-
NVIDIA GTC Washington, D.C. Keynote Highlights: The Dawn of the AI Worker and Accelerated Everything
On October 28, 2025, NVIDIA CEO Jensen Huang delivered the GTC Washington, D.C. keynote, focusing on the future of technology across key strategic domains: AI, 6G, Quantum, Models, Enterprise Computing, Robotics, and Factories. His address positioned NVIDIA not just as a hardware leader but as the architect of a new industrial and economic era.
-
Understanding Policy-Based Routing in Data Center Fabrics: VxLAN EVPN
Policy-Based Routing (PBR) is the foundational mechanism for achieving redirection by utilizing access lists (ACLs) to match criteria beyond the destination IP, combined with route maps to define an alternate next-hop. This blog focuses on selective redirection of traffic flows originating from specific internal subnets toward external path different than the routing protocol calculates and…
-
DHCP in Cisco ACI
The Dynamic Host Configuration Protocol (DHCP) automates IP address assignment through a four-step dialogue known as DORA: Discover, Offer, Request, and Acknowledge. This process ensures that clients can join a network without manual IP configuration. Because DHCP discovery messages are broadcasts, they cannot cross Layer 3 boundaries. A DHCP relay policy may be used when…
-
EPG vs. ESG
The evolution of Cisco ACI’s security model from EPGs to ESGs represents a significant maturation of the platform. While EPGs were instrumental in ACI’s original design, their tightly coupled nature presented challenges in large-scale and complex environments. The ESG model directly addresses these limitations by providing a more flexible, scalable, and operationally efficient approach to…
-
ACI EPG vs. ESG – Quiz
Hey there, ACI enthusiasts! Ready to put your knowledge to the test? – Cisco ACI: EPG vs. ESG Quiz! Test your knowledge on the differences between EPGs and ESGs in Cisco ACI. In the world of Cisco Application Centric Infrastructure (ACI), understanding the subtle but critical differences between network constructs is key to building a…
-
Chat with Your ACI Fabric
ACI Fabric, Meet Your AI Assistant: The Dawn of Conversational Network Management. Model Context Protocol (MCP) is A pivotal enabler for the intelligent interaction. MCP is an emerging open standard that functions as a “universal translator” or, more colloquially, a “USB-C port for AI applications”. It provides a standardized method for AI models to connect…
-
Command Your ACI Fabric with Conversation: AI + MCP in Action
The Model Context Protocol (MCP) is reshaping the way network professionals interact with network infrastructures. Instead of relying on complex CLI commands or APIs, MCP enables natural language communication with the network. APIC-MCP-Server is a Python-based MCP (Model-Context-Protocol) server I developed to enable interactive communication with Cisco ACI fabrics through the APIC. Designed for scalability…
-
VXLAN EVPN vPC Attached External / L4-L7 Configuration – BGP
Overview In a VXLAN EVPN fabric, establishing external routed connectivity and integrating Layer 4 to Layer 7 (L4-L7) services are crucial for ensuring network security and optimizing traffic flow. Typically, external routed connections are linked to specific leaf switches known as border leaf switches. These switches handle traffic entering and exiting the VXLAN fabric. On…
-
VXLAN EVPN Multi-Site – NDFC
Belete Ageze 2xCCIE | CCDE In today’s fast-paced digital realm, businesses continually seek ways to swiftly provide adaptable services, meeting ever-changing customer expectations. They aim to enhance agility and productivity to maintain a competitive edge, while also optimizing costs and identifying opportunities for savings.. VxLAN EVPN Multi-site architecture stands out as a robust solution, addressing…
-
Configure DHCP in VxLAN EVPN Fabric
This blog delves into the intricacies of DHCP (Dynamic Host Configuration Protocol) setup within a multi-tenant VXLAN EVPN fabric. VXLAN EVPN offers the capability to segment networks logically within data centers, facilitating the creation of distinct network environments for various tenants. However, the question arises: how can you guarantee that each tenant’s devices seamlessly acquire…
-
VxLAN EVPN Fabric L4-L7 Connectivity – vPC or PC
In a VXLAN EVPN fabric, L4-L7 connectivity play a vital role in securing and optimizing network traffic. L4-L7 services are typically connected to the leaf switches, often referred to as service leaf switches. The choice between a dual-attached and single-attached L4-L7 service node design for a VXLAN EVPN fabric depends heavily on the specific requirements…
-
ACI Fallback Login
ACI fabric typically rely on external authentication mechanisms like RADIUS, LDAP, RSA, TACACS+, etc for secure logins. However, there might be situations where the primary authentication method becomes unavailable due to issues with the external authentication server or configuration problems. The ACI fallback login mechanism provides a critical safety net in such scenarios. It allows…
-
ACI Application Centric Deployment (ACD) and Subnet Sharing with Route Leaking
