1.

Whati
svPCandwhatar
eit
sbenef
it
s?

Answer-Vi
rtual
Por t
-Channel(
vPC)isamulti
-chassi
sportchannelinafeatureincisconexus
swit
cheswit
hwhi chwecanl ogi
cal
lybundl
ethelinksoftwodiff
erentchassis.Iti
ssimil
arto
VSSbutmaindiff
erenceisthatvPClogi
cal
l
ybundl esthel
inkswhereasVSScr eat
esasingle
l
ogical
swit
chwi t
honel ogi
calcont
rolpl
aneformanagementandconf i
gurati
on.

Weneedt
oconf
igur
eandmanageVPConbot
hswi
tchesi
ndependent
ly.

2.Whatar
ethecomponent
sofv
PC?

Answer-v
PCPeer
-Swi
tch,
vPCDomai
n,v
PCPeer
-Li
nk,
vPCKeep-
Ali
ve,
MemberPor
ts,
Orphan
Port
s

3.HowmanyNexusSwi
tchescanbepar
tofv
PC?

Answer–Onl
y2.v
PCPr
imar
y&Secondar
y.

4.Whatdoy
oumeanby“
vPCPeer
-Swi
tch”
?

Answer-v
PCPeer
-Swi
tch-Thev
PCt
opol
ogyconsi
stsoft
woNexusswi
tches,
andoneormor
e
connect
eddevi
ces.Thetwoswitchesar
epeers.Theconnecteddevicecanbeanyt
hingt
hat
support
spor
t-
channelsorLAGs.Thisi
ncl
udesserver
s,swit
ches,fi
rewall
s,andsoon.

5.Whatdoy
oumeanby“
vPCPeer
-Li
nk”
?

Answer-Thisisalayer2l i
nk( Por
t-
Channel)wi
thmi ni
mum 10Gcapacit
yusedf orconnecti
ng
vPCPeerSwi t
ches,carryi
ngARPt raff
ic,
BPDUs, HSRPsandsharingmac-addressestraff
icto
vPCPeers.Thepeer-li
nkexchangesst at
einfor
mationandcarr
iescont
roltraffi
cbetweenpeer
swit
ches.I
tisthi
slinkthatformsav ir
tualCont
rolPlaneacr
ossthetwoswi tches,makingthem
appearassingl
elogicalswitch.

6.Whatdoy
oumeanby“
vPCKeep-
Ali
ve”
?

Answer-Thisl i
nk(mi ni
mum 1G)i sal ayer-
3li
nkandi sinaseparateVRFt okeepitisol
ated
fr
om othert
r aff
ic.Thisisi
mpor tant,assomef ai
luresmayl eadtoeitherswitchthi
nkingthati
ts
peeri
sdown, wheninf act
,iti
snot .Thisisaspli
t-brainordual-
acti
vescenar i
o,whereboth
swit
chesthinktheyar epri
mar y.Thehear t
beatsov erthekeepali
veli
nkpr eventt
hisprobl
em.
Bothpeerscanst il
lseeeachot her,evenwhent here’saf ai
l
ure.

7.Whatar
e“MemberPor
ts”i
nvPC?

Answer-Memberport
sarevPCpor t
sthatserversorot
herdevi
cesconnectt
o.Theconnected
devi
cemustconfi
gur
eitsownport-
channelforthi
stobeabletocomeup.Theconfigur
ati
onis
thesameonbothswit
ches.Di
ff
erentport
snumber sareal
lowedbutspeed&duplexmust
match.Thev
PCnumberdoesnothav
etomat
cht
hepor
t-
channel
number
,buti
tisgood
pr
acti
cetohaveconsi
stency
.

8.Whatar
e“Or
phanPor
ts”i
nvPC?Whati
sthecommandt
ocheckt
heOr
phanPor
ts?

Answer-Anyportnotconf
igur
edasav PC, butwhi
chcar r
iesavPCVLAN.Wemustav oidt
hese
port
sbyalwayshavingDualAt
tachedVPCconnections.Thisisanydev
icet
hatconnect
stoonl
y
oneoftheVPCswi t
ches.I
fVPCPeer -
Linkgoesdownt henOrphanport
swil
lhavenowayto
rout
ethetr
aff
ic.

“
Showv
pcor
phan-
por
ts”i
sthecommandt
ocheckt
heor
phanpor
ts.

9.Iam unabl
etouset
he“
vPCdomai
n”commandonNexusSwi
tch,
whatcoul
dbet
her
eason?

Answer–Weshouldhavet
hecommand“feat
urevpc“enabl
ed.Si
mi l
arl
y,weneedt
ohav
e
feat
uresenabl
edf
orot
herf
unct
ionsaswel
le.
g.forLACPorInter
face-
VLAN.

10.Howdoy
ouv
eri
fyt
heuni
quehost
-i
dofnexusswi
tch?

Answer–Uset
hecommand“
showl
i
censehost
-i
d”asbel
ow.
11.Whati
sthewayt
ofi
ndt
hel
i
censef
il
einboot
fl
ashdi
rect
ory
?

Answer–Li
censef
il
ehasext
ensi
onof.
li
c

12.Howdoy
oui
nst
all
thel
i
censei
nnexusswi
tch?

Answer-Uset
hecommand“i
nst
all
li
censeboot
fl
ash:
l
icense_
fil
e_name”asbel
ow

13.Whatwi
l
lyoudoi
fyoudonothav
ethel
i
censet
orunanyf
eat
urei
nci
sconexusswi
tch?

Answer–Iwi
l
luset
he“
li
censegr
ace-
per
iod”command.

14.Howtov
eri
fywhet
herTel
netser
vicei
senabl
edordi
sabl
ed?I
sitenabl
edbydef
aul
t?Howt
o
enabl
eit
?

Answer-Tel
neti
sdi
sabl
edbydef
aul
tandSSHi
senabl
edbydef
aul
t.
15.Whati
sthemai
nDi
ff
erencebet
weenM ser
iesLi
neCar
dandFSer
ies?

Answer–Ini
ti
all
yFSer i
escardswereint
roducedforLay
er2funct
ionali
tyonl
y,nowadv ancedF
Seri
escar
dshaveLay er3capabi
l
ityandnewf eat
uresaswel
l
..M seri
esModul essupportLayer
2andLayer3.Atl
eastoneM1ser i
esportshouldbeinaVDCtobeabl etododor outi
ng.

F1ser
iesmodul
escanusePr
oxyr
out
ingusi
ngM Ser
iespor
tswhi
char
epar
tofVDC.

Youmustr ef
ert
heci
scodocument
ati
onf
orl
atestupdat
esont
hef
eat
ures,
funct
ionsand
capabi
l
iti
es.

16.ERROR: Et
hernet
1/7:
Confi
gnotal
l
owed,
asf
ir
stpor
tint
hepor
t-
grpi
sdedi
cat
ed.Whatcoul
d
bethereasonforthi
serr
or?

Answer-Therei
sgroupi
ngofpor t
s.Indedi
cat
edmode,thefi
rstporti
neachgr
oupi sact
iveand
deli
verst
heli
ne-
rat
eperf
ormance, andtheot
hert
hreeport
saredisabl
ed.I
nsharedmode,all
fourport
sint
hegroupareact
ive.Thisi
sdonetoachi
evethemaximum bandwidth.
17.Expl
ain“
Shar
edMode”i
nNexusSwi
tches?

Answer-Inshar
edmode,port
swhicharepartofgroupwil
lshar
ethetotal
capacit
y.Let
st ake
anexampleofN7K-M132XP-
12whichhas3210Gpor tsi
tmeansthateachport
-gr
oup(groupof
4portsf
orthisl
i
necard)wi
ll
share10Gspeedoft otal
bandwidt
hamonggr oup-
member s.All
port
swil
lnotget10Gofdedi
catedbandwi
dth.

So,t
het
otalcapacit
yofthecardis80G,not320(32x10G)becausetherecanbe8port
-gr
oups
of4por
tseach.Therefor
e,4port
sinagr oupwi
ll
shar et
hetotalavai
labl
ebandwi
dthof10G
whi
chmeansov ersubscr
ipt
ionbecomes4: 1

1,
3,
5,
7wi
l
lbei
nsamepor
t-
groupandsi
mil
arl
y2,
4,
6,
8andsoon.

