What is a Health Group? A Health Group  is a configuration object used to group specific PBR destination interfaces—typically the consumer and provider interfaces of the same service node (such as a firewall or load balancer)—into a single logical unit for health tracking. How is it Useful? The primary purpose of a Health Group is to prevent traffic black-holing  when a service node experiences a partial failure. 1. Prevents Traffic Black-Holing  In a typical PBR deployment,

Normal L3Out vs Floating L3Out Explained Understanding Cisco ACI Multi-Pod Architecture In a Cisco ACI Multi-Pod design: Each Pod has an independent IS-IS control plane Endpoint learning is maintained through COOP Inter-pod communication uses MP-BGP Pods are interconnected via the IPN (Inter-Pod Network) Each Pod effectively behaves like an independent availability zone . When deploying: Active F5 in Pod 1 Standby F5 in Pod 2 You achieve true failure domain isolation, signifi

This article explains how traffic flows between Endpoint Groups (EPGs) across multiple sites in Cisco ACI using Nexus Dashboard Orchestrator (NDO). We will walk through three common design scenarios and explain both the configuration steps and the underlying traffic behavior. 1. Stretched Bridge Domain with Site-Local EPGs (Layer 2 Inter-Site Traffic) Scenario Overview In this scenario: EPG1  is located in Site 1 EPG2  is located in Site 2 Both EPGs belong to the same Bridge

High-Level Objective The goal is to enable  APICs, leaf switches, and spine switches  to: Use  in-band management IP addresses Carry management traffic  over the ACI fabric data plane Reach  external management services  such as DNS, NTP, TACACS, Syslog, and monitoring systems To achieve this, Cisco ACI requires  three mandatory building blocks , exactly as defined in the official documentation: Access policies to carry the In-Band VLAN In-Band management IP addressing within

Introduction One of the most misunderstood interface statistics in Cisco ACI and Nexus-based fabrics is the presence of “output errors”  on leaf–spine links, often accompanied by “stomped CRC”  or input errors  on the peer interface. At first glance, this can appear alarming—especially when: Host-facing ports show zero CRC or input errors Fabric links are stable for years Traffic volumes are extremely high Errors occur only occasionally, not continuously Common Scenario Obser

Understanding Interface Flapping and the Debounce Timer in Cisco ACI Interface flapping on Cisco ACI leaf switches is one of the most commonly misunderstood issues in environments connected to WAN, DWDM, dark fiber, or service-provider transport networks. A frequent question from engineers is: “Why does the interface continue to flap even though a 100 ms debounce timer is configured?” What Is the Debounce Timer in Cisco ACI? In Cisco ACI (Nexus 9000 Series leaf switches), the

LACP --> port-channel or vPC member flips When a port-channel or vPC member flips to Down  or Suspended , traffic can black-hole or pin to fewer links. In Cisco ACI, these symptoms almost always trace back to LACP negotiation or a physical/link-layer issue. The quick read If a member shows s (suspended) in show port-channel summary : ACI is transmitting LACPDUs but not receiving them, or partner parameters don’t match. If a member shows D (down) in a port-channel that’s SD :

Understanding Multicast in Cisco ACI 1. Multicast Traffic Flow in ACI In ACI, multicast traffic is primarily managed within Bridge...

Configuring Quality of Service (QoS)  in Cisco ACI (Application Centric Infrastructure)  involves creating and applying QoS policies that...

Step-by-Step instructions for migrating Cisco Multi-Site Orchestrator (MSO) to Cisco Nexus Dashboard Orchestrator (NDO) . Cisco MSO to NDO Migration Guide 1. Understanding the Migration Cisco MSO (Multi-Site Orchestrator) is used for managing ACI Multi-Site deployments . Cisco has transitioned from MSO to Nexus Dashboard Orchestrator (NDO) , which is integrated into the Cisco Nexus Dashboard (ND) . This migration process involves moving all schemas, templates, policies, tenan

What is Cisco Nexus Dashboard? Cisco Nexus Dashboard (ND)  is a centralised  and unified management platform  designed to host multiple Cisco data center services in a single interface . Key Features: Manages multi-fabric deployments  including Cisco ACI , NDFC , and NX-OS  standalone switches Unified platform  that includes services like: Nexus Dashboard Insights (NDI)  – Real-time analytics, visibility, and assurance Nexus Dashboard Orchestrator (NDO)  – Policy and multi-fa

ACI Fabric Discovery Workflow Initial Setup on APIC1 (via KVM console): Provide basic configuration details (e.g., fabric name, APIC...

In-Band and Out-of-Band Management Two Management Options Out-of-Band (OOB) : Uses a dedicated physical management port on the back of...

Service node  – An external device where PBR redirects traffic, like a firewall or load balancer. Service leaf  – An ACI leaf switch that connects to the service node. Troubleshooting Unmanaged Mode Service Graph with PBR in Cisco ACI Without PBR Service Graph: Make sure both consumer and provider endpoints are learned. Confirm that these endpoints can talk to each other. Service Graph Deployment: Ensure that the deployed graph shows no errors. Check that VLANs and class IDs

How Loops Can Form in the ACI Fabric Incorrect cabling or misconfigurations can cause loops in the Cisco ACI fabric. A loop means there...

Overview of EPG and ESG: EPG (Endpoint Group):  Groups endpoints (e.g., servers or VMs) logically for defining application-based connectivity and security policies. ESG (Endpoint Security Group):  Groups endpoints for security purposes, offering flexibility for micro-segmentation and granular security. EPG (Endpoint Group) Groups endpoints (like servers or VMs) based on application requirements. Tied to traditional network identifiers (VLAN, subnet, VXLAN). Manages both forwa

What is BFD? Bidirectional Forwarding Detection (BFD)  is a network protocol that swiftly identifies failures in the forwarding path between two devices, such as routers or switches. It enables rapid detection of faults, often within milliseconds (sub-second), enhancing network reliability by reducing downtime. When to Use BFD: Indirect Connections: In scenarios where routers are connected through a Layer 2 device or cloud and cannot directly detect each other’s failures, BFD

Troubleshooting Users Resetting Local Admin Password Note:  This procedure is only for MSO OVA deployments in VMware ESX. It does...

Increasing CPU Cycle Reservation for Orchestrator VMs Cisco ACI Multi-Site Orchestrator VMs require a dedicated amount of CPU cycles to...

Troubleshooting Tools : Instructions on using tools like the Multi-Site troubleshooting report, API call logs, VM data collection, and...