Cisco ACI: Understanding Bridge Domain (BD)
Cisco ACI: Understanding Bridge Domain (BD)
A revolutionary approach to network design, Cisco Application Centric Infrastructure (ACI) is redefining how data centers are run and maintained. The idea of endpoint learning, a key component that improves the agility, security, and effectiveness of contemporary networks, is at the core of Cisco ACI.
It is a Next generation SDN solution and is designed for data centers spine-leaf architecture for the policy-driven solution. Cisco ACI provides application agility and data center automation with simplified operations.
⚡ What is Cisco ACI ? 📜
Cisco Application Centric Infrastructure (ACI) is a Next generation SDN solution and is designed for data centers spine-leaf architecture for the policy-driven solution. Cisco ACI provides application agility and data center automation with simplified operations.
Cisco Application Centric Infrastructure (ACI) uses Spine-Leaf architecture as you know and is typically deployed as two layers: spines (like an aggregation layer), and leaves (like an get right of entry to layer). spine-leaf topologies provide excessive-bandwidth, low-latency, non-blocking server-to-server connectivity.
⭐Related : Understanding the Physical Requirements of a Cisco ACI Solution
⚡ What is Bridge Domain in Cisco ACI ?
A Cisco ACI Bridge Domain (BD) is a Layer 2 construct within the Cisco ACI fabric that serves several key functions:
- Layer 2 Forwarding and Broadcast Gateway: By defining a distinct MAC address space and acting as the broadcast boundary, it functions as a Layer 2 forwarding domain. It thereby controls how traffic within the fabric is handled, whether it be broadcast, multicast, or unknown unicast.
- Association with VRF: A bridge domain must be linked to a Virtual Routing and Forwarding (VRF) instance, also known as a context or private network. This linkage is crucial for integrating Layer 2 and Layer 3 functionalities, where the VRF defines a unique IP address space that can consist of multiple subnets defined in one or more bridge domains
- Anycast Gateway: Within a bridge domain, users can establish an Anycast Gateway that serves as the default gateway for hosts connected to the fabric. This makes routing and communication within and across subnets more efficient.
- Subnet Configuration: One or more subnets can be configured using bridge domains. Subnets have the option to be designated as shared, private, or public, which changes how they are visible and operate while routing both inside and between tenants. This flexibility allows for a variety of networking scenarios, such as access to external networks, shared services among tenants, and isolated networks within a tenant.
⭐Related : Importance of Remote Endpoint Learning in Cisco ACI: A Deep Dive
Lets take an scenario to understand the Bridge domain in detail working with VRF and EPG within a Tenant
⭐ BD: Bridge Domain
⭐ EPG : End Point Group
⭐ AP: Application Profile
 |
| Fig 1.1- Bridge Domain (BD) in Cisco ACI |
⭐ Broadcast Domain 1 (BD-1)
BD-1 is not linked to any VRF and it is L2 Only, so the IP addresses of Endpoint 1 and Endpoint 2 are totally irrelevant to Cisco ACI. Cisco ACI will not even register those IP addresses.
As it turns out, Endpoint 1 and Endpoint 2 are on the same subnet, so will be able to communicate. If they were on different subnets, they would need a router to communicate, just like normal L2 networks
⭐ Broadcast Domain 2 (BD-2)
Bridge Domain BD-2 which has been assigned two IP addresses which serve as the default gateway IP addresses for Endpoint 3 and Endpoint 4 respectively.
They are both mapped to EPG-2 which is linked to Bridge Domain BD-2 which has been assigned two IP addresses which serve as the default gateway IP addresses for Endpoint 3 and Endpoint respectively.
Endpoints 3 and Endpoint 4 can interact freely in an Cisco ACI environment without a contract because they are both assigned to EPG-2.
As Bridge Domain BD-2 is linked to VRF1, the routes for 15.15.15.0/24 and 16.16.16.0/24 will be exist on any leaf switch that either Endpoint 3 or Endpoint 4 is attached to, within VRF-1.
⭐ Broadcast Domain 3 (BD-3)
Endpoint 5 and Endpoint 6 as they are each mapped to different EPGs, and even though both EPGs (EPG-3 and EPG-4) are linked to Bridge Domain BD-3 and both endpoints share the same default gateway, they will not be able to communicate in Cisco ACI without a contract.
It is not possible to accomplish this level of control over two endpoints in the same subnet in a typical L3 routed network.
As Bridge Domain BD-3 is linked to VRF-2, the route for 17.17.17.0/24 will be exist on any leaf switch that either Endpoints 5 or Endpoint 6 is attached to, within VRF-2.
⭐ Broadcast Domain 4 (BD-4)
Endpoint 7 and Endpoint 8 are mapped to the same EPG-5, which in turn is linked to Bridge Domain BD-4 but BD4 has no IP addresses. Instead, the IP addresses that serve as the default gateway IPs have been assigned to EPG-5 instead.
As Endpoint 7 and Endpoint 8 are both mapped to EPG-5 then they are able to communicate freely in an Cisco ACI environment without any contract.
As Bridge Domain BD-4 is linked to VRF2, the routes for 15.15.15.0/24 and 18.18.18.0/24 will be exist on any leaf switch that either Endpoint 7 or Endpoint 8 is attached to, within VRF2.
- Cisco ACI Fabric APIC Discovery - The Network DNA
- Leveraging Cisco ACI APIC and MSO for Data Center Transformation
- Understanding the Physical Requirements of a Cisco ACI Solution
- Cisco ACI: DHCP Relay Support - The Network DNA
- Cisco ACI: Multi-Site Stretched Layer 2 (No-Flooding)
- Cisco ACI: Multi-Site Stretched Layer 2 (Flooding)
- Cisco ACI: Multi-Site Stretched Layer 3
- Cisco ACI: Control Plane components
- Cisco ACI : VMM (Virtual Machine Manager)
- Cisco ACI Infra: ASAv (Adaptive Security Virtual Appliance)