18.Expl
ain“
Dedi
cat
edMode”i
nNexusSwi
tches?

Answer–InDedicatedmode, onlyonei
nter
facegetsdedicat
edbandwi dt
h,10GincaseofN7K-
M132XP-12li
necard.Dedicatedmodeusesonly1interf
acesor estthr
eeinter
facesi
nthegr
oup
ar
edisabl
ed.Dedicatedport
sar eeasyt
oidenti
fybyYell
owcol ouronaCisconexusLinecar
d.

Forconfi
guri
ngaportasdedicat
ed,weneedtofirstadmindownthefourpor
tsi
nthegroup
thenchangether
atemodetodedi cat
edandatlastun-shutt
heport
.Commandt osett
hemode
i
s“ r
ate-
modededicat
ed”i
nsideofanI nt
erf
ace.
19.Whatdoy
oumeanby“
FEX”
?

Answer–FEX( nexus2000)st andsforFabri

cExt ender,i
sadumbswi t
chwhichactsasaline
cardinparentswitch(nexus5Kor7Kor9K) .Itdoesnothav eitsownIOSorCPUf orcont
rol
plane.I
tdownloadst heimagef rom t
heparentswi tchandappearasamodul e.I
tispri
mari
ly
usedwhenweneedmor eint
erfacesforconnectingserver
s,however
,themanagementwill
happenfrom parentonly.TheFEXf rontport
sf orserver
sareconnectedthesamewayasot her
s.

Tobeabl
etoconf
igur
eFEX,
weneedt
ofol
l
owf
ewst
eps.

20.Canadev
icei
noneVDCcommuni
cat
ewi
thdev
icei
nanot
herVDC?

Answer–Aslongaswehav
ecableconnect
edbet
weent
heVDCsandconf
igur
ati
oni
scor
rect
ly
done,
thenser
ver
swil
lcommuni
cate.

VDCsarevi
rtualswitches.Onephy
sical
chassi
smayhav emulti
pleVDCs,
soeachVDCwould
worki
ndependently.Theref
ore,
weneedcableconnect
ionbet
weenVDCsev eni
ftheser
esi
dei
n
samephysi
cal chassis.
21.Howcanwel
i
mitt
henumberofpat
hsi
nrout
ingt
abl
eofFabr
ic-
pat
h?

Weneedt
orunbel
owcommandf
ort
his–

Maxi
mum-
pat
hs<max-
pat
hs>

nexus(
conf
ig-
fabr
icpat
h-i
sis)
#maxi
mum-
pat
hs4

22.Whi
chcommandweshoul
duset
over
if
ythe"
HSRPAct
iveSt
ate"onaNexus7000Ser
ies
Swit
ch?

Wecanuset
hecommans“
showhsr
pact
ive”or“
showhsr
pbr
ief
”

23.Whatar
ethemaj
ordi
ff
erencesbet
weensup2andsup2e?

I
nter
msofno.ofVDCs-Sup2suppor
ts4VDCswher
easSup2esuppor
ts8+1VDCs(
1isadmi
n
VDC)
.

Sup2has1QuadCor
ewher
easSup2ehas2QuadCor
epr
ocessor
.

Sup2suppor
ts12GBDDR3wher
eas32GBDDR3.
24.Howmanysy
slogser
ver
scanbeaddedt
oaNexus7000Ser
iesSwi
tch?

Wecanaddupt
o3sy
slogser
ver
sinci
sconexusswi
tch

25.Whati
suseofGbi
twhi
l
eusi
ngHSRPwi
thVPC?

ForHSRPandv PCt oworki nacti

vemode, Gbi
tisrequir
ed.Whatitdoesiswhent hepacket
reachesbackupNexusHSRPmember ,
thepacketisrouted(onseeingGbiti
nt heMACaddress
table,
insteadoff orwardi
ngov ervi
rt
uall
inktopri
maryHSRPmember )bybackupHSRPmember
to.Thisisthereasonwhyt heHSRPwi t
hv PCworksasact iv
e/acti
ve.Hencef
orth,f
rom t
hedata
planeperspecti
v e,bothpeerdev i
cesar
ef or
wardi
ng.

26.Whi
chnexusser
iessuppor
tsGLBP(
Gat
ewayl
oadbal
anci
ngpr
otocol
?

Nexus7Kser
iessuppor
tGLBP.N5kandN2Kdon’
tsuppor
tGLBP.

27.HowdoIcheckt
heNet
wor
kTi
mePr
otocol
(NTP)st
atusonaNexus7000Ser
iesSwi
tch?
Todi
spl
ayt
hest
atusoft
heNTPpeer
s,i
ssuet
heshownt
ppeer
-st
atuscommand:

Nexus7k#shownt
ppeer
-st
atus

28.Whyl
eafswi
tchshoul
dbeRootBr
idgei
nnexusf
abr
icpat
h?

I
fleafSwit
chesar
enotconfi
gur
edasRootbri
dgeinNexusf
abri
cPat
h,Por
tswi
l
lbecome
I
nconsist
entvi
aRootGuar
doncetheyr
ecei
vesuperi
orBPDU(s)
.

29.whati
sthecommandt
ocheckt
henumberofmodul
esi
nnexusswi
tch?

nexus7k#showmodul
e

30.Whatist
hemaxl i
mitofPinni
ngofLi
nkscanbesetwhenweusePor
tchannel
whi
l
e
conf
igur
ingFabr
icext
ender?

I
nit
ial
l
ymaxi
mum l
i
mitwas4,
howev
eraf
ter4.
2(1)N1(
1)t
henumberofupl
i
nksi
sext
endedt
o8.
31.Whati
sthecommandt
oenabl
e/di
sabl
eloggi
ngl
i
nkst
atusperpor
tbasi
sonaNexus7000
Seri
esSwi
tch?

Alli
nter
faceli
nkstatus(up/down)messagesareloggedbydef
aul
t.Li
nkst
atusevent
scanbe
confi
guredglobal
lyoratperinterf
acel
evel
.Theinter
facecommandenabl
esli
nkstat
usl
oggi
ng
messagesf oraspecif
icint
erface.

e.
g:

N7k-
swi
tch(
conf
ig)
#int
erf
aceet
her
net1/
7

N7k-
swi
tch(
conf
ig-
if
)#l
oggi
ngev
entpor
tli
nk-
stat
us

32.DoesaNexus2k(
FEX)hasanoper
ati
ngsy
stem (
OS)orNXOSi
mage?

Nosoftwareisi
ncl
udedwit
htheFabr
icExt
ender
.Thesoft
wareisaut
omati
cal
lydownl
oaded
andupgradedfr
om i
tspar
entdev
icet
hemomenti ti
sconnect
edandconf
igur
edatParent
swit
ch

33.Pl
easeexpl
aint
heconceptofOTV?
OTV(Overl
ayTransportVir
tuali
zati
on)isatechnologythatprov i
del
ayer
2extensioncapabi
li
ti
es
bet
weendiffer
entdatacenters.OTVi sanNX-OSf eatur
ethatal l
owsustoextendLANsbetween
DataCent
ers.OTVist r
ansportindependenti
.e.t
heconnectivitybet
weendatacenterscanbeL2
orL3orevenIPswitchedalmostany thi
ngthatcant r
ansportIP.

34.Whati
stheconceptof"
checkpoi
nt"i
nNexus?

TheCi scoNX-OScheckpointf
eatureprovi
desthecapabi
li
tyt
ocaptureatanytimeasnapshot
(backup)oftheCiscoNexusconfigur
ationbef
oremakinganychanges.Thecaptured
configurat
ion(
checkpoi
nt)canthenbeusedt orol
lbackandrest
oretheori
ginalconf
igur
ati
on.

Checkpointsarepri
mari
l
yusedforroll
backsituat
ions.Theyall
owyoutomakechangesonthe
system andifr
equir
edduetoanerrorrol
lbacktoaknowngoodconf i
gurat
iononthesyst
em.
Thisisveryimport
antf
eatur
eespecial
lywheny ouarewor ki
ngonacri
ti
caldev
ice.

35.Canwecompar
echeckpoi
ntsi
nnexusswi
tches?

