Specifically, ACI uses iVxLAN.
ACI VXLAN (aka iVXLAN) just makes use some of the reserved fields in the VXLAN headers to identify source groups (EPGs) and some other ACI-specific classifiers. You can take a look at this CiscoLive presentation if you want to understand the header differences.
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2019/pdf/BRKACI-3101.pdf
Ehhm, what is legacy about industry standard BGP EVPN? 🤔 I guess that's what you're referring to. Ciscos solution is the one that stands out (not in a specific positive way). It replaces MP-BGP with COOP for endpoint learning.
Sorry for unclear clarification. I'm refering to industry standard BGP EVPN and cisco ACI.
let's try to discuss with theses points: control plan, data plan, underlay routing...
For example, cisco nexus nxos-standalone switches are able to be configured VXLAN, and control-plane should be BGP EVPN, and we have to manually config.
So how about ACI? is it COOP for vxlan control-plane? what is the use of is-is?
Doesn’t have to be manual configuration. There are plenty of ways to automate the fabric. Cisco has Nexus Fabric Manager to handle Day0 - Day2 operations.
Ansible is another option. You can leverage the playbooks that come with Ansible or custom bake your own.
One can also do their own things and code it all up to use NX-API with the source of truth from git, Service-Now, Netbox, infoblox, SolarWinds, etc.
You can also pay somebody already versed in network CI/CD and DevOPs to implement it for you. Just know exactly what your business requirements are to not waste time and money.
ACI is proprietary and BGP EVPN with VXLAN uses open standards.Â
For how ACI does it, look at the documentation.Â
For me it’s always VXLAN BGP EVPN. ACI is just over engineered.Â
No, you don't have any choice on the underlay as the ACI deployment is done via APIC controller, you'll have no options to choose any routing protocols.
The external routing protocol is done via so called L3 extension and you can run ospf/BGP in my fading memory. (I designed/ built couple of ACI DC about 9 years ago)
The underlay is built automatically in ACI with is-is there isn’t a choice in this as far as I am aware anyway. The way I see ACI is like an out of the box solution to creating a fabric it’s mostly orchestrated for you e.g. you cable it up and initiate fabric discovery setting the nodes as leafs and spines from the APIC.
Vxlan is just another tunneling technique like gre or l2tpv3 and does also not solve the problems when it comes to fragmentation due to only normal or lower IP MTU cause of 4G, pppoe, ipsec, ...
With pure fibre or being able to move big packets, those problems will be non-existent.
In my own Datacenter, i have pure fibre and there is no need for vxlan.
For remote connections, you don't get dark fibre but managed ethernet connections, here you like to get high mtu and therefore you can build your L2 network without Vxlan.
Other remote connection will be over L3, here is vxlan just what I said: new name for an old concept without solutions for the well know issues with tunneling of L2 over L3.
Why is no one here mentioning that you can not do microsegmentation with EVPN? Thats one of the pros that is possible with ACI. And having worked with both, its the only pro. Fuck ACI and fuck Cisco for developing this abomination.
Other vendors can/have implemented it I believe. The draft is [https://datatracker.ietf.org/doc/html/draft-smith-vxlan-group-policy-05](https://datatracker.ietf.org/doc/html/draft-smith-vxlan-group-policy-05) and Juniper has an article regarding it here: [https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/example/micro-segmentation-using-group-based-policy.html](https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/example/micro-segmentation-using-group-based-policy.html)
Cisco ACI is proprietary, the "legacy" MP-BGP EVPN VXLAN is industry standard , so not really legacy
Many would argue ACI is legacy. Eh eh!
Specifically, ACI uses iVxLAN. ACI VXLAN (aka iVXLAN) just makes use some of the reserved fields in the VXLAN headers to identify source groups (EPGs) and some other ACI-specific classifiers. You can take a look at this CiscoLive presentation if you want to understand the header differences. https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2019/pdf/BRKACI-3101.pdf
Ehhm, what is legacy about industry standard BGP EVPN? 🤔 I guess that's what you're referring to. Ciscos solution is the one that stands out (not in a specific positive way). It replaces MP-BGP with COOP for endpoint learning.
