ACI Resolution Immediacy and Deployment Immediacy Explained
When an VMM domain is associated to the EPG, ACI gives the ability to define a Resolution Immediacy (Aka VLAN creation on Leafs) and Deployment Immediacy (Aka Contract Deployment on the leafs).
When the Policies are configured in ACI, first, they are stored to the SSD on the leaf switches, and the programming of the configuration on the switches will be dependent on the following Resolution and Deployment options:
I- Resolution immediacy
Resolution Immediacy Determines when Policies (VLAN, VXLAN binding, contracts, or filters …) should be Downloaded and pushed to the Leafs.
You have three possible choices for resolution immediacy:
- Pre-provision: The VLAN is deployed on all leaf interfaces related to the AAEP associated to the VMM domain regardless of VM controller of hypervisor status.
It is convenient if the used AAEP is dedicated for VMM, in simple words, only has interfaces connected to ESXI hosts which are part of the ACI-managed VDS, or for testing purposes: if LLDP/CDP not working properly.
- Immediate: The VLAN will be deployed on leaf interfaces only when hypervisors are detected through LLDP or CDP.
Detected means the following LLDP/CDP information need to match:
1- The LLDP/CDP information from leaf switch
2- The LLDP/CDP information from the VM controller (vsphere vcenter in case of VMware) to ensure that the hypervisor and leaf switches are connected correctly.
Below is an overview on it works:
LLDP or CDP is exchanged between Hosts and Leaf switches -> Hosts Report Adjacency Info to vcenter -> vCenter Notifies APIC of Adjacency Info -> APIC pushed Policy to Leaf/Port
Both need to match in order to ensure that the hypervisor and leaf switches are connected correctly.
In case there is an intermediate device between Leafs and the Hosts for example Cisco UCS Fabric Interconnect, both leaf interface and hypervisor uplink should show the same Cisco UCS Fabric Interconnect in its CDP or LLDP information:
– APIC will get Host LLDP or CDP Information from VC but it will show Blade Switch Adjacency
– Leaf switches will see LLDP or CDP from Blade Switch, a class name created: “fabricLooseNode”
The id (also dn) for this object include the management IP of the FI (Fabric Interconnect)
APIC will stitch LLDP information from leaf switches and LLDP information from VC. If it matches (depends on management IP of FI), then the dynamic policy will be pushed to the leafs.
- On Demand: VLAN will be deployed on leaf interfaces only when:
1- Hosts are detected via LLDP/CD (basically immediate)
2- At least one VM is associated to the EPG corresponding port group.
II- Deployment immediacy
Once the policies are downloaded to the leaf software, Deployment Immediacy can specify when the policy is pushed into the hardware policy Content-Addressable Memory (CAM).
Deployment Immediacy define when the policies are programmed/pushed into the hardware TCAM:
- Immediate: The policy is programmed in the TCAM once the policy is downloaded in the leaf software.
- On Demand: the policy is programmed in the TCAM only when the first packet is received through the data path.
On Demand can be useful when TCAM resources need to be optimized on the leaf.
III- Deployed objects on the leaf
- Once deployed, VMM Learn in EPG triggers “Dynamic Path”: fvDyPathAtt Object pushed to leaf where Host attaches.
- In case of Pre-Provision: Path and VLAN Deployment get pushed to every leaf/interface tied to AEP using fvAttEntityPathAtt Object, the interfaces paths are defined with fvRsStPathAtt
- VLAN is mapped to interfaces using connection object: fvIfConn
IV – When Policy is removed
For On-Demand and Immediate:
- If No VM’s exist in VMWare PortGroup
AND
LLDP/CDP goes away from host
AND
VM Traffic Stops and Ages Out - If Interface is Removed From AEP
For Pre-Provision:
- If VMM Domain is Removed From EPG
- If interface is removed from AEP
Reference: Cisco Live