1. Overview In Cisco ACI, a powerful feature called route leaking enables applications and services to communicate seamlessly across Virtual Routing and Forwarding (VRF) instances. This allows for efficient data flow within the network infrastructure, even when applications reside in separate VRFs for security or isolation purposes. Route leaking achieves this by sharing routing information…
-
Cisco VxLAN EVPN Route Leaking – 2 (NDFC)
Overview This blog is a continuation of ‘Cisco VxLAN EVPN Route Leaking – 1’ – https://deliabtech.com/data-center/cisco-vxlan-evpn-route-leaking-1/ . The focus is on configuring route leaking through the use of Nexus Dashboard Fabric Controller (NDFC). Topology Goal – Green vrf imports Blue & Orange vrfs and Blue & Orange vrfs import Green vrf Assumptions Configuration 1. log…
-
Cisco VxLAN EVPN Route Leaking – 1
Overview Route leaking in Cisco VXLAN EVPN fabrics plays a critical role in enabling communication between workloads residing in different L3 VXLAN Network Segments (VNIs), VRFs. It essentially allows these workloads to seamlessly access resources and services provided by shared services or external networks. VRF (Virtual Routing and Forwarding) – VRFs are leveraged to establish…
-
VxLAN EVPN Fabrics External Connectivity – VRF Lite
Overview VXLAN EVPN fabrics address the need for workload mobility, flexible resource allocation and multi-tenancy by decoupling workloads from the underlying physical infrastructure. This enables to treat workloads as portable units that can be easily moved across different compute resources within the data center. Workloads in the data center need the ability to connect to…
-
NDFC VxLAN EVPN Fabric – Brownfield
Overview NDFC’s brownfield deployment approach streamlines the migration of existing VXLAN EVPN fabrics, previously set-up via CLI or custom scripts. This transition empowers centralized management through a user-friendly web interface, simplifying configuration tasks, promoting consistency across the fabric, and facilitating troubleshooting efforts. The migration process involves fabric discovery, configuration import from the existing environment, and…
-
Cisco VxLAN EVPN Fabric Configuration
1. Overview VxLAN EVPN fabric / architecture is one of the widely deployed DC network solutions that can be scaled to thousands of networks across a wide range of geographical regions. VLANs have been used to provide network segmentation in data center networks. But it’s limitation on addressing the growing need of scale, multi-tenancy and…
-
Underlay Multicast Routing for VxLAN BUM Traffic
Belete Ageze – 2xCCIE | CCDE Overview While Cisco VxLAN leverages BGP EVPN for the control plane, it requires mechanisms to manage Broadcast, Unknown Unicast, and Multicast (BUM) traffic within the VxLAN fabric. VxLAN fabrics typically rely on multicast replication in the underlay network to efficiently forward BUM traffic. Although ingress replication serves as an…
-
Cisco iCAM Monitor
Overview Cisco iCAM – intelligent CAM (Content Addressable Memory) Analytics and Machine learning is a feature available on Cisco Nexus switches. It provides functionalities focused on resource monitoring and analysis for various switch functions and features like; Cisco iCAM Benefits iCAM provides resource monitoring and analytics for different functions and features on supported switches. It…
-
ACI Data Plane Policing (DPP): A Deep Dive on L3Out Bandwidth Control
1. Overview and Core Concepts Data Plane Policing (DPP) is a crucial ACI feature used to manage and restrict bandwidth consumption on specific fabric access interfaces, ensuring efficient and controlled use of network resources. This blog uses an ACI fabric running 5.2(7f) and focuses on Data Plane Policing of l3Out interfaces. Action on Excess Traffic:…
-
ACI Route Leaking – Shared Services (Network Centric Deployment)
Cisco ACI (Application Centric Infrastructure) uses route leaking technique to allow routes to be shared between VRFs in the same tenant or in different tenants. Route leaking reduces routing devices involved in a multiple VRF environment and improve network performance by avoiding traffic to use outside path for inter-VRF communication. But accidental route leaking can…
-
Cisco ACI Contract
Cisco ACI security architecture is based on allow-list where explicit definition of traffic flow need to be defined. Contract is a foundation for ACI security architecture where communication between EPGs|ESGs is defined. The contract relationship is between ESGs, EPGs (regular or uSig EPGs) or within EPG|ESG for intra-EPG contract.
-
Cisco ACI Floating L3Out
ACI uses L3Out to connect to external L3 domains via routing (dynamic routing protocol or static). There are multiple options and tools to optimize the L3Out for effective L3 communications between ACI and external network services. One of those is Floating L3Out. Floating L3Out enables engineers to configure L3Out without specifying logical interfaces. Floating L3Out…
-
ACI Rogue/Coop Exception List
ACI has a feature, ‘ACI Rogue/Coop Exception List’, to mitigate the impact of rogue endpoint control and coop endpoint dampening on some legitimate frequent traffic movement during server initialization, firewall failover and others.
