Christmas Offer - Every Learner Must Check Out - Flat 88% OFF on All Access Pass
00
days
:
00
hours
:
00
minutes
:
00
seconds
PyNet Labs- Network Automation Specialists

Top 20 Cisco ACI Interview Questions and Answers – 2024

Author : Saraswati
Last Modified: September 11, 2024 
Date: July 20, 2022
ACI Interview Questions and Answers Featured Image

Table of Contents

Introduction

After creating a killer resume and clearing the HR round, it’s time to face the final interview, the toughest one. We all are scared of what an interviewer will ask us, so it is always better to prepare beforehand for all the most asked technical questions. Here are the top 20 Cisco ACI Interview questions and answers.  

If you get a good command of all these questions, you will be a bona fide candidate for all the Cisco ACI interviewers. These questions are a combined effort of our technical team.

About Cisco ACI (Application Centric Infrastructure)

Cisco ACI is an SDN solution that offers data center network policy-based architecture, scalability, and security. Its primary objective is to reduce hassles that are usually encountered in managing complex networks, enhance the performance of the applications that are operated on the networks, and lower the expenses that are required in the management of the networks.

ACI is built with an overlapping system of a spine-leaf architecture, where there’s a master central node referred to as the Application Policy Infrastructure Controller (APIC). ACI is compatible with numerous Cisco products such as Nexus switches and works with different protocols such as BGP or OSPF and VXLAN.

As a software-defined solution, Cisco ACI is implemented in enterprise data center networks, service provider networks, cloud infrastructure, and the corporate campus to allow for application-aware, policy-based connectivity of physical and virtual devices.

Now, let’s look at some of the most asked basic Cisco ACI Interview questions with their answers.

Basic Cisco ACI Interview Questions and Answers

Let’s start with some basic ACI interview questions and answers without further delay.

Q1 – What is the hardware series we use for Application Centric Infrastructure? 

We have the Cisco Nexus 9000 series. In this, we mainly have Nexus 9500 Modular and Nexus 9300 Non-Modular series switches. One of the best ways is to use 9500 as spine and 9300 as Leaf Switches.

Q2 – What are the modes of operations in nexus 9000 series switches?

We have two modes in which nexus 9K Switches can be used: NX-OS and ACI Mode. These are exclusive modes, meaning you cannot run both modes simultaneously in a switch. If you switch the mode, then the complete config will be deleted.

Q3 – What is CLOS architecture or ACI Spine-Leaf Architecture?

This architecture was designed by Charles Clos. Applications are being deployed in a distributed fashion in the modern IT world, boosting east-west traffic. The requirements for high bandwidth and low latency cannot be met by conventional 3-Tier Data Centers. This is where the shortcomings of conventional network architecture are addressed by the Leaf-Spine 2-layer network topology (consisting of leaf switches and spine switches).

The topology consists of spine switches (to which leaf switches connect) and leaf switches for connecting servers and storage. Every lower-tier switch (leaf layer) in this two-tier Clos design is linked to every top-tier switch (spine layer) in a full-mesh topology.

Q4 – What is the APIC controller in ACI?

Cisco Application Policy Infrastructure Controller is referred to as APIC. The primary architectural element of the Cisco ACI solution is Cisco APIC. For the Cisco ACI fabric, policy enforcement, and health monitoring in both physical and virtual environments, it serves as a single point of automation and management.

The controller controls and runs a scalable multitenant Cisco ACI fabric in addition to optimising performance. The APIC controller is the only point of control for ACI Fabric. For purposes of troubleshooting and verification, we also have the option to log into specific switches.

Q5 – In ACI mode deployment (Layer2/Layer3 fabric), how many Spine, Leaf Switches and FEX can be deployed?

In L2 Fabric, we can use up to 80 Leaf Switches, 24 Spine Switches per Fabric (6 Spine per POD), 650 FEX per Fabric (20 FEX per leaf Switch) & 1000 Tenants can be created.

