top of page
  • Writer's pictureMukesh Chanderia

Remote Leaf

Updated: Sep 15


  1. ACI remote leaf switch deployment allows extension of ACI fabric to remote data centers without a local spine switch or APIC.


  2. Remote leaf switches are connected to an existing pod in the fabric via the Wide Area Network (WAN).


  3. Policies set in the main data center are applied to remote switches, which function like local leaf switches within the fabric.


  4. Unicast traffic is sent through VXLAN over Layer 3.


  5. Layer 2 Broadcast, Unknown unicast, and Multicast (BUM) traffic use Head End Replication (HER) tunnels, without needing Multicast.


  6. Local traffic between endpoints at the remote site is switched directly, whether endpoints are physical or virtual.


  7. Traffic that requires the spine proxy is sent to the main fabric.


  8. Remote leaf switches can connect to virtual servers, physical servers, and containers.


  9. Traffic to endpoints connected to the remote leaf is handled locally by the remote leaf switches.


  10. You need second-generation spines and leafs, such as EX or FX, to use the remote leaf solution.

  11. The remote leaf solution is supported from the ACI 3.1(1) release.



Topology





These are the configurations used in the IPN device connected to the ACI Spine(s) in the main fabric:


vrf context RLEAF

description VRF created for remote-leaf lab


router ospf 1

vrf RLEAF

router-id 172.16.191.191

area 0.0.0.1 nssa


# In this example same IPN router is used to connect to RLEAF and SPINE

interface loopback191


vrf member RLEAF

ip address 172.16.191.191/32



Interface specific configurations on the IPN that connects to the Spine.



Remote WAN Configuration (RLEAF side)


vrf context RLEAF

description VRF created for remote-leaf lab

router ospf 1

vrf RLEAF

router-id 172.16.191.191

area 0.0.0.1 nssa

# In this example same IPN router is used to connect to RLEAF and SPINE

interface loopback191

vrf member RLEAF

ip address 172.16.191.191/32


Interface specific configurations on the IPN that connects to the RLEAF:



Note: Ensure the dhcp-relay IP is configured with the APIC fabric IP address under the interface connected to the remote-leaf.


This is required for the remote leaf to obtain the bootstrap files from APIC.


Note :

All inter-VRF traffic (pre-release 4.0(1)) goes to the spine switch before being forwarded.

For releases prior to Release 4.1(2), before decommissioning a remote leaf switch, you must first delete the vPC.



ACI Configuration


Step 1. Configure Pod Fabric Setup Policy


1. Navigate to Fabric > Inventory > Pod Fabric Setup Policy.

2. Double click to open Fabric Setup Policy for existing Pod.

3. Add (+) Remote Pool, provide a Remote ID (in this example: 11) and Remote Pool (in this example: 11.0.0.0/20) and click Submit.



Step 2. Configure Routed Outside from Spine to IPN


1. Navigate to Tenant > Infra > External Routed Networks.

2. Right-click and create Routed Outside.

3. Configure OSPF Routed Outside for Spine to IPN.

4. Use OSPF as a routing protocol.

5. Use overlay-1 as VRF.



If you use remote leaf with a multipod fabric, this "Enable remote leaf with Multipod" option must be checked.


Step 3 : Configure the Node profile for each spine connected to IPN



Step 4 : Configure interface profile for Node


Note : Ensure to use encap vlan-4 for remote leaf integration with a single pod.



Step 5 : Configure L3Out Network(External EPG) for IPN




Step 6 : Verification


Now that you've configured OSPF L3Out from Spine to the IPN device.


spine# show ip ospf neighbors vrf overlay-1


IPN# show ip ospf neighbors vrf RLEAF


IPN# show ip show ip route vrf RLEAF



Step 7 : Discover the Remote Leaf(s)


At this stage, the fabric is ready to discover a remote leaf connected to IPN across the WAN. Ensure that the IPN connected to the RLEAF has the route to the ACI pod infra network over the WAN network


RLEAF-IPN# show lldp neighborsCapability codes:  (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device  (W) WLAN Access Point, (P) Repeater, (S) Station, (O) OtherDevice ID            Local Intf      Hold-time  Capability  Port ID


switch               Eth3/34         120        BR           Eth1/54

switch               Eth3/35         120        BR           Eth1/54


RLEAF-IPN# show ip route vrf RLEAF


10.0.0.0/16, ubest/mbest: 2/0   

via 10.10.19.11, Eth3/38.4, [110/20], 00:01:21, ospf-1, nssa type-2   

via 10.10.20.11, Eth3/39.4, [110/20], 00:01:21, ospf-1, nssa type-2


Step 8 : Confirm if IPN got RLEAF is acting as DHCP - Relay


RLEAF-IPN# show ip dhcp relay


Helper addresses are configured on the following interfaces: 

Interface        Relay Address     VRF Name -------------    -------------     -------- 

Ethernet3/34.4    10.0.0.1 

Ethernet3/34.4    10.0.0.2 

Ethernet3/34.4    10.0.0.3 

Ethernet3/35.4    10.0.0.1 

Ethernet3/35.4    10.0.0.2 

Ethernet3/35.4    10.0.0.3


Step 9 : At this stage the RLEAF switches must be discovered in fabric


Inventory > Fabric Membership 



Step 10 : Register RLEAF switches


1. Identify the new leaf based on the serial number.

2. Right-click on the newly discovered leaf and click Register.

3. Provide the right Pod ID and Node ID.

4. Select the RL TEP POOL.

5. Provide a Node Name.

6. Check and Confirm the Role is selected as remote leaf.

7. Click Update.




Note: Ensure to select the correct RL TEP Pool you configured in .Also, check and confirm the Role is selected as a remote leaf automatically when you select the RL TEP POOL from the dropdown.


Now you can see the node type is identified as "remote leaf" and status as "Discovering". The node hasn't got a fabric IP address yet.



Step 11 : Configure Routed OutSide from RLEAF to IPN


Navigate to Tenant > Infra > External Routed Networks and create Routed Outside (L3 Out)




Step 12 : Create RLEAF node profiles for rleaf-203 (Node-203) and rleaf-204(Node-204)




Note: You can not see the Noderleaf-203 (Node-203)or rleaf-204 (Node-204) from theNode dropdown list as the RLEAF203 or RLEAF204 is not registered. So, manually enter the path in Node & Path fields as shown in the image.


Create the interface profile for node-203. Manually enter Node and Path fields as shown.

Node: topology/pod-1/node-203

Path: topology/pod-1/paths-203/pathep-[eth1/54]



Step 13 : Create Fabric External Connection Policy


Navigate to Tenant > Infra > Policies > Protocol > Fabric Ext Connection Policy > Fabric External Connection Policy and create Intrasite/Intersite Profile.


Add Fabric External Routing Profile with an external network of RLEAF203 and RLEAF204 connected to the WAN router (IPN).


In this case, those are 10.10.22.0/24 and 10.10.21.0/24 respectively.



Step 14 : Verify remote leaf obtains the fabric IP address from the APIC TEP pool.



Step 15 : QoS Configuration for Remote Leaf


It is required to classify ACI fabric classes (QoS Levels) to a DSCP value within IPN. To achieve this requirement, ACI Fabric should be enabled with DSCP class-cos translation policy for L3 traffic.


Navigate to Tenant > Infra > Policies > DSCP class-cos translation policy for L3 traffic 



11 views0 comments

Recent Posts

See All

OpFlex

OpFlex  is an open and extensible policy protocol developed by Cisco Systems. It is designed to facilitate communication between a policy...

Comments


bottom of page