Aci best practice configurations – npower electricity supplier number

##########

The top question all new ACI customers have (or should have), is what are the configurations that should be enabled on my fabric from the beginning? With that in mind, we’re going use this post as a living document with configurations that are considered “Best Practice” to have enabled. We will keep this document updated as new versions come out, so don’t forget to bookmark this page! Wherever possible, we will include the Cisco documentation for the links, or at the very least, a detailed explanation of our reasoning.

• Enforce Subnet Check is somewhat like “Limit IP Learning to subnet”, but on steroids. You might remember that the “Limit IP Learning to subnet” BD configuration option prevents the learning of IP endpoints if they are not a subnet configured on the BD. “Limit IP Learning to subnet” does NOT drop the packet, it just stops it from being learning on the BD. The packet can still be learned on a leaf that does not have the BD configured (i.e., a border leaf). electric utility companies in florida This can be problematic, and thus, the need for the Enforce Subnet configuration option. When enabled, we will not learn the IP component at the VRF level as well.

• While the EP Loop Detection configuration has good intentions, (i.e., finding a loop, and killing it), I have found that it is triggered as often (or more) by false positives, such as Vmotions of VMs, as it finds true loops. For this reason, while I would leave it enabled , I would make sure that both of the actions (i.e., BD learn disable, Port disable) were disabled (not checked). electricity in water pipes With both of the actions disabled, EP loops will still generate faults and be sent to your Syslog/SNMP Trap server, if configured.

• When IP Aging is not enabled (which is the default), if multiple IP’s are learned on a single MAC, then as long as the MAC is active then all IP’s will stay learned on the fabric. Cosmetically, this is undesirable in scenarios where DHCP enabled hosts get a new IP address but both IP’s are still shown within the EPG operational tab as tied to that MAC. This feature will age each IP separately to address that scenario. At 75% of the endpoint retention timer, a directed ARP is sent to the IP component of the endpoint, and if unanswered, ACI will allow the IP endpoint to age out.

• The APIC provides a managed object (fabric:SecurityToken), that includes an attribute to be used for the MD5 password. An attribute in this managed object, called “token”, is a string that changes every hour. COOP obtains the notification from the DME to update the password for ZMQ authentication. gas smoker recipes The attribute token value is not displayed.

At a high level, options 2 and 3 will prevent the mis-learning of IP endpoints on your fabric that can occur. Mis-learning of endpoints leads to things like black-holed packets, as a remote IP endpoints can get stuck on a border leaf (for example). The process of clearing such events is cumbersome and causes a lot of heartburn. For detailed examples of use cases for each of the endpoint configuration knobs, please check out the ACI Endpoint Learning Whitepaper (below). While I always recommend that these changes are performed in a maintenance window, the impact from enabling these options would be basically non-existent (i.e., a flush of remote IP endpoints in the VRF will occur).

• Do not enable Unicast Routing if ACI is not the L3 Gateway for your Subnet. Why would you ever enable unicast routing if ACI is not the L3 Gateway? Without Unicast routing enabled, ACI will not learn the IP address for Endpoints. This leads some customers to enable Unicast routing, because (understandably) they want to learn the IP endpoint and not just the mac-address of connected devices. q gas station cleveland ohio The problem with this, is it can lead to asymmetric routing, which can result in packets being dropped or mis-routed.

• In Network-Centric Mode (i.e., VLAN=EPG=BD), Do not configure multiple EPGs to a BD. When you mapping Vlans to EPGs and BDs in ACI, the external STP and HSRP multicasts are flooded in the same BD. v gas llc For example, if you have Vlan 11 (EPG11) and Vlan12 (EPG12) attached to the same BD, HSRP hellos for both Vlans will intermingle in the BD and cause problems in your external (non-ACI) environment.

• Consider ARP Flooding + GARP-based detection – This is a 50/50 recommendation. I could go either way, but if it is my datacenter, I’m probably going to enable this configuration option. The Pro’s for GARP-based detection is that it will prevent IP learning issues in a specific situations. The Con is that you have to enabled ARP Flooding on the BD before you can configure the GARP-based detection. gas exchange in the lungs occurs due to From the Cisco ACI Fabric Endpoint Learning Whitepaper – “Although Cisco ACI can detect MAC and IP address movement between leaf switch ports, leaf switches, bridge domains, and EPGs, it does not detect the movement of an IP address to a new MAC address if the new MAC address is from the same interface and same EPG as the old MAC address. When the GARP based detection option is enabled, Cisco ACI will trigger an endpoint move based on GARP packets if the move occurs on the same interface and same EPG. If a GARP packet comes from the same interface and same EPG, then endpoint learning is triggered only when Unicast Routing, ARP Flooding, and “GARP based detection” are all enabled for the bridge domain. Although this scenario has not been widely seen across our customer base, in some cases customers do change their IP to MAC bindings and need to enable GARP-based detection.”

Performing an ACI Fabric Setup is one of the best things about ACI. However, proper planning for your fabric setup values is critical. When considering the values for your ACI fabric, it is important to remember that changing either the infrastructure IP address (TEP IP pool) range or the infra VLAN after the initial provisioning setup process is not possible without rebuilding the fabric.

When performing your initial Fabric Setup, you are required to input a “TEP address range”. This range of IP addresses is used primarily to provide TEP addresses for Leaf and Spine nodes in the fabric. While the default value for this is 10.0.0.0/16, it is considered best practice to provide a unique address block for your TEP pool for a couple of reasons:

Because this vlan can be extended outside of the fabric (Openstack integration, AVS/AVE), it is a best practice to have this as a unique Vlan in your environment. In addition, many Cisco devices have reserved Vlan ranges that are hard to modify (i.e., you have to reboot the switches for changes to take effect). gas pump icon Vlan 3967 is a Vlan which is not reserved on any Cisco switching platform and ideal for ACI.