ACI Q in Q Dot1Q Tunnel Data Forwarding
I- Overview
- 802.1Q tunnels on edge (tunnel) ports to enable point-to-multi-point tunneling of Ethernet frames in the fabric.
- Each tunnel carries the traffic from a single customer and is associated with a single bridge domain.
- ACI front panel ports can be part of a Dot1q tunnel. Layer 2 switching is done based on the destination MAC (DMAC) and regular MAC learning is done in the tunnel.
- You can include multiple edge ports and core ports (even across leaf switches) in a Dot1q tunnel.
EDGE Port:
- Edge port can be assigned only to one dot1qtunnel.
- EDGE Port receive Incoming customer VLAN. Add VXLAN header (associated with Tunnel BD VNID) to incoming traffic and forward to fabric.
- Edge port Dot1q tunnels are supported on Cisco Nexus 9000 series switches with “EX” or later suffixes in the switch model name.
CORE Port:
- You can configure multiple 802.1Q tunnels on the same core port to carry double-tagged traffic from multiple customers, each distinguished with an access encapsulation configured for each 802.1Q tunnel.
- Core port maps outer-VLAN to VNI assigned to the Dot1q tunnel.
- Both edge ports and core ports in Dot1q tunnel are supported on Cisco Nexus 9000 series switches with “FX” or later suffixes in the switch model name.
- For core ports, the Ethertypes for double-tagged frames must be 0x8100 followed by 0x8100.
–> An edge port may only be part of one tunnel, but a core port can belong to multiple Dot1q tunnels.
II- Dot1Q Tunnel Configuration in ACI
III- Use Cases and Packet Flows
Dot1Q Tunnel Configuration use cases:
- EDGE to EDGE
- EDGE to Core
- Core to Core
