EPG Archives - Think Smarter. Design Smarter. Build Smarter Networks.

DHCP in Cisco ACI

The Dynamic Host Configuration Protocol (DHCP) automates IP address assignment through a four-step dialogue known as DORA: Discover, Offer, Request, and Acknowledge. This process ensures that clients can join a network without manual IP configuration.

Because DHCP discovery messages are broadcasts, they cannot cross Layer 3 boundaries. A DHCP relay policy may be used when the DHCP client and server are in different subnets. ACI’s built-in DHCP relay function solves this by intercepting the broadcast and forwarding it as a unicast packet to a configured DHCP server.

DHCP in Cisco ACI Read More »

EPG vs. ESG

Leave a Comment / Belete Ageze

The evolution of Cisco ACI’s security model from EPGs to ESGs represents a significant maturation of the platform. While EPGs were instrumental in ACI’s original design, their tightly coupled nature presented challenges in large-scale and complex environments. The ESG model directly addresses these limitations by providing a more flexible, scalable, and operationally efficient approach to security.

The ESG’s ability to decouple security policy from forwarding, expand its scope to the VRF level, and leverage dynamic endpoint selectors allows network professionals to align their security posture with business logic in a way that was not previously possible. This shift not only simplifies complex tasks like route leaking and brownfield migrations but also conserves valuable hardware resources.

The decision of whether to primarily utilize EPGs or ESGs hinges on your specific application requirements and design philosophy.

EPG vs. ESG Read More »

ACI EPG vs. ESG – Quiz

Leave a Comment / Belete Ageze

Hey there, ACI enthusiasts! Ready to put your knowledge to the test? – Cisco ACI: EPG vs. ESG Quiz! Test your knowledge on the differences between EPGs and ESGs in Cisco ACI.

In the world of Cisco Application Centric Infrastructure (ACI), understanding the subtle but critical differences between network constructs is key to building a robust and secure fabric. While you might be very familiar with Endpoint Groups (EPGs) and their role in defining both forwarding and security policy, ACI 5.0 introduced a new player to the game: Endpoint Security Groups (ESGs).

Are you ready to see if you can tell the difference? Let’s dive in and find out if you’re an EPG expert or an ESG master!

ACI EPG vs. ESG – Quiz Read More »

ACI Application Centric Deployment (ACD) and Subnet Sharing with Route Leaking

Leave a Comment / Belete Ageze

1. Overview In Cisco ACI, a powerful feature called route leaking enables applications and services to communicate seamlessly across Virtual Routing and Forwarding (VRF) instances. This allows for efficient data flow within the network infrastructure, even when applications reside in separate VRFs for security or isolation purposes. Route leaking achieves this by sharing routing information

ACI Application Centric Deployment (ACD) and Subnet Sharing with Route Leaking Read More »

Cisco ACI Contract

Leave a Comment / Belete Ageze

Cisco ACI security architecture is based on allow-list where explicit definition of traffic flow need to be defined. Contract is a foundation for ACI security architecture where communication between EPGs|ESGs is defined. The contract relationship is between ESGs, EPGs (regular or uSig EPGs) or within EPG|ESG for intra-EPG contract.

Cisco ACI Contract Read More »

Cisco ACI Floating L3Out

Leave a Comment / Belete Ageze

ACI uses L3Out to connect to external L3 domains via routing (dynamic routing protocol or static). There are multiple options and tools to optimize the L3Out for effective L3 communications between ACI and external network services. One of those is Floating L3Out.

Floating L3Out enables engineers to configure L3Out without specifying logical interfaces. Floating L3Out makes configuration, management, and troubleshooting easier. Only specific leaf nodes, called anchor leaf nodes establish routing adjacencies with external routers.

Anchor leaf node – is a leaf node that establish route peering / L3 adjacencies with the external routers. As of Cisco ACI release 6.0(1), the verified scalability number of anchor leaf nodes is 6 per L3Out.

Cisco ACI Floating L3Out Read More »

ACI Multi-site Intersite L3Out

Leave a Comment / Belete Ageze

Starting from release 4.2(1) ACI allows to configure an intersite L3Out on a multi-site ACI fabric. This feature enables for an endpoint in a site to send traffic to Layer 3 resources accessible via a remote L3Out connection. Before release 4.2(1) endpoints deployed in a given site can communicate with the external network domain only through a local L3Out connection.

ACI Multi-site Intersite L3Out Read More »

ACI Multi-site Object Naming Consideration

Leave a Comment / Belete Ageze

Designing ACI multi-site object names should not be an after thought since it has an implication during inter-site communication deployment. When contract with the right scope is applied between site-local EPGs the ACI objects are mirrored on the remote sites. The mirrored objects appear as if they are deployed in each of these sites’ controllers, while only actually being deployed in one of the sites. These mirrored objects are called “shadow” objects and they appear with the same names as the ones that were deployed directly to each site. Because of the shadow objects requirement for inter-site communication between site-local EPGs, this blogs focus on ACI multi-site object naming consideration an engineer need to be aware of.

ACI Multi-site Object Naming Consideration Read More »

ACI TCAM Resource Utilization and Optimization

1 Comment / Belete Ageze

Policy CAM and TCAM In this article, I will discuss ACI TCAM resource utilization and optimization. In ACI policy, contract/filters are programmed in Policy CAM and Overflow TCAM (OTCAM). The policy CAM, Content Addressable Memory, is the hardware resource used by Cisco switches. Cisco ACI leaf switches use policy CAM to allow filtering of traffic

ACI TCAM Resource Utilization and Optimization Read More »