Cisco ACI Multi-Site Release Notes,
Release 2.0(1)
This document describes the features, caveats, and limitations for the Cisco Application Centric Infrastructure (ACI) Multi-Site software.
The Cisco ACI Multi-Site is an architecture that allows the application to define the networking requirements in a programmatic way. This architecture simplifies, optimizes, and accelerates the entire application deployment life cycle.
The Cisco ACI Multi-Site Fundamentals guide provides complete details about the Cisco ACI Multi-Site, including a glossary of terms that are used in the Cisco ACI Multi-Site.
Additional product documentation is listed in the "Related Documentation" section.
You can watch videos that demonstrate how to perform specific tasks in the Cisco ACI Multi-Site on the Cisco ACI YouTube channel:
https://www.youtube.com/c/CiscoACIchannel
Table 1 Online History Change
Date |
Description |
July 20, 2020 |
Additional open caveat CSCvu23330. |
October 24, 2018 |
Release 2.0(1c) became available. |
January 8, 2019 |
Updated the Open Caveats section with CSCvn26235. |
March 8, 2019 |
Updated Usage Guidelines, DHCP relay for bridge domains that are stretched across sites is not supported. |
This document includes the following sections:
■ Compatibility Information and Hardware Requirements
■ Cisco ACI Multi-Site and Cisco APIC Compatibility Matrix
■ Caveats
■ This release supports the hardware listed in the Cisco ACI Multi-Site Hardware Requirements Guide.
■ Cisco ACI Multi-Site, Release 2.0(1) is compatible with Cisco APIC, Release 4.0(1).
This section lists the new and changed features in this release and includes the following topics:
Cisco ACI Multi-Site, Release 2.0(1) supports the following new features.
Feature |
Description |
Two-Node Service Graphs |
Cisco ACI Multi-Site now supports two-node service integration with firewall and load-balancer. For more information, see Cisco ACI Multi-Site Service Integration. |
Enhanced Upgrade and Downgrade Scripts |
Cisco ACI Multi-Site Orchestrator upgrade and downgrade Python scripts have been updated to simplify the upgrade and downgrade procedures. For more information, see Cisco ACI Multi-Site Orchestrator Installation and Upgrade Guide. |
ACI CloudSec Encryption |
Cisco ACI CloudSec Encryption feature has been added to provide site-to-site traffic encryption. For more information, see Cisco ACI CloudSec Encryption. |
External EPG with Shared L3Out |
Cisco ACI Multi-Site now supports consumer and provider EPGs in different VRFs and with L3Out External EPG as a provider or consumer. For more information, see Cisco ACI Multi-Site Use Cases. |
Layer 3 Multicast Across Sites |
Added support for Layer 3 multicast across sites as a limited availability feature in Release 2.0(1). If you plan to enable this feature in your production environment, please consult Cisco for deployment planning and validation. For more information, see Schema Management. |
Cisco ACI Multi-Site, Release 2.0(1) supports the following new hardware:
■ N9K-C9332C
■ N9K-C93240YC-FX2
Complete list of supported hardware is available in the Cisco ACI Multi-Site Hardware Requirements Guide.
There are no new changes in behavior in this release.
This section lists usage guidelines for the Cisco ACI Multi-Site software.
■ In Cisco ACI Multi-Site topologies, we recommend that First Hop Routing protocols such as HSRP/VRRP are not stretched across sites.
■ HTTP requests are redirected to HTTPS and there is no HTTP support globally or per user basis.
■ Up to 10 interconnected sites are supported.
■ Site local bridge domain with a shared service relation to an L3Out cannot be stretched.
A bridge domain that is associated with an L3Out in a shared service configuration cannot be stretched to multiple sites.
■ Shared service configuration is not supported for L3Outs.
You cannot have an L3out that is either providing or consuming a contract from a VRF that is different from its own VRF. Cisco ACI Multi-Site does not create l3extInstP mappings. Therefore, intersite L3Out communication across VRFs is not supported.
■ Proxy ARP glean and unknown unicast flooding are not supported together.
Unknown Unicast Flooding and ARP Glean are not supported together in Cisco ACI Multi-Site across sites.
■ Bridge domain "Flood in Encapsulation" options are not supported with Cisco ACI Multi-Site.
■ Spanning tree should never be run across multiple sites or within a Cisco ACI fabric.
■ GOLF and tenant L3Outs must be dedicated (not shared).
Each site must deploy a local L3Out connection. When configuring L3Outs for various sites, each L3Out must be dedicated (not shared).
■ If you plan to configure GOLF in addition to Cisco ACI Multi-Site, they both need separate L3Out policies to the IPN, but they can share a physical interface, as long as the same interface IP address is used.
■ VMM and physical domains must be configured in the Cisco APIC GUI at the site and will be imported and associated within the Cisco ACI Multi-Site.
Although domains (VMM and physical) must be configured in Cisco APIC, domain associations can be configured in the Cisco APIC or Cisco ACI Multi-Site.
■ Some VMM domain options must be configured in the Cisco APIC GUI.
The following VMM domain options must be configured in the Cisco APIC GUI at the site:
— NetFlow/EPG CoS marking in a VMM domain association
— Encapsulation mode for an AVS VMM domain
■ L3Outs must be configured in the Cisco APIC GUI, for each site.
Although tenant L3Outs and L3extInstPs must be created in the Cisco APIC GUI for each site, network mappings between them are configured in the Cisco ACI Multi-Site GUI.
NOTE: The subnet in the L3extInstP must be the same for all inter-related sites (and variable length network masks are not supported).
■ Some uSeg EPG attribute options must be configured in the Cisco APIC GUI.
The following uSeg EPG attribute options must be configured in the Cisco APIC GUI at the site:
— Sub-criteria under uSeg attributes
— match-all and match-any criteria under uSeg attributes
■ Site IDs must be unique.
In Cisco ACI Multi-Site, site IDs must be unique.
■ To change an Cisco APIC fabric ID, you must erase and reconfigure the fabric.
Cisco APIC fabric IDs cannot be changed. To change a Cisco APIC fabric ID, you must erase the fabric configuration and reconfigure it.
■ Caution: When removing a spine switch port from the Cisco ACI Multi-Site infrastructure, perform the following steps:
1. Click Sites.
2. Click Configure Infra.
3. Click the site where the spine switch is located.
4. Click the spine switch.
5. Click the x on the port details.
6. Click Apply.
■ Shared services use case: order of importing tenant policies
When deploying a provider site group and a consumer site group for shared services by importing tenant policies, deploy the provider tenant policies before deploying the consumer tenant policies. This enables the relation of the consumer tenant to the provider tenant to be properly formed.
■ Caution for shared services use case when importing a tenant and stretching it to other sites
When you import the policies for a consumer tenant and deploy them to multiple sites, including the site where they originated, a new contract is deployed with the same name (different because it is modified by the inter-site relation). To avoid confusion, delete the original contract with the same name on the local site. In the Cisco APIC GUI, the original contract can be distinguished from the contract that is managed by Cisco ACI Multi-Site, because it is not marked with a cloud icon.
■ Shadow EPGs and BDs in shared services use case with contract relation between different VRFs, when EPGs or BDs are site local
When the EPGs in the Shared Services use case provider site group and consumer site group are in different VRFs and communicate through global contracts, the EPGs and bridge domains (BDs) deployed to one group of sites are mirrored in the other group of sites, so that in all these Cisco APIC sites they appear to be deployed, when they were actually deployed in only one of the site groups. These mirrored objects are known as "shadow EPGs or BDs".
For example, if the provider site group tenant and VRF are stretched across Site 1 and Site 2, and the consumer site group tenant and VRF are stretched across Site 3 and Site 4, in the Cisco APIC GUI at Site 1, Site 2, Site 3, and Site 4, you can see both tenants and their policies. They appear with the same names as the ones that were deployed directly to each site. This is expected behavior and the shadow objects should not be removed.
For more information, see the Schema Managemnet chapter in the Cisco ACI Multi-Site Configuration Guide.
■ DHCP relay for bridge domains that are stretched across sites is not supported.
■ Inter-site traffic cannot transit sites.
Site traffic cannot transit sites on the way to another site. For example, when Site 1 routes traffic to Site 3, it cannot be forwarded through Site 2.
■ The Cisco ACI Multi-Site GUI includes video demonstrations on the Cisco ACI YouTube channel:
https://www.youtube.com/c/CiscoACIchannel
■ The ? icon in Cisco ACI Multi-Site opens the menu for Show Me How modules, which provide step-by-step help through specific configurations.
— If you deviate while in progress of a Show Me How module, you will no longer be able to continue.
— You must have IPv4 enabled to use the Show Me How modules.
■ User passwords must meet the following criteria:
— Minimum length is 8 characters
— Maximum length is 64 characters
— Fewer than three consecutive repeated characters
— At least three of the following character types: lowercase, uppercase, digit, symbol
— Cannot be easily guessed
— Cannot be the username or the reverse of the username
— Cannot be any variation of "cisco", "isco", or any permutation of these characters or variants obtained by changing the capitalization of letters therein
■ If you are associating a contract with the external EPG, as provider, choose contracts only from the tenant associated with the external EPG. Do not choose contracts from other tenants. If you are associating the contract to the external EPG, as consumer, you can choose any available contract.
■ You cannot use remote leaf switches with Cisco ACI Multi-Site.
■ Policy objects deployed from ACI Multi-Site software should not be modified or deleted from any site-APIC. If any such operation is performed, schemas have to be re-deployed from ACI Multi-Site software.
For the verified scalability limits (except the CLI limits), see the Verified Scalability Guide for this release.
You can access these documents from the following website:
This section contains lists of open and resolved caveats and known behaviors.
This section lists the open caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug. If a caveat is fixed in a patch of this release, the "Fixed In" column of the tables specifies the release.
Table 4 Open Caveats in the 2.0(1) Release
Bug ID |
Description |
In multisite environment the instantiation of the service graph fails with fault F1690 |
|
BGP Sessions do not come up after BGP peer Disable/Enable trigger. |
|
Multi-Site Orchestrator tenant import fails for tenants with multiple L3Outs with the same external network. |
|
Multi-Site Orchestrator is unable to push schema changes via REST API due to inter-service communication failure. |
|
Multi-Site Orchestrator’s MongoDB can fall out of sync and become stuck in “recovering” state. |
|
Connecting a bridge domain to a local L3Out results in incorrect error messages. |
This section lists the resolved caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
There are no new resolved caveats in the 2.0(1) release.
This section lists caveats that describe known behaviors. Click the Bug ID to access the Bug Search Tool and see additional information about the bug.
The following table lists the known behaviors in the 2.0(1) release.
Table 4 Known behaviors in the 2.0(1) Release
Bug ID |
Description |
For Cisco ACI Multi-Site, Fabric IDs Must be the Same for All Sites, or the Querier IP address Must be Higher on One Site The Cisco APIC fabric querier functions have a distributed architecture, where each leaf switch acts as a querier, and packets are flooded. A copy is also replicated to the fabric port. There is an Access Control List (ACL) configured on each TOR to drop this query packet coming from the fabric port. If the source MAC address is the fabric MAC address, unique per fabric, then the MAC address is derived from the fabric-id. The fabric ID is configured by users during initial bring up of a pod site. In the Cisco ACI Multi-Site Stretched BD with Layer 2 Broadcast Extension use case, the query packets from each TOR get to the other sites and should be dropped. If the fabric-id is configured differently on the sites, it is not possible to drop them. To avoid this, configure the fabric IDs the same on each site, or the querier IP address on one of the sites should be higher than on the other sites. |
|
STP and "Flood in Encapsulation" Option are not Supported with Cisco ACI Multi-Site In Cisco ACI Multi-Site topologies, regardless of whether EPGs are stretched between sites or localized, STP packets do not reach remote sites. Similarly, the "Flood in Encapsulation" option is not supported across sites. In both cases, packets are encapsulated using an FD VNID (fab-encap) of the access VLAN on the ingress TOR. It is a known issue that there is no capability to translate these IDs on the remote sites. |
|
Proxy ARP is not supported in Cisco ACI Multi-Site Stretched BD without Flooding use case Unknown Unicast Flooding and ARP Glean are not supported together in Cisco ACI Multi-Site across sites. |
|
If an infra L3Out that is being managed by Cisco ACI Multi-Site is modified locally in a Cisco APIC, Cisco ACI Multi-Site might delete the objects not managed by Cisco ACI Multi-Site in an L3Out. |
The Cisco Application Centric Infrastructure Multi-Site documentation can be accessed from the following website:
The documentation includes installation, upgrade, configuration, programming, and troubleshooting guides, technical references, release notes, and knowledge base (KB) articles, as well as other documentation. KB articles provide information about a specific use case or a specific topic.
By using the "Choose a topic" and "Choose a document type" fields of the Cisco APIC documentation website, you can narrow down the displayed documentation list to make it easier to find the desired document.
The following tables describe the core Cisco Application Centric Infrastructure Multi-Site documentation.
Table 5 Cisco ACI Multi-Site documentation
Description |
|
Cisco ACI Multi-Site Release Notes |
Provides release information for the Cisco ACI Multi-Site Orchestrator product. |
Cisco ACI Multi-Site Fundamentals Guide |
Provides basic concepts and capabilities of the Cisco ACI Multi-Site. |
Cisco ACI Multi-Site Hardware Requirements Guide |
Provides the hardware requirements and compatibility. |
Cisco ACI Multi-Site Installation Guide |
Describes how to install Cisco ACI Multi-Site Orchestrator and perform day-0 operations. |
Cisco ACI Multi-Site Configuration Guide |
Describes steps that you must perform to configure your Cisco ACI Multi-Site. |
Cisco ACI Multi-Site REST API Configuration Guide |
Describes how to use the Cisco ACI Multi-Site REST APIs. |
Cisco ACI Multi-Site Troubleshooting Guide |
Describes how to troubleshoot common Cisco ACI Multi-Site issues. |
There are no new Cisco ACI Multi-Site product documents for this release.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2018-2019 Cisco Systems, Inc. All rights reserved.