Different Ways to Extend Layer 2 Domain Beyond ACI Fabric

AD.

There are several different ways to extend layer 2 domain beyond the ACI fabric: - Extend the EPG out of the ACI fabric - A user can extend an EPG out of the ACI fabric by statically assigning a port (along with VLAN ID) to an EPG.

The leaf will learn the endpoint information and assign the traffic (by matching the port and VLAN ID) to the proper EPG, and then enforce the policy.

The endpoint learning, data forwarding, and policy enforcement remain the same whether the endpoint is directly attached to the leaf port or if it is behind a layer 2 network (provided the proper VLAN is enabled in the layer2 network)

- Extend the bridge domain out of the ACI fabric - Another option to extend the layer 2 domain is to create a layer 2 outside connection (or external bridged network, as called in the APIC GUI) for a given bridge domain.

It effectively extends the bridge domain to the outside network.

- Extend the layer 2 domain with remote VTEP (future) - In the previous two options the incoming traffic from outside is tagged with a VLAN ID.

The ACI leaf classifies the traffic to the proper EPGby checking the port and VLAN ID.

In future software releases, the remote VTEP will be supported, and can be used to extend the EPG or bridge domain.

References:

To extend the Layer 2 domain beyond the ACI fabric, there are different ways to do it, two of which are described below:

A. Extend the bridge domain out of the ACI fabric: This involves creating a Layer 2 bridge domain outside of the ACI fabric and then connecting it to the ACI fabric. This allows for the extension of the Layer 2 domain to remote sites or non-ACI devices. The bridge domain can be extended using different technologies such as Virtual Extensible LAN (VXLAN), Multiprotocol Label Switching (MPLS), or Generic Routing Encapsulation (GRE).

D. Extend the EPG out of the ACI fabric: This involves extending the Endpoint Group (EPG) from the ACI fabric to remote sites or non-ACI devices. The EPG can be extended using different technologies such as VXLAN, MPLS, or GRE. This allows for the extension of Layer 2 connectivity between endpoints that are not directly connected to the ACI fabric.

B. Extend the VTEP out of the ACI fabric: This involves extending the Virtual Tunnel Endpoint (VTEP) outside of the ACI fabric to provide Layer 2 connectivity to remote sites or non-ACI devices. The VTEP is responsible for encapsulating and de-encapsulating the Layer 2 frames in VXLAN. By extending the VTEP, it allows non-ACI devices to participate in the VXLAN overlay network.

C. Configure fabric access policies on the ACI fabric to match the port settings at the remote end: This involves configuring the access policies on the ACI fabric to match the port settings at the remote end. This allows for the seamless integration of non-ACI devices into the ACI fabric. By matching the port settings, non-ACI devices can communicate with the ACI fabric without the need for any additional configuration.

In summary, to extend the Layer 2 domain beyond the ACI fabric, you can either extend the bridge domain out of the ACI fabric, extend the EPG out of the ACI fabric, extend the VTEP out of the ACI fabric, or configure fabric access policies on the ACI fabric to match the port settings at the remote end.