ACI Packet Forwarding

1. Section 2.0 ACI Packet Forwarding

Now we have reached section number 20 of ACI packet forwarding. Now in this section we have to learn about the ACI packet forwarding behavior and total weight. As you can see, that is 15%. So let's start this and check what the topics we have inside this are. First of all, we should understand the meaning of "end point." So, what exactly does the term "end point" mean? And then in two, we have to understand the actual packet forwarding. Now, what I have done for section two here is that for section two. I have a total of three videos. One video defining what is an endpoint and two follow-up videos I'm giving just for the sake of knowledge of what is VXLAN or Ibxlan that is going to be used inside the ACI fabric. So one video is for endpoint, one video is for VXLAN, and the next video is the VXLAN encapsulation. So please watch the three videos after this and then we are going to start section two.

2. What is ACI Endpoint

Let us understand that. What does it mean by "end point"? Now, there is a difference between the existing data center and the ACI data center. That's how you're building the ripped table, the endpoint table, and the Mac table, for example, and how you're building the app table. So there is a difference in between. That's the end point. Here we can see the definition is that it consists of one Mac and zero or more IP. So either it can be Mac addresses, or it can be Macplus IP, or it can be Mac plus more IP addresses. That's the definition of an endpoint. Here you can see in the diagram that you have the Mac address. Obviously, layer two frame, then you have only a Mac address. This means if you want to do the communication only with layer two communication, or if you have layer two extension from one DC to another DC. So you can do Mac-based communication. At that time, the endpoint will have the Mac entry. Then you have a Mac plus IP, or you have a Mac plus more than one IPS. So this is the definition of the end point. Now, if you want to compare the traditional network with the ESL network, there are slight changes.

So, in a traditional network, we know that everything, including slash32, will be present in the rip table. However, in the ACI, all tables except the slash 32 are excluded because the slash 32 goes inside the end point. So you have a new term here, endpoint entry, where you have the Mac and slash 32 IPS. Because the last 230 or possibly 128 IPS will be used as a VTIP, VXL, and TL endpoint. correct? And then finally, we have the slight change in the app as well. We know that. IP to mac. The Mac to IP is the ARP table. But in ACI, the significance of the ARP is only for the layer three outside or L three out cancer of the ARP is on So it's actually interesting. One of the core pieces inside ACI is the end point where you have the Mac plus the IP 32or slash one to eight in the case of IPV six. How can you check this? Obviously, you can go and check show endpoint and then the Mac and the IP. These are the keywords that you can see and use to the left. So you have an endpoint here who has the Mac and IP. And again, in the upcoming series of videos, you will learn more and more and more about this. So, first of all, when you go and communicate with the leaf, the leaf will learn the Mac and the IP if it's an IP related package. And then suppose you want to send the packet to the destination. Suppose if you don't know the destination, you’ll go and do the query with the spine. And if the spine has that entry, it will tell you this way you can reach it. If the spine doesn't have then in the case of L three complications, they can do ARP cleaning and then it will do the query on behalf of you and then it will tell you how to reach that particular n it will do the que.

So you can see that the endpoint has a Mac IP address as well as multiple IP addresses. Now there are two different endpoints. We may have local and remote endpoints. At the local endpoint, we have a Mac address and an IP address. Interestingly, At the remote endpoint, you have either one Mac or one IP address. So when you're doing L-three out communication, then you are learning the endpoint entry. So at that time, you're learning either the IP or the Single Mac. So one Mac or one IP address range is that they are stored in the coup database. The remote endpoint scope is only on each leaf as a cash entry for up to 300 seconds by default. The local endpoint can be there for up to 900 seconds. You can verify it if you have a command show endpoint IP in the case of a local endpoint. And here you can see the keyword called "local." And then each interface, actually the front panel interface, you’re learning that in the case of a remote endpoint, you can check the tunnel and here you can go and check the VXLAN and you can check the scoop that will be the VR label. So this way, we can go and run the command and we can get more information about IP Mac.

