Importance of Remote Endpoint Learning in Cisco ACI: A Deep Dive

Importance of Remote Endpoint Learning in Cisco ACI: A Deep Dive

A revolutionary approach to network design, Cisco Application Centric Infrastructure (ACI) is redefining how data centers are run and maintained. The idea of endpoint learning, a key component that improves the agility, security, and effectiveness of contemporary networks, is at the core of ACI

"Remote Endpoint Learning," a dynamic feature that is essential to network administration and security, is one aspect of this. Let's examine the importance of remote endpoint learning inside the Cisco ACI framework in more detail.

What is Cisco ACI ?

Cisco Application Centric Infrastructure (ACI) is a Next generation SDN solution and is designed for data centers spine-leaf architecture for the policy-driven solution. Cisco ACI provides application agility and data center automation with simplified operations.

Importance of Remote Endpoint Learning in Cisco ACI: A Deep Dive
Fig 1.1- Cisco ACI Infra

Cisco ACI learns a MAC or IP address as a remote endpoint when a packet reaches a Cisco ACI leaf switch from another leaf switch via a spine link.

⭐ Step 1: The packet with source Mac A and source IP B is received by the switch from the spine switch. If the VXLAN has bridge domain information, the switch recognizes mac A as a remote endpoint. If the VXLAN has VRF information, the switch recognizes IP B as a remote endpoint.

⭐ Step 2: When EP1-1 sends ICMP traffic to EP1-2, both of which are in the same EPG. Because EP1-2's Mac is unavailable, EP1-1 produces an arp request to discover the mac mapped to EP1-2, and when it reaches Leaf-1, Leaf-1 learns the IP address, Mac, and port at which EP1-1 is linked in the endpoint table and informs the Spine about the local endpoint using COOP Protocol.

⭐ Step 3: When the leaf receives traffic from the front panel, it first looks at the entry in the endpoint table; if no entry for the destination IP VTEP is present, it then checks the Routing Table to see if there is an entry (Pervasive route) for the subnet to which the destination IP belongs towards the Anycast TEP address of the Spine. Given that ARP flooding is off in Bridge Domain.

⭐ Step 4: Before delivering the packet to the Spine, Leaf-1 will wrap it using the VXLAN header. The Source EPG and either the BD or VRF VNI are appended to the VXLAN header. If the traffic is L2 (inside the same subnet), BD VNI is added, and if it is L3 (between subnets), VRF VNI is added. It inserts an external header containing the source IP of VTEP1 and the destination IP of Spine's Anycast TEP. Because the connection occurs between BD-1 endpoints, BD-1 VNI is used.

⭐ Step 5: When the Spine receives the traffic, the packet is discarded because the Spine has no entry for EP1-2. Spine now sends an ARP Glean packet to all leaf switches with the target IP of EP1-2. The leaf with an associated subnet of destination IP matches accepts the packet, while the remainder discard it.

⭐ Step 6: The ARP request is sent to the downlink port by the Leaf that receives the packet. EP1-2 sends the ARP answer to Leaf 2, and Leaf 2 updates its endpoint table and sends it to the Spine through COOP.

⭐ Step 7: When Leaf-1 receives an ARP Request from EP1-1, it sends it to Spine, which rewrites the packet with the target IP from its VTEP Anycast to Leaf-2's VTEP IP. When Leaf-2 receives the packet, it learns the Source MAC address since the BD VNI is included in the VXLAN header. The outer header is de-capsulated by Leaf-2 and sent to EP1-2.

⭐ Step 8: When EP1-2 receives an ARP Request, it forwards the ARP Response to Leaf-2. Leaf-2 will make the forwarding choice based on the entry in the endpoint table, encapsulate the packet in VXLAN, and forward it via the tunnel.

⭐ Step 9: Leaf-1 learns the distant endpoint information when it receives the packet. Leaf-1 learns the source MAC in these circumstances, as the VXLAN BD VNID is populated. The outer header is decapsulated by Leaf-1 and sent to EP1-1.

Continue Reading...