Conf
igur
ati
ondiff
erencescanbecomparedbet
weencheckpoi
nts,
fil
es,
star
tup-
conf
igur
ati
on
andther
unning-
confi
gurat
ionusi
ngtheshowdif
frol
l
back-
pathcommand( f
il
esandrunni
ng-
conf
utat
ioncannotbecompared)
.

N5k(
conf
ig)
#showdi
ffr
oll
back-
pat
chr
unni
ng-
conf
igcheckpoi
ntCheckpoi
nt-
1
36.Howcanwev
eri
fypacketdr
opsonaNexus7000or5000Swi
tch?

Ver
ifyt
heRxPauseandTai
l
Dropsf
iel
dsf
rom t
heoutputoft
heshowint
erf
aceand"
show
har
dwarei
nter
naler
ror
smodul
ex"commandsfort
hemodulewitht
heseport
s.

e.
g:

Nexus7K#showi
nter
faceet
her
net
1/25

Et
her
net
1/25i
sup

37.I
sther
eat
ool
avai
l
abl
eforconf
igur
ati
onconv
ersi
ononCi
sco6500ser
iest
otheNexus
pl
atf
orm?

Ciscohasdevel
opedtheI
OS-NXOSMigr
ati
onTool
forqui
ckconf
igur
ati
onconv
ersi
ononCi
sco
6500seri
estotheNexusser
iesOS.

38.Whi
cht
ypeofLi
necar
dsofNexusser
iessuppor
tsOTV?
Ci
scoNexus7000Ser
iesandCi
scoNexus7700pl
atf
orm suppor
tOTVbasedon-

AnyM-Seri
es(CiscoNexus7000Ser
ies)orF3(
CiscoNexus7000Ser
iesor7700pl
atf
orm)l
i
ne
car
dforencapsulat
ion.

39.Doest
heNexus7000swi
tchser
iessuppor
tMPLS?

Yes,
Nexus7000suppor
tsMPLS

40.Doesnexus5Ksuppor
tVDCs?

NoNexus5Kdoesnotsuppor
tVDCs.

41.HowmanyFEX(
fabr
icext
ender
s)canbeconnect
edonpar
entNexus5000?

Maxi
mum 25FEXscanbeconnect
edt
oCi
scoNexus5500swi
tchser
ies.

1.Whati
sthehar
dwar
eser
iesweusef
orAppl
i
cat
ionCent
ri
cInf
rast
ruct
ure?

Answer
:Wehav
eCi
scoNexus9000ser
ies.I
nthi
swemai
nlyhav
eNexus9500Modul
ar,
Nexus
9300Non-Modul
arser
iesswi
tches.I
nmycour
se,
Iused9500asspi
neand9300asLeaf
Swit
ches.

2.Whatar
ethemodeofoper
ati
onsi
nnexus9000ser
iesswi
tches?

Answer:
Wehav etwomodesinwhichnexus9KSwi tchescanbeused,namel
yNX-OSandACI
Mode.Thesear
eexclusi
vemodes;
meansy oucannotrunbothmodesatthesameti
meina
swit
ch.I
fyouswit
chthemode,t
hencompl eteconf
igwi l
lbedel
eted.

3.Whati
sCLOSar
chi
tect
ureorACISpi
ne-
LeafAr
chi
tect
ure?

Answer :Thi sar chi t

ecturewasdesi gnedbyChar l
esCl os.Intoday ’
sITwor ld,Appl icat ionsar e
i
ncreasingl ydepl oyedi nadi stributedf ashionwhi chleadst oincreasedeast -westt raffic.
Tradit
ional 3-TierDat aCent er sar eunabl etomeett hehighbandwi dthandl owl atencydemands.
Thisiswher eLeaf -Spine2- l
ay ernet wor ktopol ogy(composedofl eafswi t
chesandspi ne
switches)addr essest hechal lengesf acedint raditi
onal networkar chi
tecture.Leaf -Spi ne2- l
ayer
datacent ernet wor ktopol ogyt hat'susef ulfordat acent ersthatexperiencemor eeast -west
networkt raffict hannor th-sout ht r
af f
ic.Thet opol ogyiscomposedofl eafswi tches( towhi ch
serversandst or ageconnect )andspi neswi tches( towhi chleafswi t
chesconnect ) .Int hist wo-
ti
erClosar chitect ure,everylower -
tierswi t
ch( leaflayer)isconnect edtoeachoft het op- ti
er
switches( spinel ayer)inaf ull-
mesht opology .Thel eaflayerconsistsofaccessswi tchest hat
connectt odev icessuchasser v er
s.Thespi nel ayeristhebackboneoft henet wor kandi s
responsiblef ori nterconnect ingal lleafswi t
ches.Ev eryleafswitchconnect st oev er yspi ne
switchint hef abr ic.Thepat hisr andoml ychosensot hatthetraffi
cloadi sev enlydi st ributed
amongt het op- ti
erswi tches.I foneoft het opt ierswitcheswer et ofail
,itwoul donl ysl i
ght l
y
degradeper formancet hroughoutt hedat acent er.
Ifoversubscri
pti
onofal inkoccur s(thatis, i
fmor etraf
fi
cisgener atedthancanbeaggr egated
ont heactiv
elinkatonet ime),theprocessf orexpandingcapaci t
yisstraightforward.An
additi
onalspineswit
chcanbeadded, anduplinkscanbeext endedt oev eryleafswi t
ch,
result
ingintheaddit
ionofi nterl
ayerbandwi dthandr educt
ionoft heov ersubscript
ion.I
fdevice
portcapacitybecomesaconcer n,anewl eafswitchcanbeaddedbyconnect ingittoever
y
spineswi t
chandaddi ngt henetwor kconf igurati
ontotheswi t
ch.Theeaseofexpansi on
optimizestheITdepar t
ment ’sprocessofscal ingthenetwork.Ifnoov ersubscr i
pti
onoccurs
betweent helower-
ti
erswi t
chesandt heirupli
nks, t
henanonbl ockingar chi
tecturecanbe
achieved.

Withaspi ne-and-l
eafarchitect
ure,nomat t
erwhichl eafswi tchtowhi chaser verisconnect ed,
i
tstrafficalway shast ocrossthesamenumberofdev i
cestogett oanotherserver( unl
esst he
otherser verislocatedont hesamel eaf)
.Thisapproachkeepsl atencyatapr edictablelevel
becauseapay loadonlyhast ohopt oaspi neswi t
chandanot herleafswitcht oreachi t
s
desti
nat i
on.API CControl
lers(responsibl
ef orprovi
di ngauni f
iedpointofautomat i
onand
management ,poli
cyprogrammi ng,appli
cati
ondepl oy ment ,
andheal t
hmoni tori
ngf ortheACI
fabri
c)al soconnectt oLeafnodes.TheACIf abri
cappear sasasi ngleswitchtot heoutside
world,capabl eofbr i
dgingandr outing.Mov i
ngLay er3r outi
ngt otheaccessl ayerwoul dlimit
theLay er2r eachabil
it
ythatmoder napplicati
onsrequi re.InACI ,
alltheli
nkswor ki nActive-
Activemode( ECMP)t oall
owhi ghert hr
oughputandf astconv er
gence.

4.I
nACImodeofoper
ati
on,
howdoweconnectLeafandSpi
neSwi
tches?

Answer
:Wecanonl
yconnectLeafswi
tchest
oSpi
neSwi
tchesandv
icev
ersa.
5.I
nACImodeofoper
ati
on,
canweconnectSpi
newi
thanot
herSpi
neswi
tch?

Answer
:No,connect
ionwi
l
lonl
ywor
kbet
weenSpi
neandLeaf
.NoSpi
net
oSpi
neconnect
ivi
ty
canbeest
abli
shed.

6.CanweconnectLeaft
oLeafSwi
tch,
inACImode?

Answer:No,
onl
yconnecti
vi
tyf
rom Leaft
oSpi
nei
spossi
ble.Nol
eaft
oleaforspi
net
ospi
ne
connect
ioni
spossi
ble.

7.Whati
sAPI
Ccont
rol
l
eri
nACI
?