If you have the access encapsulation VLAN, and you have the Pi platform independent VLAN as well, you can go and check these very important commands show endpoint and we'll get that now the local and remote endpoint are learning how it is happening again. You may have L two packets. You may have L three packets, right? So in the case of, for example, L two packets, what would you do with ACI leaf learning Mac address if you have L two packets? If you have a packet or if you have a routed packet, then you will go and learn the IP and the Mac, correct? So you have three packets. An example is ARP and routing where you are learning the IP and the Mac. If you have L two packet, obviously you are learning only the Mac entry. Then again, in the case of remote endpoint, if you have L two packet, you will go and learn. So here you can see that you have L two packets. Let me do one thing. Let me clear this stuff. And here you can see point number two. I'll come to one and three. Point number two is that Cisco ACI LEARN Macias is a remote endpoint in the Valine content bridge domain. If the traffic is moving inside the bridge domain, or if you are using ACI just in L-2 mode, when you are not enabling the unicorn routing over the bridge domain, So for that inside the VXLAN, it will go and check the two VN v NIT voids. That's for the L two packets.

Now for L three packets, so for L three packets it will go and learn the IP address. So it will go and learn the Mac for L two packets. But for L three packets, it's a routed package, and you can see that Cisco is here. Learn IP as a remote endpoint. If the VX line contains the VRX VR information, that is, virtual route forwarding instance, it will learn the IP. In the case of a breach of domain L two communication, it will learn the Mac address. Okay, so this is the important information. The point number one simply is telling this that theca leaf will receive a packet with a source Macaw and a source IPA from a spine, which means obviously you understand this analogy and again in the upcoming slide you have more and more. So if you have a leaf, leave it too. And if you have a spine, you don't know the destination. Obviously, you do the query to the spine and then the spine will go and do the query on behalf of you. Then you will get the actual destination, so you can do the communication correctly. So this is the significance and importance we have related to the end point. Remember that? What can you change? We have the ACIfirst thing and then the local endpoint and remote endpoint how it'll get stored and what will be the default caching time or default retention time.

3. what is vain

Let us understand about ACI VXLAN. Why do we need IVX land? What are the advantages we have with IVX land? Suppose at this point of time, if you do not know the acronyms, we have the full acronyms here. For the purpose of summarization, this is important in this particular section. So we have the destination outer, source outer, destination inner source inner and then we have the Jeepooouter, multi-cast group IP and the V NIT. All right, so let's try to understand why we have this VXLAN type of data center or the VXLAN that is being used inside the modern data center. We can go a little bit back in history and we can see that in the data center technology we have HTP where we have 50% of blockage, then we have aVPC that's still being used in all the data centers. Then we have different options like fabric path and VXLAN. This is actually the evolution of the data center and most of the modern data centers, even the DC automation or the new data centers, are using Valant, whether it's Cisco related data center solutions literacy or VMware related data center solutions like NSX.

Everywhere nowadays, we are using VXN. Why? because we have an advantage. What type of advantages do we have? You will see in the upcoming slide. Now, in the traditional data center, you can see that you have the core distribution and access layers, which you are running SDP over, and you don't have, first of all, you're not utilizing the bandwidth first thing. The second thing is that it's not capable enough to understand what modern technology means in ACI. We can integrate ACI with the physical and virtual workload. That's actually not that much flexibility we don't actually have in the traditional data centerconsidering all those factors related to integrating new services, scalability, full utilization of bandwidth, etc. We have the cloth architecture where we have the leaf spine, leaf structure, where apart from all these features that I told you about, we have new feature capabilities as well, right? So what are the new features and capabilities? That is the concept in this course as well. You will find that the last topic we have is anywhere to anywhere, which means the ACI solution can work as anywhere to anywhere or any service to any service.

I will discuss this in upcoming sections. This means the Se solution can be used inside the cloud, can be integrated with the physical world, the virtual world, can be worked in the private data center, and can be worked in the public data center as well, again with certain use cases. So it's like any to any now. It can be integrated with any type of hypervisor, it can be integrated with any type of container, and all those things are there. All right, so these are the important aspects: the advantage of clause architecture, scalability, highlighted C, any subnet, anywhere, any cascades, etc. Now, the advantages that we are discussing are clause architecture. The same type of advantage is available with regard to VXLAN. So, because we are integrating VXLAN here, this solution acts as the overlay inside the fabric or on top of the fabric. That's why we have such a degree of flexibility inside the cloth architecture. We know that we have two components. Actually, we have three. But we have two working components of the leaf switch.