In a large L3 Fabric, we can use up to 200 Leaf Switches, 24 Spine switches per Fabric (6 spines per POD), 650 FEX per Fabric (20 FEX per leaf Switch) & 3000 Tenants can be created.

Q6 – What are the benefits of Nexus ACI compared to traditional network solution/architecture?

Below are the key benefits of ACI fabric –

  • By offering a central location to administer and enforce policies, ACI will enable network teams to streamline management and operations across the network.
  • Physical and virtual networks’ health is being centrally monitored in real-time.
  • Repetitious procedures are automated, which lowers configuration errors.
  • Both real and virtual surroundings are irrelevant to ACI.
  • Flooding from the fabric is eliminated.
  • The template-based provisioning and automation features of ACI increase network adaptability, enable real-time monitoring of physical and virtual environments and consequently speed up troubleshooting.
  • Integration and compatibility with the hypervisor without the need to upgrade its software.
  • ACI is specifically designed with simple-to-configure GUI procedures for Data Centers needing multi-tenancy configuration (virtualized).
  • Competitive pricing for Nexus 9000 switching.
  • Traffic optimization that improves application performance.
  • It supports FEX and can function as a standard switch running NX-OS or in “ACI” mode.
  • With a GUI or REST API, a single point of provisioning.
  • ACI centralizes policy-based administration, makes it possible to automate monotonous operations to save man-hours and lowers mistake rates.

Q7 – What is the role of the APIC controller in ACI fabric?

The Cisco ACI solution’s primary architectural element is the infrastructure controller.

  • As the central hub for policy enforcement, health monitoring, and automation and management for the Cisco ACI fabric in both physical and virtual settings, APIC Controller enables administrators and network designers to create fully automated, multi-tenant networks that are scalable.
  • The primary role of Cisco APIC is to provide devices connected to Cisco ACI with policy authority and resolution techniques.
  • A multitenant Cisco ACI fabric that is scalable is managed and run by the controller.
  • Network administrators in ACI networks control the network through the APIC; they are no longer required to use the CLI on each node to configure or deploy network resources.
  • We can do monitoring of Tenant, Application and health monitoring of fabric devices.
  • As the primary points of management for the entire Cisco ACI fabric, Cisco APIC comes with both a CLI and a GUI.
  • It is very helpful in troubleshooting the issues in ACI fabric.
  • It integrates with third-party administration, virtualization, and Layer 4–7 services.
  • A framework that is open thanks to northbound and southbound APIs.
  • Scalable security can be offered for multitenant environments.
  • Additionally, Cisco APIC includes totally open APIs that allow users to deploy, operate, monitor, or debug the system via Representational State Transfer (REST)-based calls (using XML or JavaScript Object Notation [JSON]).

Q8 – What happens when all APIC controllers in fabric go down?

If all the APIC controllers go down, then there won’t be any outage in data forwarding of traffic. However, we cannot make any changes to the Fabric, and we need to bring up the APIC controller to be able to make new policies or monitor/troubleshoot the ACI fabric.

Q9 – Where do we connect servers in ACI Spine-Leaf Architecture?

All endpoints, including the APIC controller, will only be connected to Leaf Switches. If you have one server connected to two leaf switches, you may form vPC (Virtual Port channel) at leaf switches. Here, we do not have any vPC Peer link between Leaf Switches because cisco architecture does not allow link connection between leaf and leaf switches.

Q10 – What is the Bridge domain in Cisco ACI?

A Bridge Domain is a layer 2 construct in Cisco ACI Fabric. It must be part of VRF (Virtual Routing Forwarder).

The bridge domain is like a container for subnets — it’s used to define an L2 boundary, but not like a VLAN; in fact, it is a VXLAN, represented as VNI (VXLAN Network Identifier).

If such flooding is enabled, the BD defines the unique Layer 2 MAC address space and a Layer 2 flood domain. It can carry multiple subnets in a single bridge domain, and Inter-subnet communication within the Bridge domain is enabled.