Answer :
ItisknownasCi scoApplicat
ionPol
i
cyInf
rastr
uct
ureControl
l
er.Ci
scoAPICisthemai
n
archi
tectural
componentoft heCiscoACIsol
uti
on.Iti
stheunif
iedpoi
ntofaut
omationand
managementf ortheCi
scoACIfabr i
c,pol
i
cyenf
orcement,andheal
thmonit
ori
nginboth
physi
cal andvirt
ualenv
ironments.

Thecontroll
eropt
imizesper
formanceandmanagesandoper atesascal
abl
emult
it
enantCisco
ACIfabr
ic.ACIFabri
cismanagedf r
om APICcont
rol
leronly,however,weal
sohav
eanopt i
onto
l
oginint
oi ndi
vi
dualswit
chesfort
roubl
eshoot
ingandv er
if
icationpur
poses.

8.I
nACI
,howmanyAPI
CCont
rol
l
ercanexi
st?
Answer
:Youmaychoosetohaveonl
yoneAPI Ccont
rol
l
er,
howev
er,
ciscor
ecommendsusi
ng
mini
mum 3API
Ccontrol
lerandi
norderof3,
5,
7.

9.I
nACImodedepl
oyment(
Lay
er2/
Lay
er3f
abr
ic)
,howmanySpi
ne,
LeafSwi
tchesandFEXcan
bedepl
oyed?

Answer:
InL2Fabri
c,wecanuseupt
o80LeafSwitches,
24Spi
neSwitchesperfabri
c(6Spi
ne
perPOD),650FEXperfabr
ic(
20FEXperl
eafSwi
tch)&1000Tenant
scanbecr eated.

I
nlar
geL3Fabr
ic,
wecanuseupto200LeafSwitches,
24Spi
neswi
tchesperf
abr
ic(
6spi
neper
POD)
,650FEXperfabr
ic(
20FEXperl
eafSwi
tch)&3000Tenant
scanbecreat
ed.

Ref
erbel
owl
i
nk:

htt
ps:
//www.cisco.
com/c/en/
us/t
d/docs/swi
tches/dat
acent
er/
aci
/api
c/sw/
4-x/
ver
if
ied-
scal
abi
li
ty/
Cisco-ACI
-Ver
if
ied-
Scal
abil
i
ty-Gui
de-422.
html

10.Whatar
ethebenef
it
sofNexusACIcompar
edt
otr
adi
ti
onnet
wor
ksol
uti
on/
archi
tect
ure?
Answer
:Bel
owar
ethekeybenef
it
sofACIf
abr
ic–

·From oper
ati
onsstandpoi
nt,
ACIwil
lall
ownet
wor
kteamst osi
mpli
fymanagementand
operat
ionsacr
ossthenetworkbypr
ovidi
ngacommonplacetomanage&enfor
cepoli
cies.

·Cent
ral
i
zedr
eal
-t
imeheal
thmoni
tor
ingofphy
sical
andv
irt
ual
net
wor
ks

·Aut
omat
ionofr
epet
it
ivet
asks,
reduci
ngconf
igur
ati
oner
ror
s

·ACIi
sagnost
ict
obot
hphy
sical
andv
irt
ual
env
ironment
s.

·El
i
minat
ionoff
loodi
ngf
rom t
hef
abr
ic

·ACI
’
stemplat
e-basedprov
isi
oningandautomationi
mprovesnet
wor kagil
it
y,real
time
moni
tor
ingofphysi
calandvir
tualenv
ironmentandhencef
astert
roubleshoot
ing.

·Hy
per
visor
scompat
ibi
l
ityandi
ntegr
ati
onwi
thoutt
heneedt
oaddsof
twar
etot
hehy
per
visor
.

·ACIist
ail
ormadef
orDat
aCent
ersr
equi
ri
ngmul
ti
-t
enancyset
up(
Vir
tual
i
zed)wi
theasyt
o
conf
igur
estepsi
nGUI.

·Compet
it
ivepr
ici
ngf
orNexus9000swi
tchi
ng.

·Tr
aff
icopt
imi
zat
iont
hati
mpr
ovesappl
i
cat
ionper
for
mance

·Canr
unasaconv
ent
ional
swi
tchNX-
OSori
n“ACI
”modeandsuppor
tsFEX.
·Enableseamlessconnect
ivi
tybetweenon-
premisesandremot
edatacenter
sand
geographi
cal
lydisper
sedmultipl
edatacent
ersunderasingl
epaneofpol
icyorchest
rat
ion.

·I
tstrengthenssecur
it
y(ACIisawhit
eli
stmodel )
.Thi
smeanst hatt
hereisnocommuni cat
ion
bet
weenEPGsunl essnet
workpoli
cyexpli
cit
lyall
owsit.Thenet
workingteam maywanttosil
o
ser
vices(DHCP, LDAP,et
c.)i
ntoEPGs.I
tcant hendef
ineaccesstotheseservi
cesusi
ng
Contract
s.

·OpenAPI
sal
l
owseasyi
ntegr
ati
onwi
th3r
dpar
tydev
icesl
i
kef
ir
ewal
landADCs.

·Si
ngl
epoi
ntofpr
ovi
sioni
ngv
iaGUIand/
orRESTAPI
.

·ACIcent
ral
i
zespoli
cy-
basedmanagementandenabl
est
heaut
omat
ionofr
epet
it
ivet
askst
o
man-hour
sandreduceerr
ors.

·I
tstr
eamli
nesconf
igur
ati
onmanagement.ACI
’sconfi
gurat
ionsar
efort
heentir
efabr
ic.I
t
makesbacki
ngupandroll
i
ngbackall
thedevi
cesinthefabr
icasimpl
eprocess.

11.Whati
srol
eofAPI
Ccont
rol
l
eri
nACIf
abr
ic?

Answer:
Thei
nfr
ast
ruct
urecont
rol
l
eri
sthemai
nar
chi
tect
ural
componentoft
heCi
scoACI
sol
uti
on.

oAPICCont r
oll
eri
stheunifi
edpointofautomati
onandmanagementfortheCiscoACIf abri
c,
pol
icyenf
orcement,andhealt
hmoni t
ori
nginbothphysi
cal
andv i
rt
ualenv
ironments,all
owing
admini
str
ators/
desi
gnerstobuil
dfull
yautomatedandmult
i-t
enantnet
workswithscalabil
it
y.

oThemai
nfunct
ionofCi
scoAPI
Cist
oof
ferpol
i
cyaut
hor
it
yandr
esol
uti
onmet
hodsf
ort
he
Ci
scoACI
,aswel
lasdev
icesat
tachedt
oCi
scoACI
.

oThecont
rol
l
ermanagesandoper
atesascal
abl
emul
ti
tenantCi
scoACIf
abr
ic.

oInACInet
works,net
workadmi
nsusetheAPI
Ctomanagethenet
work–theynol
ongerneed
t
oaccesstheCLIonever
ynodetoconf
igur
eorpr
ovi
sionnet
wor
kresour
ces.

oWecandomoni
tor
ingofTenant
,Appl
i
cat
ionandheal
thmoni
tor
ingoff
abr
icdev
ices.

oCi
scoAPI
Cincl
udesaCLIandaGUIascent
ral
poi
ntsofmanagementf
ort
heent
ir
eCi
scoACI
f
abr
ic

oI
tisv
eryhel
pful
int
roubl
eshoot
ingt
hei
ssuesi
nACIf
abr
ic.

oI
tInt
egr
ateswi
tht
hir
d-par
tyLay
er4-
7ser
vices,
vir
tual
i
zat
ion,
andmanagement
.

oAnopenf
ramewor
kthr
oughnor
thboundandsout
hboundAPI
s

oI
tcanpr
ovi
desecur
it
yformul
ti
tenantenv
ironment
satscal
e

oCiscoAPICal
sohascompletel
yopenAPIssot
hatuser
scanuseRepresentat
ionalStat
e
Tr
ansfer(
REST)-
basedcal
l
s(throughXMLorJav
aScri
ptObj
ectNot
ati
on[ JSON])toprovi
sion,
manage,moni
tor
,ortr
oubl
eshootthesy
stem

12.DoesAPI
Ccont
rol
l
erf
orwar
ddat
atr
aff
ic?
Answer
:Ci
scoAPICCont
roll
erdoesnotsi
tindat
aplane;
ther
efor
e,i
tdoesnotf
orwar
ddat
a
pl
anetr
aff
ic.I
twor
ksasorchest
rat
orofACIfabr
ic.