-
ACI Multi-site Intersite L3Out
Starting from release 4.2(1) ACI allows to configure an intersite L3Out on a multi-site ACI fabric. This feature enables for an endpoint in a site to send traffic to Layer 3 resources accessible via a remote L3Out connection. Before release 4.2(1) endpoints deployed in a given site can communicate with the external network domain only…
-
ACI Multi-site Object Naming Consideration
Designing ACI multi-site object names should not be an after thought since it has an implication during inter-site communication deployment. When contract with the right scope is applied between site-local EPGs the ACI objects are mirrored on the remote sites. The mirrored objects appear as if they are deployed in each of these sites’ controllers,…
-
ACI TCAM Resource Utilization and Optimization
Policy CAM and TCAM In this article, I will discuss ACI TCAM resource utilization and optimization. In ACI policy, contract/filters are programmed in Policy CAM and Overflow TCAM (OTCAM). The policy CAM, Content Addressable Memory, is the hardware resource used by Cisco switches. Cisco ACI leaf switches use policy CAM to allow filtering of traffic…
-
Configuring Syslog in Cisco ACI -UDP, TCP, TLS
Syslog messages A syslog in Cisco ACI can be configured to leverage system messages for troubleshooting and optimization of the ACI fabric. A fault or an event can trigger to send a log message to the console and to a logging server, if configured. A system message typically contains a subset of information about the…
-
Cisco ACI Role Based Access Control (RBAC) with ISE as TACACS+ provider
This blog post focuses on ACI Role Based Access Control (RBAC) configuration. Demonstrates step by step configuration of ACI and ISE (TACACS+ provider) to achieve the use case which is to provide multi-tenant access control. Users can only access the tenants they are assigned to. Members of infra-admin will have full access to all tenant…
-
ACI Contract Priority
This blog post will focus on ACI contract priority. Contract is applied in a provider / consumer relationship and a leaf program a security policy (zoning rules) on TCAM (Ternary Content Addressable Memory). Zoning rule entry defines an action (permit, deny, redirect, log) based on the source EPG, the destination EPG, and filter. The source…
-
ACI Contract Priority Infographic Video
The infographic video will focus on ACI contract priority. Contract is applied in a provider / consumer relationship and a leaf program a security policy (zoning rules) on TCAM (Ternary Content Addressable Memory). Zoning rule entry defines an action (permit, deny, redirect, log) based on the source EPG, the destination EPG, and filter. The source…
-
ACI Contract
The ACI security architecture plays a foundational role toward Zero Trust architecture and Micro Segmentation initiatives in data center. In this blog post ACI contract structure, contract inheritance, contract labels are discussed. EPG|ESG classification, policy enforcement, and ways of deploying contracts from Macro to micro level are also covered.
-
Two Arm Load Balancer with ACI PBR destination in an L3out
When inserting a load balancer into a Cisco ACI fabric, it is important to understand the desired traffic flow, the advantage of using the ACI fabric anycast gateway, the benefit of selective traffic redirection and if DSR is required. Load balancers can be inserted into ACI fabric using the following deployment options. Policy based redirect…
-
ACI Custom EPG Name for Simple and Meaningful Port Group Naming
An EPG with VMM domain association creates a port group on the APIC managed DVS. The name for the port group defaults to ‘Tenant_name|AP_name|EPG_name’. The name, depending on how the tenant, application profile and EPG are named, may not be simple or meaningful for the VMWare admin. The solution is custom EPG name. An EPG…
-
One Arm Load Balancer with ACI PBR Destination in an L3out
When inserting a load balancer into a Cisco ACI fabric, it is important to understand the desired traffic flow, the advantage of using the ACI fabric anycast gateway, the benefit of selective traffic redirection and if DSR is required. Load balancers can be inserted into ACI fabric using the following deployment options. Policy based redirect…
-
One Arm Load Balancer with ACI Policy Based Redirect
When inserting a load balancer into a Cisco ACI fabric, it is important to understand the desired traffic flow, the advantage of using the ACI fabric anycast gateway, the benefit of selective traffic redirection and if DSR is required. Load balancers can be inserted into ACI fabric using the following deployment options. Policy based redirect…
-
VxLAN EVPN Multi-Site Configuration
VxLAN EVPN Multi-site architecture is one of the widely deployed DC network solutions that can be scaled to thousands of switches across a wide range of geographical regions. VxLAN and MPBGP creates a powerful technology used to build a large, secure, and resilient multi-tenant web scale fabric that can scale to host hundreds of thousands…
-
Cisco ACI Transit Routing: A Step-by-Step Configuration Guide
ACI fabric supports transit routing. This feature enables a border leaf to perform bidirectional redistribution between routing domains. A transit traffic can pass from one layer 3 domain to another layer 3 domain through ACI (the ACI acting as a transit between the two layer 3 domains). A transit route is defined to import traffic…