Cisco ACI Anycast Service Feature for Multipod PBR Overview
What Anycast Service in Cisco ACI
Prior to Cisco ACI release 3.2(4d), the use of the same MAC/IP combination on firewall nodes connected to separate pods would have led to the creation of duplicated IP/MAC entries across pods.
With the introduction of the “anycast service” feature in release 3.2(4d), the IP/MAC of the cluster can be configured as an anycast endpoint. This causes the spine in a pod to learn the anycast IP/MAC pod-local, while keeping the same MAC/IP entry of the other pods as a backup path.
The specific MAC/IP combination is only learned on the leaf nodes where the firewall nodes (anycast service) are directly attached; those leaf nodes then send a COOP update to the spines. From the spine nodes, the path to local attached anycast entry is always preferred. In case of a failure of all local service cluster nodes, the backup path to another pod is chosen.
How to configure Anycast service in Service graph PBR
Under the redirect Policy, enable the Anycast Endpoint option:
A new flag will be added to the PBR node endpoint “anycast”
leaf1# show system internal epm endpoint ip 192.168.50.50 MAC : a093.51ad.d35a ::: Num IPs : 1 IP# 0 : 192.168.50.50 ::: IP# 0 flags : ::: l3-sw-hit: No ::: flags2 : anycast| Vlan id : 2 ::: Vlan vnid : 9279 ::: VRF name : Test-B2:VRF-1 BD vnid : 16416680 ::: VRF vnid : 3047424 Phy If : 0x1a010000 ::: Tunnel If : 0 Interface : Ethernet1/17 Flags : 0x880004c04 ::: sclass : 16391 ::: Ref count : 5 EP Create Timestamp : 05/29/2023 19:28:34.438646 EP Update Timestamp : 05/29/2023 19:28:34.438646 EP Flags : local|anycast|IP|MAC|sclass|timer|
The local spine in a pod to learn the anycast IP/MAC from local leaf, and also keeps the same MAC/IP entry of the other pods as a backup path in COOP DB. The path to local attached anycast entry is always preferred.
This will avoid EP flap between pods while keeping the remote PBR service node EP as backup.