Professional Documents
Culture Documents
ACI_Feature_Updates
ACI_Feature_Updates
3F Version Update
ACI PIW
Anirudh Kashyap, Technical Marketing Engineer
ACI PIW
November 23, 2023
▪ Summary of enhancements
▪ Serviceability Enhancements
▪ GUI Walkthrough
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summary of Enhancements
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
New Hardware Feature
All GX2 Switches support the 100G to 25Gx4 breakout
9364D
Current GX2 Switches are
• N9K-C9364D-GX2A
• N9K-C9332D-GX2B
• N9K-C9348D-GX2A 9348D
• N9K-C9408
9300GX2 Switches
9400GX2 Switches
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 9408 Switch
vzAny and L3Out PBR for Multisite
Current Limitations
• East-West (EPG-to-EPG) intra-VRF and inter-VRF contract with PBR, PBR enforcement pin down to
provider side. Consumer EPG is network centric and no support for host subnet.
• North-South (L3Out-to-EPG) intra-VRF and inter-VRF contract with PBR, PBR enforment is on EPG
(NBL) side
• In the case of inter-VRF, the L3Out EPG must be the provider
• EPG-->L3out direction, no pctag translation
• L3Out-L3Out intra-VRF and inter-VRF contract with PBR is NOT supported
• vzAny-to-EPG/L3Out or vzAny-to-vzAny contract with PBR is NOT supported.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
vzAny and L3Out PBR for Multisite
Use-cases and issues
New Use-cases and Requirements from Customers
• Intra-vrf vzAny-vzAny
• Intra-vrf vzAny-EPG
• Intra-vrf vzAny-l3Out
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
vzAny and L3Out PBR for Multisite
Feature overview
• Vzany-vzany, vzany-l3out, l3out-l3out - Traffic goes to both site FWs with aclRule
• Use Site info as filter - To solve the app-centric first packet drop issue using sg_label
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
NDO GUI
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI GUI
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI VMM Integration with Nutanix
Nutanix Cluster
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Pre-requisites and considerations of Nutanix Integration
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Software Architecture of Nutanix Integration
Nginx PolicyDist PolicyMgr Doer Event Listener
VmmMgr
PC/PE
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Configure - vmmDom
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Configure - vmmDom
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Configure - vmmDom
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Configure – DHCP Pool
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Configure – EPG
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Inventory
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI:Statistics
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
LLDP for Azure stack HCI
Requirements for AzureStack HCI 20H2
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI Configuration breadcrumbs
LLDP default policy:
LLDP default policy under Fabric-> Policies -> Global -> LLDP Policy default and
select lldp optional TLVs in the Optional TLV Selector part.
Configuration guide:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_APIC_CDP_and
_LLDP_Management_Interface.html
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
NSX-T Integration with Policy Mode
Understanding Policy Mode • NSX-T release 2.4 introduced a new policy API.
• VMware announced the deprecation of Manager
mode APIs and UIs.
• It uses a declarative API model and can be used to
create the entire intent in one go without caring about
ordering or having to make multiple API calls.
• This reduces the number of configuration steps
drastically.
• NSX-T Policy API has a simplified data model and
can be consumed with a now easier, intent-based
approach.
• From NSX-T 2.4 release, users interact with the NSX
Manager using the Simplified UI.
• The traditional objects will be available under the
Advanced UI.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Changed Object Mapping in APIC
Management API Policy API ACI equivalent
Logical switch segment Port group
T1 logical router Tier 1 Gateway NA
T0 logical router Tier 0 Gateway NA
NSgroups, IP sets, MAC sets Group NA
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI Config First time EPG Creation
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI Configuration – While adding VMM Domain after
EPG Creation
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Migrate from Management API to Policy API
NSX-T ACI
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
TCP MSS
About TCP MSS
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
TCP MSS Feature detail
• For TCP sessions, TCP-SYN packets carry Maximum Segment Size (MSS).
• MSS informs hosts to send TCP packets adhering to this size.
• MSS = MTU - IP Hdr Size – TCP Hdr Size
• ACI fabric can intercept these packets and reduce the MSS to a customer
defined threshold such that packet size does not exceed IPN/WAN MTU.
• Works only for TCP sessions.
• Not developed for UDP packets at this time.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
TCP MSS Adjust Deployment modes
• Location aware(RL/MPOD/MSITE)
• ToRs with same TEP-POOL are considered in same location. ()
• No TCP-MSS adjust if the src/dst tors are in same tep-pool.
• Do TCP-MSS adjust if the src/dst tors are NOT in same tep-pool
• Fabric level knob
• SUP Punt is on on egress ToR
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
UI Configuration of TCP MSS Adjust
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
OSPF Hitless SMU
• Before the implementation of feature Hitless SMU, OSPFv2 and OSPFv3 processes are not restart
able. This implies that in case OSPFv2 or OSPFv3 process crashed/restarted the box would reload
• Restart SMU for OSPF would be supported from 6.0.3, earlier only reload SMU was supported for
OSPF
CLI Implementation
• OSPF process should be able restart when issuing a CLI command from ibash.
• This command will trigger system manager to request for a cleanup from OSPFv2/v3 and eventually
exit. Post exit of process, system manager will start the process again treating the exit as graceful
process exit.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Rouge EP Exception List – Feature Overview
Rogue EP:
• Developed to prevent rapidly moving MAC/IP Eps.
• Rogue Eps are marked static temporarily.
• Rogue fault is raised so that corrective action can be taken by the user.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Rouge EP Exception List Feature Highlights
• List of MAC addresses which can be exempted from default global Rogue behavior.
• MAC addresses in the exception list will use a higher move threshold.
• When EP moves more than 3000 times in a 10-minute interval, It will be marked as
static/rogue for 30 seconds.
• Rogue exception behavior applies only to the MAC addresses and not for any IP address
associated with the MAC.
• MACs under this list are also registered for relaxed coop dampening on the spine.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
GUI Config for BD
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
GUI config for wild-card MAC
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
GUI Config for L3Out
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Q&A
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public