And then you have this fine switch. Now this leaf switch has two ports. I told you earlier that you may have access, you may have a fabric port. So when you are going inside the ACI, you are using the fabric. Obviously, you're going to go inside this fine. And when you're connecting with the end point, you have to configure the access policies. There are some other terms as well. So this clause architecture is something like you are always one hop away. You're using ECMP. Even if the spine fails, you still have a redundant spine and your database is syncing in between that. So you have fewer data plane interruptions. We missed a blank protocol as well. We will go and detect the miscalling. So far, what we have done is just discuss the evolution of data centers and the advantages of the cloth fabric or the clause architecture. Now, what's the benefit that is going to be put inside this cross architecture with VXLAN? Let's talk about that. First of all, what is VXLAN? It's an overlay solution and how it will be built. I will show you the diagram once you watch the diagram. Once you see the diagram, we'll find it. There's a VXN and that's the usability of VXLAN. So just hold on for two or three upcoming slides. But VXLAN is a network virtualization technique that offers several advantages. It extends layer two segments over layer three and four to build a layer two overlay logical network. And then we have the encapsulation. I have one session after this recording. I have one recording for VX line encapsulation. So they will discuss much more about the inner rate and outer edge encapsulation, et cetera. So, what is VXLAN? Now VXLAN is nothing but an extension.

This is the exact benefit and definition of Valant, which extends layer two segment over layer three infrastructure to build a layer two overlay logical network. And that's the key. We know that inside the ACI fabric we have IP. That fabric is itself an IP fabric. Because the routing protocol is running for fabric communication inside the ACI, Correct. On top of that, we have these VXLANtunnels, this dynamic tunnel, how they are forming. I will show you the next slide here. So here you can see that you have your fabric. And inside the fabric you have this IP region. Suppose this is my ACI fabric and I'm running the protocol in between that. And what happens if you have your leaf switches and I have three leaves, leaf one, leaf two, and leaf three, and want to communicate?

So, first of all, obviously these devices are these endpoints, so my leaf switches will learn those endpoints and then they will send this information to the coup database or to the spine, so the leaf will learn and send that information to the spine, but still, that can be happening over IP network, so what's the use of VXLAN? Now you can see here that once you have the VXLAN or the VTIP, that's Vxlannel endpoint tunnels, then on top of the IP network you have your VXLAND overlay correctand the actual communication is happening inside the overlay. So whatever actual packet you have, then you have a tag, you'll see that you actually have encapsulation of VXLAN, and then you have some UDP header etcetera. And then you have the outer header. This thing is called the inner header. And then you have the outer header and your communication points will understand where to reach. Then the communication will only happen on the basis of the outer header, so say one to one then communicate with 2222, and obviously the physical path may go through the spine, but still the spine will only see the outer header and it will forward the package correctly, so that's how the package is forwarding. We have so many different video sessions in this section. After a few videos you'll find just to explain how the packet is forwarding inside the ACI fabric Once you use this VXLAN, then you can use 16 million segments and that's the restriction with the VLAN inlay.

You are using only 4K logical segments, but here you can create up to 16 million logical segments. It will allow layer two multi-path. We are not running STP, so we are not blocking any interfaces. It uses layer three ECMP cross fabric. It's very much similar to fabric path, which has the IP based sub-lay protocol. You're running the ISIS underlay protocol. It includes scaling enhancement obviously, so once you use the VXLAN your scaling factor will increase multiple times. Again, we are optimizing the control plane while using VXLAN, which is the Mac learning or table bump replication. Because now we are moving from traditional Mac learning to conversational learning, at the time of communication, only the channel will get created and those Mac address learning will happen. This does not break layer two agency requirements. It also allows for any stateless layer two and layer three transport like V motion, so if you are moving the virtual VM machine from one leaf to another, at that time, there is no interruption because the spine will understand the new location and then it will tell the leaf how to communicate to the new location. Correct. It allows multiagency separation of customers over a shared underlying fabric. Obviously, when you have multi-tenancy, one fabric can be divided into different types of tenants. So you have tenants A, B, and C. And those tenants they're networking can be separated or separated, which allows for overlapping of two or L three addresses. That is, the VLAN and IP are locally significant because, again, you are dividing things inside the segments. You're dividing things inside the multiple tenants. So that's why you can reuse the IP space, and you can reuse the VLAN spacing as well. great. So let's end here and the next section will learn about VXLAN encapsulation.

