Understanding Endpoint Learning in Cisco ACI
In the dynamic world of data centers, understanding how Cisco ACI learns and manages endpoints is pivotal for ensuring seamless communication and security within the network fabric. ????? Endpoint Learning in Cisco ACI is about more than just identifying devices; it's about creating a smarter, more responsive network that adapts to the constantly changing landscape of your data center.
Cisco ACI uses various methods like data plane learning, COOP (Council Of Oracles Protocol), and DHCP relay to ensure that endpoint information is accurately and efficiently disseminated throughout the fabric.
Today, we're zeroing in on a critical component: Endpoint Learning.
When an ACI bridge domain is configured with unicast routing enabled, not only does it learn MAC addresses, but it also learns IP addresses associated with the MAC addresses.
Here is an example of how Cisco ACI (Application Centric Infrastructure) learns endpoints in a lab environment:
To understand endpoint address learning in ACI, from 5672-A you will ping your bridge domain’s layer 3 interface.
From 5672-A ping your bridge domain’s default gateway.?
?
Add clear ip table to learn address.
The example above shows IP and MAC address has been learned.
Once the leaf switch learns about the new endpoint it will update the spine switches via COOP.? Run the following command on spine switch 201 to confirm that it learned about the endpoint via COOP.
领英推荐
The 10.1.80.2 (5672-A) endpoint should not be learned on leaf 104 as it has not started to communicate with a device behind leaf switch 104.?
Run the following command to confirm leaf switch 104 does not know about the 10.1.80.2 endpoint.
In order for a leaf switch to know about a remote endpoint (an endpoint behind another leaf switch) an active conversation must occur between a device behind each of those leaf switches.
From 5672-A attempt to ping the 5672-B endpoint.
From leaf switch 101 confirm 172.16.80.3 endpoint (5672-B) was learned. Highlighted below, 172.16.80.3 endpoint was learned on leaf 101.
Although both local and remote endpoints are learned from the data plane, remote endpoints are merely a cache, local to each leaf. Local endpoints are the main source of endpoint information for the entire Cisco ACI fabric. Each leaf is responsible for reporting its local endpoints to the Council Of Oracle Protocol, which is known as COOP, database, located on each spine switch. Spine switch stores these endpoints in COOP database and synchronize with other spine switches.
Because this database is accessible, each leaf does not need to know about all the remote endpoints to forward packets to the remote leaf endpoints. When leaf switch does not know the destination endpoint, leaf can forward packet to spine switch in order to let spine switch decide where to send. This forwarding behavior is called spine proxy.
Normally, spine switch does not push COOP database entries to each leaf switch. Spine switch just receives and stores.
The COOP, running in the fabric ensures the following:
Council of Oracle Protocol (COOP) is used to communicate the mapping information (location and identity) to the spine proxy. A leaf switch forwards endpoint address information to the spine switch 'Oracle' using Zero Message Queue (ZMQ). COOP running on the spine nodes will ensure that all spine nodes maintain a consistent copy of endpoint address and location information and maintain the distributed hash table (DHT) repository of endpoint identity to a location-mapping database.
COOP data path communication provides high priority to transport using secured connections. COOP is enhanced to apply the MD5 option to protect COOP messages from malicious traffic injection. The Cisco APIC controller and switches support COOP protocol authentication.
In my next article, We will talk about how ACI Fabric does not Flood ARP Traffic