13.Whathappenswhenal
lAPI
Ccont
rol
l
eri
nfabr
icgodown?

Answer:I
fall
t heAPICcontr
oll
ersgodownthentherewon’tbeanyoutageindatafor
wardi
ngof
tr
aff
ic,
howev er,wecannotmakeanychangestothefabri
c.Weneedt obri
ngupt heAPI
C
cont
rol
lert
obeabl etomakenewpol i
ciesormonit
or/t
roubleshoott
heACIfabri
c.

14.Wher
edoweconnectAPI
CCont
rol
l
eri
nACISpi
ne-
LeafAr
chi
tect
ure?

Answer
:API
CCont
rol
l
eri
sconnect
edonLeafSwi
tch(
s).I
tisnotconnect
edt
oSpi
neSwi
tch.

15.Wher
edoweconnectser
ver
sinACISpi
ne-
LeafAr
chi
tect
ure?

Answer :
Allendpoint
sincl
udi
ngAPICcontrol
lerwil
lbeconnectedonLeafSwitchesonl
y.Ifyou
haveoneser verconnect
edtotwol
eafswitches,t
henyoumayf or
mvpc(Virt
ual Por
tchannel)at
l
eafswi t
ches.Here,wedonothaveanyVPCPeerl inkbet
weenLeafSwi t
chesbecausecisco
archi
tectur
edoesnotal l
owli
nkconnect
ionbetweenleafandleafswi
tch.
16.Oncefabr
icisup,canendpoi
nts(
LikeSer
ver
s,Fi
rewal
l
s,I
DS,
IPS,
Bar
emet
alser
ver
set
c.)
communicatetoeachother?

Answer :Bydefaul
t,noendpointcommuni cati
onwi l
lbeall
owedbyACIFabr i
c.Pol
ici
esneedt o
beexpl icit
lyi
mplement edt
oal l
owt r
aff
icforwardi
ngandf orendpointtocommunicatetoeach
other.Weneedt ocreateTenant,VRF,Bri
dgedomai n,Swit
chprofil
e,Int
erf
acePoli
cy,IPG,VLAN
Pools, Domain,AAEP, Appl
icati
onProfi
le,EPGs,Contract
s,Fi
lt
ers,Subject
setc.Oncethese
thi
ngsar esetup,t
heny ouwill
beabletocommuni cat
e.Fewaddi t
ionalcomponentsmaybe
requi
r ed.

17.Whati
sBr
idgedomai
ninCi
scoACI
?

Answer
:ABr
idgeDomaini
salay
er2const
ructi
nCi
scoACIFabr
ic.I
tmustbepar
tofVRF
(Vi
rt
ual
Rout
ingFor
warder
).

Thebr
idgedomaini
sl i
keacont
ainerforsubnet
s—it
’susedt
odefi
neaL2boundar
y,butnot
l
ikeaVLAN,i
nfacti
tisaVXLAN,represent
edasVNI(VXLANNet
workI
dent
if
ier
).

TheBDdefi
nest
heuniqueLayer2MACaddr essspaceandaLayer2fl
ooddomai nifsuch
fl
oodi
ngi
senabl
ed.Itcancarr
ymult
ipl
esubnetsinasingl
ebr
idgedomain.I
nter
-subnet
communi
cati
onwit
hinBridgedomai
nisenabled.

Wecancr eat
emul
ti
pleBr
idgeDomai
nsi
nsi
deofasi
ngl
eVRF.Wecannotl
i
nkoneBDt
otwo
di
ff
erentVRFs.

Bri
dgedomainscanbepubl
i
c,pri
vat
e, orshar
ed.Publ
icbri
dgedomainsarewheret
hesubnet
canbeexportedt
oarout
edconnect
ion,whereaspri
vateonesappl
yonlywit
hint
hetenancy.
Sharedbr
idgedomai
nscanbeexportedtomulti
pleVRFswithi
nthesametenant
,oracross
t
enant
swhenpar
tofashar
edser
vice.

18.Whati
sthedi
ff
erencebet
weenaVLANandBr
idgeDomai
n?

Answer:AVLANmeansonenet wor
kwhereasaBDcancarr
ymult
ipl
esubnets.Br
idgedomai
nis
repr
esent
edwithVNIi
.e.VXLANNetwor
kIdent
if
ier
.Behi
ndt
hescene,t
hisVNIwil
lbemapped
toanint
ernal
VLAN.

19.Whatdoy
oumeanbyEndpoi
nt,
EndPoi
ntGr
oup(
EPG)
?

Answer:Endpoi
ntsarethedevicesthatareconnect
edtothenetwor
kdir
ectl
yori
ndi
rect
ly.They
haveanaddress,al
ocation,at
tri
but
es( l
ikever
sionorpat
chlevel
)andcanbevi
rt
ualorphysi
cal
e.
g.Bare-metal
server
,Switch,Rout
er,Fi
rewall
,IDS,
IPSetc.

EPGs(
Endpoi
ntgr
oups)ar
eagr
oupi
ngofendpoi
ntsr
epr
esent
ingappl
i
cat
ionor

appli
cat
ioncomponent
sindependentofot
hernet
wor
kconstr
ucts.AnEPGisanobjectt
hat
repr
esentsacol
l
ecti
onofendpointswit
hcommonproper
ti
ese.g.EPG-web,
EPG-DB,EPG-App
etc.
20.Whatdoy
oumeanby“
Tenant
”?

Answer:ATenantisasecureandexclusiv
ev i
rt
ual computingenvi
ronment.ATenantisalogi
cal
uni
tofisol
ati
onfrom apoli
cyperspect
ive;Howev er,
itisnotapri
vatenet
work.Tenantis
ref
err
edasal ar
gestl
ogicaluni
torenti
tyorahi ghest-
levelobj
ectf
ormanagementi nCiscoACI.

Tenanti
sverymuchl i
keyourBusinessunit,depar
tment,oranor
ganizat
ion/
company
.Tenant
s
canrepr
esentacustomerinaserviceproviderset
ti
ng,anorgani
zat
ionordomaini
nan
enter
pri
sesett
ing,
orjustaconvenientgroupingofpol
ici
es.

Tenant
sall
owr
e-useofanI
PAddr
essspacei
.e.mul
ti
plet
enant
scanhav
esameI
PAddr
ess
schemas.

CiscoACItenantscancontainmult
ipl
epr
ivat
enet
wor
ks(
VRFi
nst
ances)
.Oneusercr
eat
ed
tenantcan’
ttal
ktoanothertenant
.

Bydef
aul
t,ACIhast
hreet
enant
s:Common,
Inf
ra&Management
.

Usert
enanti
sforadmi
nist
rat
orst
ocr
eat
ethei
rownt
enant
.

Tenantcont
ainsVRFs,
BDs,
Subnet
s,Appl
i
cat
ionPr
ofi
l
es,
EPGs,
Subj
ect
s,Fi
l
ter
s,Cont
ract
s.

21.Whati
sCommonTenant
?

TheCommonTenanti spreconf
igur
edfordefi
ningpol
ici
esthatpr
ovi
descommonbehavi
orf
or
allt
hetenant
sinthef abri
c.Thepoli
ciesdef
inedwithi
ntheCommonTenantcanbeusedbyal
l
theTenants,
ifneeded.
22.Whati
sInf
rast
ruct
ureTenant
?

Answer:Inf
rast
ructureTenanti
susedforint
ernal
fabr
iccommunicat
ion.Thi
stenantdoesnot
getexposedtousert enant
.Fabr
icdi
scovery
,imagemanagementandDHCPf orfabri
cfunct
ions
areal
lhandledwithinthist
enant
.

23.Whati
sMGMTTenant
?

TheMGMTTenanti
spr
econf
igur
edf
ori
n-bandandout
-of
-bandconnect
ivi
ty

confi
gurat
ionofhostandfabri
cnodes(leaf
,spi
ne&contr
oll
ers)
.MGMTTenantisusedforIn-
Bandandoutofbandser v
ices.I
tprov
idesconveni
entmeanstoconf
igur
eaccesspol
ici
esfor
fabr
icnodes.

24.Whati
sVRF?

Answer:VRFIsvi
rt
ualRout
ingForwar
der
,al
soknownasContextandusedf
orcreati
ngsepar
ate
rout
ingtabl
e.I
PAddressnetwor
kscanbedupl
i
catedbet
weenVRFs.VRFscontainBri
dge
Domains.
25.Whatdoy
oumeanbyBr
idgeDomai
n?

Answer :
BD( Br
idgeDomai n)r
eferstoaVXLANandi sr epr
esentedbyVNI(VXLANNet work
I
dentif
ier)number.I
tiscontai
nerwhichcarr
iesmulti
plesubnetswithbr
idgi
ngfuncti
onal
ity
.
Traf
fi
cbet weenthesubnetswithi
nBDwi l
lbebr i
dged,i
.e.norouti
ngisr
equir
ed.Traff
icbetween
thesubnetsofdiff
erentBDs,wil
lrequi
rer
outing.

Ever
yhostisrepr
esent
edas/32Net
wor
kinACI
.Lay
er2f
loodi
ngi
sdi
sabl
edbydef
aul
twi
thi
na
BD,however
,canbeenabl
ed.

26.Whati
sInt
erf
acePol
i
cyi
nACI
?

Answer :
Iti
sthepoli
cywerequi
reforsett
ingupprot
ocol
sonI
nterf
acessuchasLACP,CDP,
Storm Cont
rol
,LLDP,Li
nk-
lev
elforspeed/dupl
exset
ti
ngs,
Net
Flow,Por
tSecuri
ty,
802.
1xpor
t
authenti
cat
ionandmanymor e.

27.I
fwedonotcr
eat
eInt
erf
acePol
i
cyi
nACI
,whatwi
l
lhappen?

Answer
:Int
hatcase,defaul
tpol
i
cywi
l
lbeappl
i
cabl
ee.
g.Def
aul
tCDP,
LLDP,
MCPpol
i
ceswi
l
l
beappl
i
cabl
eoni nt
erfaces.

28.Whatdoy
oumeanbySwi
tchandI
nter
facePr
ofi
l
es?
Answer:I
nACI
,eachl
eafswi
tchort
hepai
rofl
eafswi
tches(
forv
PC)needt
obei
dent
if
iedor
repr
esent
edwi
thSwit
chProf
il
e.

Ther
eaf
ter
,theseswi
tchpr
ofi
l
eswi
l
lneedt
obeassoci
atedwi
thI
nter
facePr
ofi
l
es.

I
nter
facesel
ect
orsi
nsi
deofI
nter
facepr
ofi
l
eswi
l
lbemappedwi
thI
PGs.

Thi
sassoci
ati
onpushest
heconf
igur
ati
ont
othei
nter
face.

29.Whati
sanAccessPol
i
cy?

TheAccessPol
i
ciesgov
ernt
heoper
ati
onoft
hei
nter
facest
hatpr
ovi
de

exter
nal
accesstothefabri
c.Accesspoli
ciesar
eusedforconfi
gur
ingt
heint
erf
acesorport
son
LeafSwi
tcheswhichconnecttoServer
s,Hosts,
Router
s,Fi
rewal
ls,
orot
herendpoi
ntdevi
ces.

Wecanenabl eportchannel
,vPCandpr ot
ocol
sli
keLLDP,CDP,LACPandsomeofthef
eatures
l
ikemonitori
nganddiagnosti
cs.OncetheACIAccesspol
i
cyissetup,
theni
tcanaut
omatethe
conf
igur
ationforr
estoftheinter
faces.

30.Whatpr
otocol
sar
ebydef
aul
tenabl
edi
nACII
nfr
ast
ruct
uref
abr
ic?

Answer
:IS-
IS(
Int
ermedi
ateSy
stem t
oInt
ermedi
ateSy
stem)
,LLDP,
DHCP&VXLANar
epr
e-
enabl
edi
nACIFabr
ic.

I
S-I
Sisusedf
orLay
er2Rout
ing,

LLDPi
susedf
ordi
scov
eri
ngLeafandspi
neswi
tches.

Leaf&Spi
ner
ecei
veaut
oIPusi
ngDHCP.

31.Whatdoy
oumeanby“
Cont
ract
”inCi
scoACI
?

Answer:Contr
act
sareusedtopermitordenyt
raf
fi
cflowswi
thi
ntheACIf
abr
ic.Theycont
rol
tr
aff
icbetweenEPGsi.
e.ther
elat
ionshi
pbetweentwoEPGsi
scall
eda“Cont
ract”
.

Cont
racti
smoreofextendedbidi
recti
onalAccessl
i
st.Cont
ract
saretherulest
hatgov
ernt
he
i
nter
acti
onofEPGs.Contr
actsdeterminehowappli
cati
onsusethenetwork.

“Contr
acts”ar
egr
oupofsubj
ect
swhi
chdef
inecommuni
cat
ionsbet
weensour
ceand
desti
nati
onEPGs.

“
Subj
ect
s”ar
eacombi
nat
ionofFi
l
ter
,Act
ionandLabel
.

Basi
cACIcont
racti
scomposedoft
hreeel
ement
s:

Subj
ect
,Fi
l
ter
,St
atement
s/Ent
ri
esusedi
nfi
l
ter
Compar
edwit
hACLswewon’ tf
indsourceanddesti
nat
ionI
Pdefini
ti
onsher
e.Thi
sdat
ais
det
ermi
nedonthegr
oundsofbelongi
ngtoaspecif
icEPGobject
.

EPG(
Cont
ractpr
ovi
der
)=Dest
inat
ionI
P

EPG(
Cont
ractconsumer
)=Sour
ceI
P

32.Whati
stabooCont
ract
?

Answer:
Taboocont
ractsar
eusedtodeny,andlogtraf
fi
crel
atedt
oregul
arcont
ract
sandar
e
conf
igur
edint
othehardwar
ebefor
etheregularcont
ract
.

Forexample,
ift
heobjecti
vewast oall
owtr
af f
icwithsourceport
s100t hr
ough900witht
he
except
ionofpor
t415,thentheregul
arcont
ractwoul dall
owallport
sintherangeof100t
hrough
900whilet
hetaboocontractwouldhaveasingleentrydenyi
ngport415.

Thetaboocont
ractdenyi
ngport415woul
dbepr
ogr
ammedi
ntot
hehar
dwar
ebef
oret
her
egul
ar
cont
ractal
l
owingports100thr
ough900.
33.CanIhav
esameVRFNamei
nmul
ti
pleTenant
s?

Answer
:Yes,
wecanhav
esameVRFinmult
ipl
etenants.EachTenanti
sdi
ff
erentl
ogi
cal
uni
t,so
wecanhavedupl
i
cat
eVRFnamesbet
weenTenants.

34.Canwel
i
nkoneEPGEndpoi
ntgr
oupt
omul
ti
pleBr
idgeDomai
ns?

Answer
:No,
Singl
eEPGcannotber
efer
encedt
omul
ti
pleBr
idgeDomai
ns.

35.Whatdoy
oumeanbyAppl
i
cat
ionPr
ofi
l
einCi
scoACI
?

Answer:Appl
icat
ionpr
ofil
es(
APs)ar
econtai
ner
sfort
hegroupi
ngofendpointgr
oups(EPGs)
.
Appl
icat
ionprofi
l
escontai
noneormoreEPGs.Moder
nappli
cat
ionscont
ainmulti
ple
components.

Forexample,
ane-commerceappl
i
cat
ioncoul
drequi
reawebserver
,adatabaseser
ver
,dat
a
l
ocatedinastor
ageareanet
work,
andaccesst
ooutsider
esour
cesthatenabl
efi
nanci
al
tr
ansact
ions.

Theapplicat
ionprof
il
econtai
nsasmany(orasf ew)EPGsasnecessaryt
hatar
elogical
l
y
rel
atedtoprovi
dingthecapabi
li
ti
esofanappl
icati
on.EPGsar
eassignedtodi
ff
erentbri
dge
domains.Remember ,OneEPGcanbeassignedtooneBDonly.
Appl
i
cat
ionPr
ofi
l
esar
ecr
eat
edi
nsi
deoft
het
enant
.

36.Whatar
ethedi
ff
erentt
ypesofEPGs?

Answer
:

EPGscont
ainendpointsthathavecommonpol i
cyrequi
rementssuchassecur
ity,
vir
tual
machi
nemobili
ty(VMM) ,QoS,orLayer4toLayer7servi
ces.Rat
herthanconf
iguri
ng&
managi
ngendpointsindi
vidual
ly
,theyar
eplacedinanEPGandar emanagedasagr oup.

TheACIf
abr
iccancont
aint
hef
oll
owi
ngt
ypesofEPGs–

·Appl
i
cat
ionendpoi
ntgr
oup(
fvAEPg)

·Lay
er2ext
ernal
out
sidenet
wor
kinst
anceendpoi
ntgr
oup(
l2ext
Inst
P)

·Lay
er3ext
ernal
out
sidenet
wor
kinst
anceendpoi
ntgr
oup(
l3ext
Inst
P)

·Managementendpoi
ntgr
oupsf
orout
-of
-band(
mgmt
OoB)ori
n-band(
mgmt
InB)access.
37.Cant
hepol
i
ciesbeappl
i
edt
oendpoi
ntsi
ndi
vi
dual
l
y?

Answer :
No,poli
ciescanonlybeappl
iedt
oEPGs.Rat
herthanconf
igur
ing&managi ng
endpointsi
ndivi
duall
y,t
heyarepl
acedinanEPGandaremanagedasagr oup.Ther
efore,
poli
ciesareappli
edtoEPGs

38.Canwecr
eat
emul
ti
pleBr
idgeDomai
nsi
nsi
deofsameVRF?

Answer:Yes,wecanalwayscr eatemoret
hanonebri
dgedomaininsameVRF; however,
we
cannotdupli
cat
ethesubnets.Br i
dgedomaini
saLayer2const
ructwit
hinthefabri
c,usedto
defi
neaf l
ooddomain,al
sor epresent
edwit
hVNI(VXLANNetworkIdenti
fi
er)
.

39.Whatdoy
oumeanbyPr
ivat
eNet
wor
korVRF?

Answer:VRForPr i
vat
enetworkinACIissameasVRFi ntr
adit
ional
networ
king.VRFisalso
knownascont extorv
irt
ualr
outi
ngt abl
e.I
tcont
ainsL3Routi
nginst
ancesandIPs.VRFsare
partofatenantandnetwor
ksinsideofVRFsmustbeuniquebutcanhavedupli
catesubnets
betweenVRFs.

VRFcanhav
edupl
i
cat
enamei
fthesear
epar
tofdi
ff
erentTenant
s.

Mul
ti
pleVRFscanbel
i
nkedt
oaTenant
.
40.Whati
sL3outorExt
ernal
L3outandwher
eiti
sused?

Answer :UsingaLay er3Out,ACIcanext endit

sconnect i
vi
tytotheexternaldevi
ces.These
externaldevicesmaybeExt ernal Router,f
ir
ewallorLayer3Switchandar econnectedonLeaf
Switches(ther efor
e,knownasBor derLeafSwit
ches).Borderl
eav esuseEIGRPOSPF, BGP
dynami croutingpr ot
ocolandst aticrouti
ngtoexchangeext er
nalprefi
xesandnet works.We
createExternal L3EPGbasedonpr ef
ixeswereceivefr
om externalnetwork.I
noneEPG, wecan
haveal l
networ ksaswelli
.e.0.0.0.0/0.

41.Whi
chr
out
ingpr
otocol
runsf
ori
nter
nal
communi
cat
ionbet
weenACISpi
neandLeaf
?

Answer:Wit
hintheACIfabri
c,weuseMul ti
protocol BGP(MP- BGP)betweenthel
eafandspi ne
swit
chestopropagateexter
nalrouteswithi
nt hef abri
c.Ext
ernalpr
efi
xeswill
beredist
ributedi
n
toBGPandt hentherewil
lbemut ualredi
stri
butionf r
om BGPt othedynamicrout
ingprotocol
bei
ngusedatBor derLeaf
.Weneedt oenablet hisMP- BGPatPODl evelbycr
eati
ngPODpol i
cy,
PODpolicygroup&PODPol icyProfil
e.

Onl
yoneASwi
l
lbeusedi
ntheACIf
abr
ic,
ther
efor
e,LeafandSpi
ner
elat
ionshi
pwi
l
lbei
BGP.

42.I
nACIFabr
ic,
whi
chnodei
sconf
igur
edasBGPRout
eRef
lect
or?Whyi
tisr
equi
red?

Answer
:WeuseoneASwi
thi
nACIFabr
ic.I
tmeansonl
yIBGPpeer
swi
l
lexi
st.

Si
ncepr
efi
xesofoneIBGPcan’
tbeshar
edwi
thot
herI
BGPpeersoweneedt
ouseei
therf
ull
meshorBGPRouteRefl
ect
or.
ACIfabr
ici
s2-
ti
erar
chi
tect
ureandwecan’
thav
eful
lmesh,sowewi
l
luseBGPRRbymaki
ng
Spi
neasRRandLeafswit
cheswil
lbecomeBGPRRCli
ent
.

Answeri
sweneedt
oconf
igur
eal
lspi
neswi
tchesasBGPRR.

43.Whi
chCi
sco9Kmodel
sar
eusedasSpi
neNodesi
nACISet
up?

Answer
:Li
stofCiscoNexusSpi
neSwi
tches–9316D-
GX,
9332D-
GX2B,
9336PQ,
9364D-
GX2A,
9364C,
9332C,9504,9508,
9516

Referthi
slinkforlat
estmodel
s-htt
ps:
//www.ci
sco.
com/
c/en_
in/
product
s/swi
tches/
nexus-
9000-ser
ies-swit
ches/model
s-compar
ison.
html

44.Whi
chCi
sco9Kmodel
sar
eusedasLeafNodesi
nACISet
up?

Answer:ListofCi
scoNexusleafSwi t
ches–C9316D- GX,C93600CD-GX,C9332DGX2B,C9364D-
GX2A,93120TX, 93108TC,9348GC-FXP, 93108TC-FX,93180YC-EX,
93180YC-EX,93180YC-
FX,
93180YC-FX3,93240YC-FX2,93360YC-FX2, 9336C-FX2,9336C-
FX2-E,
9364C-GX
Referthi
slinkforlat
estmodel
s-htt
ps:
//www.ci
sco.
com/
c/en_
in/
product
s/swi
tches/
nexus-
9000-ser
ies-swit
ches/model
s-compar
ison.
html

45.CanweconnectAccessLay
erswi
tchesi
ndownl
i
nkt
oLeafNode?

Answer:Yes,wecanconfi
gureNetworkSwitches(
Cataly
st,Nexus,orotherVendorSwit
ches)
asdownlinktoACILeafSwi
tches.Thoughthemanagementoft hesenon-ACIFabricswi
tches
wil
lremainsepar
ateandcannotbebundledintoACIFabri
ccontrol
led/
managedv i
aAPIC
cont
roll
ers.

Wecancr
eateanexter
nalL2net
wor
k/Ext
ernal
L2EPGi
fwewantt
oconnectExt
ernal
L2
domai
nwit
hACIBridgeDomain.

46.Ihav
eTr unkport
sconfi
guredinoneEPG.Cant heaccesspor
tsal
sobeaddedinsameEPG?
Answer:Yes,i
tcanbeconfi
gured.Seebelowsnapshot,
youcanseethati
ntheAppEPG-1,
we
canseeonepor ti
ntrunkwher
easot heri
naccess(unt
agged).
47.Canwei
ntegr
atemanagementoft
hir
dpar
tydev
icesi
nAPI
Ccont
rol
l
er?

Answer:TheCiscoACIprogrammabi l
itymodel all
owscompl eteprogr
ammat icaccesstothe
appli
cati
oncentr
icinfr
ast
ructure.Wit
ht hisaccess,customerscanint
egratenetwork
deploymenti
ntomanagementandmoni tori
ngtoolsanddeploynewwor kloads
programmati
call
y.CiscoACIFabr i
chasAPI s(Applicat
ionProgrammingInterf
ace)toint
egrat
e
3rdpartydev
icesmanagedt hroughAPICCont r
oll
er.

48.Whataret
heopt
ionsav
ail
abl
etoest
abl
i
shl
ocal
ser
ial
connect
iont
otheAPI
Ccont
rol
l
ersf
or
I
niti
alSet
up?

