Top 20 Cisco ACI Interview Questions and Answers – 2024
After creating a killer resume and clearing the HR round, it’s time to face the final interview, the toughest one. We all are scared of what an interviewer will ask us, so it is always better to prepare beforehand for all the most asked technical questions. Here are the top 20 Cisco ACI Interview questions and answers. If you get a good command of all these questions, you will be a bona fide candidate for all the Cisco ACI interviewers. These questions are a combined effort of our technical team. Cisco ACI is an SDN solution that offers data center network policy-based architecture, scalability, and security. Its primary objective is to reduce hassles that are usually encountered in managing complex networks, enhance the performance of the applications that are operated on the networks, and lower the expenses that are required in the management of the networks. ACI is built with an overlapping system of a spine-leaf architecture, where there’s a master central node referred to as the Application Policy Infrastructure Controller (APIC). ACI is compatible with numerous Cisco products such as Nexus switches and works with different protocols such as BGP or OSPF and VXLAN. As a software-defined solution, Cisco ACI is implemented in enterprise data center networks, service provider networks, cloud infrastructure, and the corporate campus to allow for application-aware, policy-based connectivity of physical and virtual devices. Now, let’s look at some of the most asked basic Cisco ACI Interview questions with their answers. Let’s start with some basic ACI interview questions and answers without further delay. We have the Cisco Nexus 9000 series. In this, we mainly have Nexus 9500 Modular and Nexus 9300 Non-Modular series switches. One of the best ways is to use 9500 as spine and 9300 as Leaf Switches. We have two modes in which nexus 9K Switches can be used: NX-OS and ACI Mode. These are exclusive modes, meaning you cannot run both modes simultaneously in a switch. If you switch the mode, then the complete config will be deleted. This architecture was designed by Charles Clos. Applications are being deployed in a distributed fashion in the modern IT world, boosting east-west traffic. The requirements for high bandwidth and low latency cannot be met by conventional 3-Tier Data Centers. This is where the shortcomings of conventional network architecture are addressed by the Leaf-Spine 2-layer network topology (consisting of leaf switches and spine switches). The topology consists of spine switches (to which leaf switches connect) and leaf switches for connecting servers and storage. Every lower-tier switch (leaf layer) in this two-tier Clos design is linked to every top-tier switch (spine layer) in a full-mesh topology. Cisco Application Policy Infrastructure Controller is referred to as APIC. The primary architectural element of the Cisco ACI solution is Cisco APIC. For the Cisco ACI fabric, policy enforcement, and health monitoring in both physical and virtual environments, it serves as a single point of automation and management. The controller controls and runs a scalable multitenant Cisco ACI fabric in addition to optimising performance. The APIC controller is the only point of control for ACI Fabric. For purposes of troubleshooting and verification, we also have the option to log into specific switches. In L2 Fabric, we can use up to 80 Leaf Switches, 24 Spine Switches per Fabric (6 Spine per POD), 650 FEX per Fabric (20 FEX per leaf Switch) & 1000 Tenants can be created. In a large L3 Fabric, we can use up to 200 Leaf Switches, 24 Spine switches per Fabric (6 spines per POD), 650 FEX per Fabric (20 FEX per leaf Switch) & 3000 Tenants can be created. Below are the key benefits of ACI fabric – The Cisco ACI solution’s primary architectural element is the infrastructure controller. If all the APIC controllers go down, then there won’t be any outage in data forwarding of traffic. However, we cannot make any changes to the Fabric, and we need to bring up the APIC controller to be able to make new policies or monitor/troubleshoot the ACI fabric. All endpoints, including the APIC controller, will only be connected to Leaf Switches. If you have one server connected to two leaf switches, you may form vPC (Virtual Port channel) at leaf switches. Here, we do not have any vPC Peer link between Leaf Switches because cisco architecture does not allow link connection between leaf and leaf switches. A Bridge Domain is a layer 2 construct in Cisco ACI Fabric. It must be part of VRF (Virtual Routing Forwarder). The bridge domain is like a container for subnets — it’s used to define an L2 boundary, but not like a VLAN; in fact, it is a VXLAN, represented as VNI (VXLAN Network Identifier). If such flooding is enabled, the BD defines the unique Layer 2 MAC address space and a Layer 2 flood domain. It can carry multiple subnets in a single bridge domain, and Inter-subnet communication within the Bridge domain is enabled. We can create multiple Bridge Domains inside a single VRF and cannot link one BD to two different VRFs. Public, private, or shared bridge domains are all possible. Private bridge domains only apply within the tenancy, but public bridge domains allow the subnet to be exported to a routed connection. When a shared service