4. vxlan encapsulation

The next important topic is VXLAN encapsulation. Now let's understand that VXLAN encapsulation means that you have your inner header, obviously the PLL, and the inner header where you have the excuse source and destination. Then we have the VX XianHeader. The UDP header and then the outer header Inside the VXLAN header you have a V NID of 24 bits, and that's why we have a possible 16 million segments. We have some reserve fields as well for future scope or purpose. Then you can see that we have a reserve and one bit is on. That means that V XLN is on or we need it to be on. So that's the VXLAN header. Then you have the UDP header with the UDP source and destination. I'll explain this in the upcoming slides, and then you have the Outer Header. So that means whenever the packet starts, it will get attached with the Valant header and the UDPHeader and then it will go to the next shop, correct? So suppose if you go and do the packet capture, you can see the packet capture will look like this: you have the source and then you have the actual destination. Then once you have the actual source and destination, you have the VXLAN header and here you can see that you have the flag and one of the bits icon, which means the VXLAN network is true.

So the condition is true. So you have the inner header, then you have the VXLAN, then you should have the UDP. You can see that you have the UDPsource that will be a randomly generated number and the destination is 4789 in the case of VXLAN. In the case of Ibxlan, that's used inside ACI, it'll be a different port. We'll see that and then you have the Outer Header. You can see the outer header is nothing but the VTIP. Assume you have two leaves, VTIP Seven and VTEP Two, and these VTIPShas are IP 1010, 51, and Ten, 1152, respectively. Then you should have an actual source and an actual destination. actual source and destination IP addresses like this. So once they form the dynamic tunnel in between them, I will have two leaves and then I will form the dynamic tunnel in between them. So this is your V tip, and this is your Vtip where we are doing the encapsulation of VXLAN and UDP. And then from one location to another location, having available the path you are reaching out on right now. What are the interesting fields or important fields we have inside this header format?

Let me clean this up. So here you can see that inside Vxline Header we have these fields The vineyard is important because it provides 16 million possible segments, and the UDP header clearly shows that the source will be the hash. So you can take any of the available paths to reach your destination, but the destination UDP destination port will be fixed at UDP 4789, correct? The source may be something that you can take multiple paths to. That's why we have the ACMP load balance with some fixed range of port numbers and destination is one port number 4789 to reach from one place to another. Then you can check the outer header source and destination will be theV tip addresses and then you can check the automatic addresses as well. We have a total of 50 bytes of overhead with the VXLAN header. Let me quickly go ahead and you can see some of the explanation for those fields. So we have eight bytes for VXLAN divided into those four parts. Three bites is used as a V and ID to create the segments. Then we have the UDP header of eight bytes. The outer destination port is 4789 and the inner source is the hash value in between.

So here you can see the hash of L two. L three. You have four headers, so you can do the ECMP, correct? Then we have the outer IP header and again, the outer IP header will be nothing but the source and destination IPof the VTIPS. Apart from that, we have to check some’d protocol and the IP header misleading data, so this information belongs to the VX line encapsulation maybe Nexus also. You can go ahead and enable the VX line and then this will work like this. What about ACI VXLAN information? ACI VXLAN is termed as IVX Land because if you have two different EPGs, One and Two, you need a contract in between them, correct? So now, if VXLAN communication occurs, we have one extra field here for contract that will fall under the flag. We have SP, DP, and the PC tag. That will tell you about the sourcing and whether the contract is applied or not. The source EPG information is there or not. And then there's a slight change in the UDP destination port. The UDP destination port is 48879. Connect the endpoints, create the rules policy and then attach to the leaf switches what you want from source to destination. What policy? What is the VM policy? What's L four? The traffic will then flow, and we won't have to worry about the IV XLAN configuration because it is fully optimized within the ACI fabric.

Study with ExamSnap to prepare for Cisco CCNP Data Center Practice Test Questions and Answers, Study Guide, and a comprehensive Video Training Course. Powered by the popular VCE format, Cisco CCNP Data Center Certification Exam Dumps compiled by the industry experts to make sure that you get verified answers. Our Product team ensures that our exams provide Cisco CCNP Data Center Practice Test Questions & Exam Dumps that are up-to-date.