Top 15 Most Asked Cisco ACI Interview Questions and Answers

After creating a killer resume and clearing the HR round, it's time to face the final interview, the toughest one. We all are scared of what an interviewer will ask us, so it is always better to prepare beforehand for all the most asked technical questions. Here are the top 15 Cisco ACI Interview questions and answers.  

If you get a good command of all these questions, you will be a bona fide candidate for all the Cisco ACI interviewers. These questions are a combined effort of our technical team. 

Top 15 Most-Asked Cisco ACI Interview Questions and Answers

Let's start with ACI interview questions and answers without further delay. 

Question 1 - What is the hardware series we use for Application Centric Infrastructure? 

Answer: We have the Cisco Nexus 9000 series. In this, we mainly have Nexus 9500 Modular and Nexus 9300 Non-Modular series switches. One of the best ways is to use 9500 as spine and 9300 as Leaf Switches. 

Question 2 - What are the modes of operations in nexus 9000 series switches? 

Answer: We have two modes in which nexus 9K Switches can be used: NX-OS and ACI Mode. These are exclusive modes, meaning you cannot run both modes simultaneously in a switch. If you switch the mode, then the complete config will be deleted. 

Question 3 - What is CLOS architecture or ACI Spine-Leaf Architecture? 

Answer - This architecture was designed by Charles Clos. Applications are being deployed in a distributed fashion in the modern IT world, boosting east-west traffic. The requirements for high bandwidth and low latency cannot be met by conventional 3-Tier Data Centers. This is where the shortcomings of conventional network architecture are addressed by the Leaf-Spine 2-layer network topology (consisting of leaf switches and spine switches). 

The topology consists of spine switches (to which leaf switches connect) and leaf switches for connecting servers and storage. Every lower-tier switch (leaf layer) in this two-tier Clos design is linked to every top-tier switch (spine layer) in a full-mesh topology. 

Question 4 - What is the APIC controller in ACI? 

Answer: Cisco Application Policy Infrastructure Controller is referred to as APIC. The primary architectural element of the Cisco ACI solution is Cisco APIC. For the Cisco ACI fabric, policy enforcement, and health monitoring in both physical and virtual environments, it serves as a single point of automation and management. 

The controller controls and runs a scalable multitenant Cisco ACI fabric in addition to optimising performance. The APIC controller is the only point of control for ACI Fabric. For purposes of troubleshooting and verification, we also have the option to log into specific switches. 

Question 5 - In ACI mode deployment (Layer2/Layer3 fabric), how many Spine, Leaf Switches and FEX can be deployed? 

Answer: In L2 Fabric, we can use up to 80 Leaf Switches, 24 Spine Switches per Fabric (6 Spine per POD), 650 FEX per Fabric (20 FEX per leaf Switch) & 1000 Tenants can be created.  

In a large L3 Fabric, we can use up to 200 Leaf Switches, 24 Spine switches per Fabric (6 spines per POD), 650 FEX per Fabric (20 FEX per leaf Switch) & 3000 Tenants can be created. 

Question 6 - What are the benefits of Nexus ACI compared to traditional network solution/architecture? 

Answer: Below are the key benefits of ACI fabric – 

• By offering a central location to administer and enforce policies, ACI will enable network teams to streamline management and operations across the network. 
• Physical and virtual networks' health is being centrally monitored in real-time. 
• Repetitious procedures are automated, which lowers configuration errors. 
• Both real and virtual surroundings are irrelevant to ACI. 
• Flooding from the fabric is eliminated. 
• The template-based provisioning and automation features of ACI increase network adaptability, enable real-time monitoring of physical and virtual environments and consequently speed up troubleshooting. 
• Integration and compatibility with the hypervisor without the need to upgrade its software. 
• ACI is specifically designed with simple-to-configure GUI procedures for Data Centers needing multi-tenancy configuration (virtualized). 
• Competitive pricing for Nexus 9000 switching. 
• Traffic optimization that improves application performance. 
• It supports FEX and can function as a standard switch running NX-OS or in "ACI" mode. 
• With a GUI or REST API, a single point of provisioning. 
• ACI centralizes policy-based administration, makes it possible to automate monotonous operations to save man-hours and lowers mistake rates. 

Question 7 - What is the role of the APIC controller in ACI fabric? 

Answer - The Cisco ACI solution's primary architectural element is the infrastructure controller. 