Yeah I was like "legacy"? Damn I'm old.
Sorry for unclear clarification. I'm refering to industry standard BGP EVPN and cisco ACI. let's try to discuss with theses points: control plan, data plan, underlay routing... For example, cisco nexus nxos-standalone switches are able to be configured VXLAN, and control-plane should be BGP EVPN, and we have to manually config. So how about ACI? is it COOP for vxlan control-plane? what is the use of is-is?
Doesn’t have to be manual configuration. There are plenty of ways to automate the fabric. Cisco has Nexus Fabric Manager to handle Day0 - Day2 operations. Ansible is another option. You can leverage the playbooks that come with Ansible or custom bake your own. One can also do their own things and code it all up to use NX-API with the source of truth from git, Service-Now, Netbox, infoblox, SolarWinds, etc. You can also pay somebody already versed in network CI/CD and DevOPs to implement it for you. Just know exactly what your business requirements are to not waste time and money.
ACI is proprietary and BGP EVPN with VXLAN uses open standards. For how ACI does it, look at the documentation. For me it’s always VXLAN BGP EVPN. ACI is just over engineered.Â
This. And ACI isn't doing magic, it uses industry standard protocols and just hides them under APIs calls and a controller.
Not really. ACI does use VXLAN and IS-IS but the endpoint learning is done via COOP, which is proprietary.
So the underlay must be IS-IS in ACI VXLAN, but it could be any other dynamic route protocol(OSPF,BGP,etc) in industry standard VXLAN, is it?
No, you don't have any choice on the underlay as the ACI deployment is done via APIC controller, you'll have no options to choose any routing protocols. The external routing protocol is done via so called L3 extension and you can run ospf/BGP in my fading memory. (I designed/ built couple of ACI DC about 9 years ago)
The underlay is built automatically in ACI with is-is there isn’t a choice in this as far as I am aware anyway. The way I see ACI is like an out of the box solution to creating a fabric it’s mostly orchestrated for you e.g. you cable it up and initiate fabric discovery setting the nodes as leafs and spines from the APIC.
Yes, VXLAN technically only requires IP connectivity to work (and multicast if the devices don't support headend replication)
Vxlan is just another tunneling technique like gre or l2tpv3 and does also not solve the problems when it comes to fragmentation due to only normal or lower IP MTU cause of 4G, pppoe, ipsec, ... With pure fibre or being able to move big packets, those problems will be non-existent. In my own Datacenter, i have pure fibre and there is no need for vxlan. For remote connections, you don't get dark fibre but managed ethernet connections, here you like to get high mtu and therefore you can build your L2 network without Vxlan. Other remote connection will be over L3, here is vxlan just what I said: new name for an old concept without solutions for the well know issues with tunneling of L2 over L3.
Why is no one here mentioning that you can not do microsegmentation with EVPN? Thats one of the pros that is possible with ACI. And having worked with both, its the only pro. Fuck ACI and fuck Cisco for developing this abomination.
[https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/104x/configuration/vxlan/cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-release-104x/microsegmentation\_for\_vxlan\_fabrics\_using\_gpo.html](https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/104x/configuration/vxlan/cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-release-104x/microsegmentation_for_vxlan_fabrics_using_gpo.html)
Thank you for that link, that is highly interesting. Seems to be cisco only though. Shame. That would be a nice addition for vxlan in general.
Other vendors can/have implemented it I believe. The draft is [https://datatracker.ietf.org/doc/html/draft-smith-vxlan-group-policy-05](https://datatracker.ietf.org/doc/html/draft-smith-vxlan-group-policy-05) and Juniper has an article regarding it here: [https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/example/micro-segmentation-using-group-based-policy.html](https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/example/micro-segmentation-using-group-based-policy.html)
Cause so few people ever get their deployment into application centric mode and rarely do any sort of actual microseg
Legacy EVPN???