We can create multiple Bridge Domains inside a single VRF and cannot link one BD to two different VRFs. Public, private, or shared bridge domains are all possible. Private bridge domains only apply within the tenancy, but public bridge domains allow the subnet to be exported to a routed connection. When a shared service is used, shared bridge domains can be exported to numerous VRFs both within and outside of the same tenant.

These are the top basic Cisco ACI Interview Questions. Let’s move on some advanced questions.

Advanced Cisco ACI Interview Questions and Answers

Here are the top advanced Cisco ACI Interview questions with answers:

Q11 – What do you mean by Endpoint, End Point Group (EPG)?

Endpoints are devices connected to the network directly or indirectly. They have an address, a location, and attributes (like version or patch level) and can be virtual or physical, e.g., Bare-metal server, Switch, Router, Firewall, IDS, IPS, etc.

Endpoint groups, often known as EPGs, are collections of endpoints that represent individual applications or components of applications. An EPG is an object that represents a group of endpoints that share certain characteristics, such as EPG-web, EPG-DB, and EPG-App.

Q12 – What do you mean by Tenant? What are Common Tenant, Infrastructure Tenant, and MGMT Tenant?

A Tenant is a secure and exclusive virtual computing environment and a logical unit of isolation from a policy perspective. However, it is not a private network, and the tenant is referred to as the largest logical unit or entity or the highest-level object for management in Cisco ACI.

Tenant is like your business unit, department, or organization/company. Tenants may stand-in for a client in a service provider context, a company or domain in an enterprise setting, or simply a useful collection of rules.

Tenants allow re-use of an IP Address space, i.e., multiple tenants can have identical IP Address schemas. Cisco ACI tenants can contain multiple private networks (VRF instances). One user-created tenant can’t talk to another tenant. By default, ACI has three tenants: Common, Infra & Management.

Tenant contains VRFs, BDs, Subnets, Application Profiles, EPGs, Subjects, Filters, and Contracts.

  1. Common Tenant – It is already set up to define the standards that ensure uniform behaviour for all tenants within the Fabric. All tenants have access to the policies outlined in the Common Tenant if necessary.
  1. Infrastructure Tenant – It is used for internal fabric communication. This tenant does not get exposed to the user tenant. This tenant takes care of all fabric discovery, image management, and DHCP for fabric operations.
  1. MGMT Tenant – It is preconfigured for host and fabric node in-band and out-of-band connectivity settings (leaf, spine & controllers). It offers simple ways to set up access controls for fabric nodes.

Q13 – What is Interface Policy in ACI? What happens if we do not create an Interface Policy in ACI?

It is the policy we require for setting up protocols on Interfaces such as LACP, CDP, Storm Control, LLDP, Link-level for speed/duplex settings, NetFlow, Port Security, 802.1x port authentication and many more.

If we do not create an Interface Policy in ACI, the default policy will be applicable, e.g. Default CDP, LLDP, and MCP policies will be applicable on interfaces.

Q14 – I have Trunk ports configured in one EPG. Can the access ports also be added in the same EPG?

Yes, it can be configured. See the below snapshot; you can see that in the App EPG-1, we can see one port in the trunk, whereas the other is in access (untagged).

Trunk Ports configured in one EPG

Q15 – Explain the concept of SHARDS?

Sharding is a huge database technology that is used by the APIC cluster. The data sets produced and processed by the APIC benefit from the scalability and dependability of this technology. Similar to database shards, the data for APIC settings are divided into logically bounded portions called shards.

A shard is a component of data management, and shards are handled in the following methods by the APIC:

  • Three replicas of each shard.
  • Even distribution of shards across the appliances that make up the APIC cluster.

Each APIC appliance contains one or more shards. A static shard layout defines the assignment of shards to appliances, and the shard data assignments are based on a pre-set hash function.

Q16 – What routing protocol is used for communication between ACI Spine and Leaf switches?

