Understanding Domain Types in Cisco ACI - External Bridge domains vs Fibre Channel Domains Vs L3 Domains Vs Physical Domains

 

Understanding Domain Types in Cisco ACI

Cisco ACI (Application Centric Infrastructure) provides a flexible and scalable network architecture. One of the key components in ACI is the concept of domains, which define how endpoints and external networks interact with the fabric. In this blog, we will explore four important domain types in Cisco ACI: External Bridge Domains, Fibre Channel Domains, L3 Domains, and Physical Domains. Understanding their roles and use cases is essential for designing robust ACI environments.

1. External Bridge Domains - Not Recommended

External Bridge Domains are used to extend Layer 2 connectivity beyond the ACI fabric. They are typically associated with L2Out configurations and allow external devices to participate in the same broadcast domain as internal ACI endpoints. This is useful for integrating legacy Layer 2 networks or extending VLANs to external switches.

2. Fibre Channel Domains

Fibre Channel (FC) Domains are designed for integrating ACI with storage area networks (SANs). These domains support Fibre Channel over Ethernet (FCoE) or native Fibre Channel protocols. They enable zoning and connectivity to storage arrays and are essential for environments that require high-performance storage access through Cisco MDS switches or similar infrastructure.

3. L3 Domains

L3 Domains are used for establishing Layer 3 routed connectivity to external networks. They are associated with L3Out configurations and support dynamic routing protocols such as OSPF and BGP, as well as static routes. L3 Domains are crucial for connecting the ACI fabric to the internet, WANs, or other routed domains.

4. Physical Domains

Physical Domains are used to connect bare-metal servers and non-virtualized devices to the ACI fabric. They are associated with AAEPs (Attachable Access Entity Profiles) and interface policies. Physical Domains typically use static VLAN pools and are ideal for environments where VLANs are manually assigned to interfaces for direct server or appliance connectivity.

Summary Comparison Table

Domain Type	Purpose	Associated With	Typical Use Case
External Bridge Domain	Extend Layer 2 outside ACI	L2Out	Legacy VLAN bridging, external switches
Fibre Channel Domain	SAN connectivity	FCoE, FC zoning	Storage integration (e.g., MDS, SAN arrays)
L3 Domain	Routed external connectivity	L3Out	Internet, WAN, external routing
Physical Domain	Connect physical devices to ACI	AAEP, Interface Profiles	Bare-metal servers, appliances

 

 

Understanding VLAN Pool Roles in Cisco ACI: Internal vs External or On-the-Wire

In Cisco ACI, VLAN pools are used to define ranges of VLAN IDs that can be assigned to endpoints. Each VLAN range must be assigned a role, which determines how the VLANs are used within the fabric. There are two primary roles: 'Internal' and 'External or On-the-Wire'. This blog post explains the differences between these roles, their behaviors, and typical use cases.

1. Internal VLAN Pool Role

The 'Internal' role is used for VLANs that are strictly for intra-fabric communication. These VLANs are not exposed outside the ACI fabric and are used for internal encapsulation and mapping EPGs to VXLAN VNIDs.

Use Cases:

·       EPG-to-EPG communication within the fabric

·       Service chaining ( Service Graphs etc.) or internal-only applications

·       solated tenants or test environments

2. External or On-the-Wire VLAN Pool Role

The 'External or On-the-Wire' role is used for VLANs that are visible outside the ACI fabric. These VLANs are preserved on the wire and are used for external connectivity such as L2Out, L3Out, bare-metal servers, and VMM domains.

Use Cases:

·       Integration with legacy VLAN-based networks

·       VMM integration where VLANs must match hypervisor configurations

·       Bare-metal servers requiring specific VLANs

Summary Comparison

Role	Visibility	VLAN ID Preservation	Typical Use Case
Internal	Fabric-only	No	Internal EPGs, service chaining, isolated tenants
External or On-the-Wire	Exposed on physical wire	Yes	L2/L3Out, VMM, bare-metal, legacy integration

ACI Errors

1. Error 400 - the messaging layer was unable to deliver the stimulus (no replica is available)

Resolution - This error occurs when there is issue with the APIC inter communication. please check if the APIC cluster is healthy.

2. Error: 400 - Cannot configure if dFromPort = 0 and dToPort != 0 Dn0=uni/tn-T1/flt-Filter-tcp80/e-Entry_TCP80

Resolution - Check the Destination From and To field in the ACI filters. If you want to filter some specific port like port http then select http on both FROM and TO field. 

You cannot have unspecified in  FROM and http in TO field.

What is Cisco transceiver QSFP-100G-FR

QSFP-100G-FR is a Cisco transceiver for 100G connectivity over single mode fibre.

Feature	Description
Form Factor	QSFP28 (Quad Small Form-factor Pluggable)
Data Rate	100 Gbps
Reach	Up to 2 kilometers
Fiber Type	Single-Mode Fiber (SMF)
Connector Type	LC Duplex
Wavelength	1310 nm

How different componet of ACI fits together

1.  VLAN Pool → defines VLANs (e.g., VLAN 113)
2. Domain → links to VLAN Pool (e.g., Physical Domain)
3. AEP → links to Domain
4. Interface Policy Group → links to AEP
5. Interface Profile → applies Interface Policy Group to a port
6. Switch Profile → applies Interface Profile to a switch
7. EPG → statically binds to the port using VLAN from the pool

Basic Vs Standard Public Ip Adddress SKU in AZURE

 Publick IP address in Azure is available in two SKUs.

Below are the key dfferences between Basic and Standard Public IP addresses.

IP Helper address in NXOS

 In NX-OS, the command equivalent to Cisco IOS's ip helper-address for DHCP relay is ip dhcp relay address. Both commands serve the same purpose: forwarding DHCP requests from clients to a DHCP server located on a different subnet.