• As the central hub for policy enforcement, health monitoring, and automation and management for the Cisco ACI fabric in both physical and virtual settings, APIC Controller enables administrators and network designers to create fully automated, multi-tenant networks that are scalable. 
• The primary role of Cisco APIC is to provide devices connected to Cisco ACI with policy authority and resolution techniques. 
• A multitenant Cisco ACI fabric that is scalable is managed and run by the controller. 
• Network administrators in ACI networks control the network through the APIC; they are no longer required to use the CLI on each node to configure or deploy network resources. 
• We can do monitoring of Tenant, Application and health monitoring of fabric devices. 
• As the primary points of management for the entire Cisco ACI fabric, Cisco APIC comes with both a CLI and a GUI. 
• It is very helpful in troubleshooting the issues in ACI fabric. 
• It integrates with third-party administration, virtualization, and Layer 4–7 services. 
• A framework that is open thanks to northbound and southbound APIs. 
• Scalable security can be offered for multitenant environments. 
• Additionally, Cisco APIC includes totally open APIs that allow users to deploy, operate, monitor, or debug the system via Representational State Transfer (REST)-based calls (using XML or JavaScript Object Notation [JSON]). 

Question 8 - What happens when all APIC controllers in fabric go down? 

Answer: If all the APIC controllers go down, then there won't be any outage in data forwarding of traffic. However, we cannot make any changes to the Fabric, and we need to bring up the APIC controller to be able to make new policies or monitor/troubleshoot the ACI fabric. 

Question 9 - Where do we connect servers in ACI Spine-Leaf Architecture? 

Answer: All endpoints, including the APIC controller, will only be connected to Leaf Switches. If you have one server connected to two leaf switches, you may form vPC (Virtual Port channel) at leaf switches. Here, we do not have any vPC Peer link between Leaf Switches because cisco architecture does not allow link connection between leaf and leaf switches. 

Question 10 - What is the Bridge domain in Cisco ACI? 

Answer: A Bridge Domain is a layer 2 construct in Cisco ACI Fabric. It must be part of VRF (Virtual Routing Forwarder).  

The bridge domain is like a container for subnets — it's used to define an L2 boundary, but not like a VLAN; in fact, it is a VXLAN, represented as VNI (VXLAN Network Identifier).  

If such flooding is enabled, the BD defines the unique Layer 2 MAC address space and a Layer 2 flood domain. It can carry multiple subnets in a single bridge domain, and Inter-subnet communication within the Bridge domain is enabled. 

We can create multiple Bridge Domains inside a single VRF and cannot link one BD to two different VRFs. Public, private, or shared bridge domains are all possible. Private bridge domains only apply within the tenancy, but public bridge domains allow the subnet to be exported to a routed connection. When a shared service is used, shared bridge domains can be exported to numerous VRFs both within and outside of the same tenant. 

Question 11 - What do you mean by Endpoint, End Point Group (EPG)? 

Answer: Endpoints are devices connected to the network directly or indirectly. They have an address, a location, and attributes (like version or patch level) and can be virtual or physical, e.g., Bare-metal server, Switch, Router, Firewall, IDS, IPS, etc. 

Endpoint groups, often known as EPGs, are collections of endpoints that represent individual applications or components of applications. An EPG is an object that represents a group of endpoints that share certain characteristics, such as EPG-web, EPG-DB, and EPG-App. 

Question 12 - What do you mean by Tenant? What are Common Tenant, Infrastructure Tenant, and MGMT Tenant? 

Answer – A Tenant is a secure and exclusive virtual computing environment and a logical unit of isolation from a policy perspective. However, it is not a private network, and the tenant is referred to as the largest logical unit or entity or the highest-level object for management in Cisco ACI. 

Tenant is like your business unit, department, or organization/company. Tenants may stand-in for a client in a service provider context, a company or domain in an enterprise setting, or simply a useful collection of rules. 

Tenants allow re-use of an IP Address space, i.e., multiple tenants can have identical IP Address schemas. Cisco ACI tenants can contain multiple private networks (VRF instances). One user-created tenant can't talk to another tenant. By default, ACI has three tenants: Common, Infra & Management.  

Tenant contains VRFs, BDs, Subnets, Application Profiles, EPGs, Subjects, Filters, and Contracts. 

1. Common Tenant – It is already set up to define the standards that ensure uniform behaviour for all tenants within the Fabric. All tenants have access to the policies outlined in the Common Tenant if necessary. 

2. Infrastructure Tenant – It is used for internal fabric communication. This tenant does not get exposed to the user tenant. This tenant takes care of all fabric discovery, image management, and DHCP for fabric operations. 

3. MGMT Tenant – It is preconfigured for host and fabric node in-band and out-of-band connectivity settings (leaf, spine & controllers). It offers simple ways to set up access controls for fabric nodes. 

Question 13 - What is Interface Policy in ACI? What happens if we do not create an Interface Policy in ACI? 

Answer: It is the policy we require for setting up protocols on Interfaces such as LACP, CDP, Storm Control, LLDP, Link-level for speed/duplex settings, NetFlow, Port Security, 802.1x port authentication and many more.  

If we do not create an Interface Policy in ACI, the default policy will be applicable, e.g. Default CDP, LLDP, and MCP policies will be applicable on interfaces. 

Question 14 - I have Trunk ports configured in one EPG. Can the access ports also be added in the same EPG? 

Answer - Yes, it can be configured. See the below snapshot; you can see that in the App EPG-1, we can see one port in the trunk, whereas the other is in access (untagged). 

Question 15 – Explain the concept of SHARDS? 

Answer - Sharding is a huge database technology that is used by the APIC cluster. The data sets produced and processed by the APIC benefit from the scalability and dependability of this technology. Similar to database shards, the data for APIC settings are divided into logically bounded portions called shards. 

A shard is a component of data management, and shards are handled in the following methods by the APIC: 

· Three replicas of each shard. 

· Even distribution of shards across the appliances that make up the APIC cluster. 

Each APIC appliance contains one or more shards. A static shard layout defines the assignment of shards to appliances, and the shard data assignments are based on a pre-set hash function. 

Now, before we wrap up this article, let's walk through a few other things: 

1. These are the top 15 Cisco ACI Interview questions and answers curated with the help of our experts. 

2. You can download the PDF containing more than 50 questions if you want more ACI interview questions. 

3. You should always follow basic interview etiquette, such as making eye contact, being polite, never arguing with an interviewer, etc. 

We hope this article was helpful for your interview and wish you all the best for the same. We came up a hybrid training program to teach our students all the trending technologies and skills to be job-ready. This program is Cisco Nexus + DC ACI, check it out to know more. 

Cisco ACI Interview Questions and Answers PDF

To download the Cisco ACI interview questions and answers pdf, just fill out the form below, and we will Email you the link to download the PDF. 

This PDF has 50+ most important Cisco ACI Interview Questions. 

FAQs 

Question 1 – What is Cisco ACI used for? 

Answer – Cisco ACI is a Software-defined networking solution used by organizations to improve security on-premises, both clouds (Private and Public), and Data Centers. It combines the scalability of hardware performance with software flexibility. 

Question 2 – How does ARP and broadcast handle ACI? 

Answer - ACI transforms ARP broadcast traffic into unicast traffic by default and sends it to the appropriate leaf node. If traditional ARP flooding is required, this option can be disabled. Because the mapping database needs to be filled with the IP addresses of the endpoints for the Unicast ARP to function, IP routing must be enabled. Hardware proxy also needs to be turned on. The hardware proxy and IP routing configuration must be set up as follows in order to be able to prevent ARP flooding: 

• Hardware proxy must be disabled in order to prevent ARP flooding from occurring. 
• ARP flooding cannot be turned off if hardware proxy is enabled but IP routing is off. 
• You can stop ARP flooding if IP routing and hardware proxy are both enabled. 

You might believe that silent hosts necessitate ARP flooding, however this isn't quite accurate. It is true that in order to disable ARP flooding, the mapping database has to know the IP address of the endpoint, hence IP routing must be enabled. By delivering ARP messages from the subnet IP address of the bridge domain, Cisco ACI may still resolve the endpoint IP address even if the endpoint has been silent. This function, known as ARP gleaning, necessitates that the bridge domain be set up with a subnet IP address. 

Question 3 – What is BD in Cisco ACI? 

Answer – BD in Cisco ACI stands for Bridge Domain. It is a layer 2 construct in Cisco ACI Fabric and must be part of VRF (Virtual Routing Forwarder). It is like a container for subnets.  

Question 4 – What is TEP address in ACI? 

Answer – TEP stands for Tunnel End Point. Every nexus node in the ACI fabric creates a tunnel with another node, and the virtual interfaces used to create these tunnels, use the Tunnel Endpoint Address as their IP Address.