The routing protocol used for internal communication between ACI Spine and Leaf switches is ISIS or Intermediate System to Intermediate System. ISIS is a routing protocol that enables the Spine and Leaf switches to communicate with each other and share information about the network. It is used in creating a loop-free network and to enable the data packets to pass between the Spine and the Leaf switches in an efficient manner.

ISIS is a protocol that is reliable and efficient in the sense that it aids in the efficient running of the ACI network.

Q17 – What is the difference between multiport and multisite?

The main difference between multiport and multiside are:

FactorsCisco ACI MULTI-PODCisco ACI MULTI-SITE
ManagementCentral management domain for the entire multi-pod fabricCentral point for both the configuration as well as the management of fabric.
ACI FunctionalityAll ACI features availableA subset of ACI features available, limited to each site
AvailabilityAvailability of a single zone with one APIC clusterMultiple availability zones within each fabric and separate APIC cluster
ReplicationIn the case of an inter-pod network, it makes use of multicastMakes use of head-end replication
VM IntegrationSeamless Live VM integration across podsLimited VM integration across sites, requires IPN
Traffic HandlingIt makes use of multicast in inter-pod networksMulti-destination traffic is handled
Node CountUp to 400 leaf nodes per pod, multiple pods per clusterUp to 400 leaf nodes per site, multiple sites per cluster

Q18 – What are the two types of tables found on Leaf Nodes in Cisco ACI?

The two tables, that are present in the Leaf Nodes are actually the Global Station Table and the Local Station Table in Cisco ACI.

Here’s a brief explanation of these two tables:

  • Global Station Table (GST): This table is a database information center for all the endpoints (devices, servers, and so on) in the complete ACI fabric. The GST is copied onto every Leaf Node, so each of the Leaf Nodes contains a copy of the table. This enables the Leaf Nodes to be able to discern where to forward the traffic.
  • Local Station Table (LST): This table is derived from the Global Station Table and includes information about the endpoints which is connected to a specific Leaf Node. They are employed by the Leaf Node to make decisions on traffic that is meant for endpoints that are locally connected.

Q19 – Is it possible to connect Access Layer switches in the downlink to the Leaf Node?

Yes, it is possible to connect Access Layer switches in the downlink to the Leaf Node. However, there’s a key consideration here:

  • ACI Design Principle: ACI’s fundamental design principle emphasizes spine-leaf architecture. This means direct connections from end devices (or access switches) are typically not made to Leaf Nodes, instead, the traffic flows through the spine layer first.

So, while you can technically connect Access Layer switches to Leaf Nodes, it’s not always the most optimal design in a pure ACI deployment.  The reason behind this is:

  • ACI Control Plane: ACI’s control plane relies on the spine layer for routing and policy enforcement.
  • Traffic Flow: Direct connections to Leaf Nodes can bypass some of the benefits of ACI’s control plane, potentially leading to inconsistencies in policy enforcement and less efficient traffic flows.

Q20 – Explain the term L3Out and Why is it required?

The Layer3 Out is a set of configurations that allows the ACI fabric to communicate with external networks via routing. L3Out is necessary to enable communication between the ACI fabric and external networks, allowing for internet access, VPN connectivity, and inter-data center communication, while maintaining ACI’s policy-based security and segmentation.

These are the most-asked Cisco ACI Interview Questions.

Cisco ACI Interview Questions and Answers PDF

To download the Cisco ACI interview questions and answers pdf, just fill out the form below, and we will Email you the link to download the PDF. 

ACI Interview Question

This PDF has 50+ most important Cisco ACI Interview Questions.

Conclusion

We hope this article was helpful for your interview and wish you all the best for the same. Always remember that your resume is the first thing a HR sees, so make a killer resume that highlights your skills and knowledge. We came up a hybrid training program to teach our students all the trending technologies and skills to be job-ready. This program is Cisco Nexus + DC ACI, check it out to know more.

Recent Blog Post

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram