Cisco ACI uses Mis-Cabling Protocol (MCP) to detect and mitigate Layer 2 loops, replacing traditional STP participation. MCP sends special Layer 2 packets across access ports, VPCs, and virtual ports. If the fabric receives its own MCP packet, it identifies a loop and can either log the event or error-disable the port.
✅ Key Highlights:
- Global MCP policies are disabled by default; port-level policies are enabled.
- Global MCP Policy:
This is the master switch that controls whether MCP is active across the entire fabric. - Disabled by default: Even though
individual ports may be configured to support MCP, no MCP packets
are sent unless this global policy is explicitly enabled.
- Port-Level MCP Policy:
These are the interface-specific settings that determine how each port behaves when MCP is active. - Enabled by default: Ports are ready to participate in MCP loop detection, but they won’t actually send or process MCP packets unless the global policy is turned on.
- MCP works complementarily with STP on
external switches.
- BPDU filtering or disabling loopguard on
external switches helps prevent loop-related issues.
- Endpoint move loop detection is available but disabled by
default.
- MCP supports native VLAN mode and per-VLAN
mode (from APIC 2.0(2)) for granular loop detection.
- Faster detection introduced in APIC 3.2(1) with
transmission intervals as low as 100 ms.
- Scalability limits: 256 VLANs per interface and 2000 logical ports per leaf switch. Per-VLAN MCP will only run on 256 VLANs per interface. If there are more than 256 VLANs, then the first numerical 256 VLANs are chosen.
🔐 MCP Modes:
- Non-Strict Mode: Allows traffic while monitoring for
loops; default detection time is 7 seconds.
- Strict Mode (from APIC 5.2(4)):
- Performs early loop detection before
allowing data traffic.
- Uses initial delay and grace
period timers for STP convergence and aggressive MCP checks.
- Requires port flap to
activate on already-up ports.
⚠️ Strict Mode Guidelines:
- Not supported on FEX or QinQ
edge ports.
- Requires APIC 5.2(4) or
later on all participating leaf switches.
- May impact vPC convergence time.
- Must be disabled before downgrading the
fabric.
- Can cause both ports to
error-disable if loops are detected simultaneously.
MCP Mode Comparison Table
|
Feature |
Non-Strict Mode |
Strict Mode |
|
Traffic Acceptance |
Accepts data and
control traffic immediately |
Initially blocks
data traffic; only control packets allowed |
|
Loop Detection
Timing |
MCP packets sent
every 2 seconds; loop detection in ~7 seconds |
Aggressive MCP
packet transmission during grace period (default 3 sec) |
|
Early Loop Detection |
Not performed |
Performed before
allowing data traffic |
|
Port Behavior on
Loop Detection |
Port is
error-disabled |
Port is
error-disabled and shut down |
|
Activation
Requirement |
Active immediately |
Requires port flap
to activate if port is already up |
|
Timers Used |
Global MCP instance
policy |
Initial delay timer
+ grace period timer |
|
Default Initial
Delay |
Not applicable |
0 seconds (can be
set to 45–60 sec for STP convergence) |
|
Default Grace Period |
Not applicable |
3 seconds |
|
STP Compatibility |
Works with STP |
Accepts STP BPDUs
even if VLAN is not enabled |
|
Use Case |
General loop
detection |
Early and aggressive
loop prevention before traffic forwarding |
No comments:
Post a Comment