Answer
:Ther
ear
etwoopt
ionsav
ail
abl
e–

·UseaKVM cabl
etoconnectakey
boar
dandmoni
tort
otheKVM connect
oront
hef
rontpanel
oftheser
ver
.

·ConnectaUSBkey
boar
dandVGAmoni
tort
othecor
respondi
ngconnect
orsont
her
earpanel
oftheserv
er.

Not
e,wecannotuset
hef
rontpanel
VGAandt
her
earpanel
VGAatt
hesamet
ime.
49.Whatar
e2t
ypesoft
abl
esanddat
abasesi
nACI
?

Answer
:Theset
wot
abl
esar
easf
oll
ow:

·LST( Localst
ationTable)-Thistabl
econtainsaddressofal
l hostat
tacheddirectl
ytoleaf.
WhenEndPoi ntsarediscovered,t
hist
abl
ei spopulatedandissynchroni
zedwi thspine-
proxy
ful
lGST.WhenanyBr idgeDomai nisnotconf i
gur
edf orr
outi
ng, t
henLSTl ear
nsonlyMAC
address(s)andiftheBDi senabledwithr
outingoption,t
hist
ablewill
learnbothIPaddr essand
MACaddr essofEndPoi nts.

·GST(GlobalSwit
chingTabl
e)-GSTcont
ainsaddressesofal
lhost
slear
nedasr
emot
eend
poi
ntsthroughact
iveconver
sati
onandar
el ocal
l
ycached.Thetabl
econtai
ns

Local
MacandIPentr
iesofEndPoi
nts,Remot
eMACi fther
eisanact
iveconver
sat
ion(
VRFs,
BD,MacAddr
ess)
,RemoteIPift
her
ei sanact
iveconv
ersat
ion:
VRF,I
Paddress

50.Whati
sthel
atestv
ersi
onofACIFabr
ici
nmar
ket
?

Answer
:Lat
estv
ersi
onofACIi
nmar
keti
sACI5.
0
51.Whatdoy
oumeanbyt
heconceptofSHARDS?

Answer: TheAPICclusterusesalargedatabasetechnologycal
l
edSharding.Thist
echnol
ogy
provi
desscalabi
li
tyandr eli
abi
li
tytothedatasetsgeneratedandpr
ocessedbyt heAPIC.The
dataforAPICconfigurati
onsisparti
ti
onedintol
ogicall
yboundedsubsetscall
edshardswhich
areanalogoustodatabaseshards.Ashardi saunitofdatamanagement ,andtheAPIC
managesshar dsinthef ol
lowi
ngway s:

·Eachshar
dhast
hreer
epl
i
cas.

·Shar
dsar
eev
enl
ydi
str
ibut
edacr
osst
heappl
i
ancest
hatcompr
iset
heAPI
Ccl
ust
er.

Oneormoreshardsarelocat
edoneachAPI
Cappli
ance.Thesharddat
aassignment
sarebased
onapredet
erminedhashfuncti
on,
andast
ati
cshar
dlayoutdeter
minestheassi
gnmentof
shar
dstoappli
ances.

52.Whati
sMul
ti
-PodACI
?

Answer
:ACIMult
i-
Podrepresentsthenat
uralevol
uti
onoft
heori
ginal
ACISt
retchedFabr
ic
desi
gnandal
lowstoi
nterconnectandcentr
all
ymanagesepar
ateACInet
works.
ACIMul
ti-
Podispar
tofthe“
Singl
eAPICCluster
/Singl
eDomain”famil
yofsol
utionsasasingl
e
API
Cclusteri
sdepl
oyedtomanageal
lthedif
ferentACIf
abr
icsthatar
eint
erconnected.

Thoseseparat
eACIfabr
icsar
enamed“
Pods”andeachoft
hem l
ooksl
i
kear
egul
art
wo-
ti
ers
spi
ne-l
eaffabr
ics.

ThesameAPICclust
ercanmanagesever
alPodsandtoincr
easet
heresi
li
encyofthesolut
ion
thev
ari
ouscont
roll
ernodest
hatmakeuptheclust
ercanbedepl
oyedacr
ossdiff
erentPods.

53.Whati
sconceptofmi
crosegment
ati
oni
nCi
scoACI
?

Answer:
Microsegmentati
onwit
htheCiscoAppli
cati
onCentr
icInf
rast
ruct
ure(ACI)pr
ovi
desthe
abi
li
tyt
oautomat i
cal
lyassi
gnendpoi
ntstol
ogicalsecur
it
yzonescall
edendpointgr
oups(EPGs)
basedonvar
iousattr
ibut
es.

Microsegment
ati
onwi
thCi
scoACIpr
ovi
dessuppor
tforv
irt
ual
endpoi
ntsat
tachedt
othe
f
ollowing:
·VMwar
evSpher
eDi
str
ibut
edSwi
tch(
VDS)

·Ci
scoAppl
i
cat
ionVi
rt
ual
Swi
tch(
AVS)

·Mi
crosof
tvSwi
tch

Endpointgr
oups( EPGs)areusedt ogr oupvir
tualmachi nes(VMs)wit
hinat enantandapply
fi
lt
eri
ngandf orwardingpoli
ciestothem.Mi crosegment ati
onwithCi
scoACIaddst heabi
li
tyto
associat
eEPGswi t
hnet wor
korVM- basedattri
butes,enabli
ngyoutofi
lterwi t
hthoseatt
ri
butes
andapplymor edynami cpoli
cies.Microsegmentationwi t
hCiscoACIal
soal lowsyoutoapply
poli
ciestoanyendpoi nt
swithinthetenant.

54.Whati
sther
oleofVXLANi
nACIf
abr
ic?

Answer:VXLANisani ndustry-
standardprotocolthatextendsLayer2segment soverLayer3
i
nf r
ast
ruct
uretobuil
dLay er2ov erl
ayl ogi
calnetworks.TheACIinfrastr
uctureLayer2domai ns
resi
deintheover
lay,wit
hi sol
atedbr oadcastandfail
urebr i
dgedomai ns.Thisapproachall
ows
thedatacent
ernetworktogr owwi thouttheriskofcreati
ngt ool
argeaf ail
uredomai n.

VXLANusesa24-bi
tVNI
Dfort
aggingt
raf
fi
cwhichal
lowsfor16mil
li
onsegment
sasopposed
tot
he12-
bit802.
1QVLANIDwhichonl
ygivesy
ou4096segments.

Usertr
affi
cisencapsul
atedf
rom t
heuserspacei
ntoVXLANanduset
heVXLANov
erl
ayt
o
pr
ovidelayer2adj
acencywhenneedto.
So,wecanemulatet
helayer2connect
ivi
tywhi
l
epr
ovi
dingt
heext
ensi
bil
i
tyofVXLANf
or
scal
abi
li
tyandf
lexi
bil
i
ty.

Al
ltr
affi
cwit
hint
heACIFabr
ici
sencapsul
atedwi
thanext
endedVxLANheaderal
ongwi
thi
ts
VTEP,VXLANTunnel
EndPoint
.

TheACIVXLANpacketcontai
nsbot
hLay er2MACaddressandLayer3IPaddresssour
ceand
dest
inat
ionf
iel
ds,
whichenabl
eseff
ici
entandscal
abl
eforwardi
ngwithi
nthefabri
c

Whent r
aff
icisreceivedfrom ahostattheLeaf ,f
ramesar etranslat
edtoVxLANand
t
ransport
edt othedestinati
onont hef
abric.ACIfabri
cgi vestheabili
tytocompl et
elynor
mali
ze
t
raff
iccomingf rom oneLeafandsendt oanot her(i
tcanbeont hesameLeaf )
.Whent he
f
ramesexitthedest i
nationLeaf,
theyarere-encapsulatedtowhat everthedesti
nati
onnetwor
k
i
saskingfor.Itcanbef ormatt
edtountaggedf rames, 802.1Qtruck,VxLANorNVGRE.

Goodt
hingisthat
,VXLANi
sautomati
cal
lyconfi
guredi
nCiscoACI,
ther
efore,
wedonothav
eto
doany
thing.Wher
eas,i
nNon-
ACIinf
rast
ruct
ure,i
tmaytakehour
stoconfigur
eVXLAN.