Cisco ACI Leaf Switches: MacSec, CloudSec, Telemetry

Cisco Nexus 9300 leaf switches for ACI fabric


cisco aci leaf switches
Cisco ACI Leaf Switches support the Cisco ACI (Application Centric Infrastructure) spine-and-leaf solution via Nexus 9300 series leaf switches running in ACI mode. These leaf switches typically allow for a combination of 1, 10, 25, 40 and 50G access and up to 100G uplinks to the spine.

Newer switches support line-rate MAC security (MACsec), VTEP-to-VTEP encryption (CloudSec) and telemetry. Enhanced buffers are achieved through Approximate Fair Drop (AFD) for active queue management and Dynamic Packet Prioritization (DPP) to ensure flows are serviced as fast as possible

The Cisco ACI leaf switches are automatically discovered by the ACI APIC controller once directly connected to the spine. Using automatic LLDP and DHCP based fabric discovery, the switches are registered in the cluster for firmware installation, configuration and VXLAN tunnel endpoint (VTEP) address assignment.

Be aware that the first generation (2013-2015) leaf switches supporting an application centric configuration (host gateway in fabric) will show a “duplicate hop” in a trace route due to the dual ASIC architecture.

Cisco ACI Leaf switch commands are critical to troubleshooting. Using the ELAM packet capture utility can quickly get you out of a pinch with little effort.

See also:
Cisco ACI ELAM Packet Capture
Cisco ACI Troubleshooting: icURL
Cisco ACI Python Cobra Examples
Cisco ACI Troubleshooting: Moquery