening at the ingress to the fabric.

Here we can see the ACI has allocated the Platform VLAN to each VLAN which its receives from ingress port. Example from port Eth1/11, Traffic comes to Leaf with encapsulation of Ethernet vlan 1675 and upon receive, it allocates VLAN 12 randomly on that leaf switch.

show vlan extended output command you can see how internal VLANs are encapsulated to VXLANs or external VLANs. With this command, you can easily see which external VLANs are used on the particular leaf switch.

There are various Internal Platform VLAN used by ACI on each Leaf and they are independent to each other. Several VLANs exist on a leaf switch. There are two commands most commonly used for troubleshooting purposes: show vlan extended and show system internal eltmc info vlan brief. In the output of the later command you can see a table with several different VLANs:

Different Platform VLANs used in ACI are:

VlanId: is the PI (platform independent) VLAN of the system and is locally significant to each switch. This is the same VLAN as seen in the output of the command show vlan.

Hw_VlanId: is the VLAN used in ASICs but is usually not relevant for a user.

BD-VLAN: is used to represent a bridge domain and can link multiple FD-VLANs (encap VLANs) together with multiple hardware VLANs and internal VLANs. It is one forwarding aspect used by the Broadcom ASIC to determine if traffic should be locally switched or forwarded to the Northstar ASIC for processing. The BD-VLAN connects different local FD-VLANs to a single bridge domain, and is used on the Broadcom ASIC to determine the Layer 2 broadcast domain. If for example two different access_enc VLANs have the same BDVlan ID it means they belong to two EPGs that are part of the same BD.

GENERAL FAQ

. What are the two types of VLANs in use within Cisco ACI?

Cisco ACI has two VLAN types:

• External VLANs – these are external communication and device connectivity VLANs.

• Internal VLANs (Platform Independent VLANs) – unique at the local leaf, assigned by APIC per EPG and bridge domain.

. How does the ACI approach to VLANs differ from traditional switching?

ACI does not pin internally based on VLANs. Instead, it encapsulates external VLANs to Flooding Domains, Bridge Domains, and VXLAN IDs at the ingress leaf. The internal forwarding is not VLAN-based switching, but VXLAN encapsulation.

What is a PI VLAN in ACI?

PI VLAN is an internal VLAN provisioned locally on each leaf for an EPG or bridge domain. It can vary from leaf to leaf and is not imposed by the regular VLAN numbering.

What is the BD-VLAN in ACI?

The BD-VLAN is equivalent to a Bridge Domain. It ties together multiple Flood Domain VLANs and hardware VLANs and is used by the APIC to decide whether traffic should be locally switched or sent upstream. If access VLANs have the same BD-VLAN, they are in EPGs under the same bridge domain.

Comment

You are will be the first.

Please login here to comment.

EMAIL SUPPORT

LOCATION

VLAN Encapsulation in ACI – Deep Dive

VLAN Encapsulation in ACI

GENERAL FAQ

. What are the two types of VLANs in use within Cisco ACI?

. How does the ACI approach to VLANs differ from traditional switching?

What is a PI VLAN in ACI?

What is the BD-VLAN in ACI?

Comment

LEAVE A COMMENT

TABLE OF CONTENTS

RECENT POSTS

Membership Plan

$100/Monthly

$200/6 Months

$350/Year