is used, shared bridge domains can be exported to numerous VRFs both within and outside of the same tenant. These are the top basic Cisco ACI Interview Questions. Let’s move on some advanced questions. Here are the top advanced Cisco ACI Interview questions with answers: Endpoints are devices connected to the network directly or indirectly. They have an address, a location, and attributes (like version or patch level) and can be virtual or physical, e.g., Bare-metal server, Switch, Router, Firewall, IDS, IPS, etc. Endpoint groups, often known as EPGs, are collections of endpoints that represent individual applications or components of applications. An EPG is an object that represents a group of endpoints that share certain characteristics, such as EPG-web, EPG-DB, and EPG-App. A Tenant is a secure and exclusive virtual computing environment and a logical unit of isolation from a policy perspective. However, it is not a private network, and the tenant is referred to as the largest logical unit or entity or the highest-level object for management in Cisco ACI. Tenant is like your business unit, department, or organization/company. Tenants may stand-in for a client in a service provider context, a company or domain in an enterprise setting, or simply a useful collection of rules. Tenants allow re-use of an IP Address space, i.e., multiple tenants can have identical IP Address schemas. Cisco ACI tenants can contain multiple private networks (VRF instances). One user-created tenant can’t talk to another tenant. By default, ACI has three tenants: Common, Infra & Management. Tenant contains VRFs, BDs, Subnets, Application Profiles, EPGs, Subjects, Filters, and Contracts. It is the policy we require for setting up protocols on Interfaces such as LACP, CDP, Storm Control, LLDP, Link-level for speed/duplex settings, NetFlow, Port Security, 802.1x port authentication and many more. If we do not create an Interface Policy in ACI, the default policy will be applicable, e.g. Default CDP, LLDP, and MCP policies will be applicable on interfaces. Yes, it can be configured. See the below snapshot; you can see that in the App EPG-1, we can see one port in the trunk, whereas the other is in access (untagged). Sharding is a huge database technology that is used by the APIC cluster. The data sets produced and processed by the APIC benefit from the scalability and dependability of this technology. Similar to database shards, the data for APIC settings are divided into logically bounded portions called shards. A shard is a component of data management, and shards are handled in the following methods by the APIC: Each APIC appliance contains one or more shards. A static shard layout defines the assignment of shards to appliances, and the shard data assignments are based on a pre-set hash function. The routing protocol used for internal communication between ACI Spine and Leaf switches is ISIS or Intermediate System to Intermediate System. ISIS is a routing protocol that enables the Spine and Leaf switches to communicate with each other and share information about the network. It is used in creating a loop-free network and to enable the data packets to pass between the Spine and the Leaf switches in an efficient manner. ISIS is a protocol that is reliable and efficient in the sense that it aids in the efficient running of the ACI network. The main difference between multiport and multiside are: The two tables, that are present in the Leaf Nodes are actually the Global Station Table and the Local Station Table in Cisco ACI. Here’s a brief explanation of these two tables: Yes, it is possible to connect Access Layer switches in the downlink to the Leaf Node. However, there’s a key consideration here: So, while you can technically connect Access Layer switches to Leaf Nodes, it’s not always the most optimal design in a pure ACI deployment. The reason behind this is: The Layer3 Out is a set of configurations that allows the ACI fabric to communicate with external networks via routing. L3Out is necessary to enable communication between the ACI fabric and external networks, allowing for internet access, VPN connectivity, and inter-data center communication, while maintaining ACI’s policy-based security and segmentation. These are the most-asked Cisco ACI Interview Questions. To download the Cisco ACI interview questions and answers pdf, just fill out the form below, and we will Email you the link to download the PDF. This PDF has 50+ most important Cisco ACI Interview Questions. We hope this article was helpful for your interview and wish you all the best for the same. Always remember that your resume is the first thing a HR sees, so make a killer resume that highlights your skills and knowledge. We came up a hybrid training program to teach our students all the trending technologies and skills to be job-ready. This program is Cisco Nexus + DC ACI, check it out to know more.Introduction
About Cisco ACI (Application Centric Infrastructure)
Basic Cisco ACI Interview Questions and Answers
Q1 – What is the hardware series we use for Application Centric Infrastructure?
Q2 – What are the modes of operations in nexus 9000 series switches?
Q3 – What is CLOS architecture or ACI Spine-Leaf Architecture?
Q4 – What is the APIC controller in ACI?
Q5 – In ACI mode deployment (Layer2/Layer3 fabric), how many Spine, Leaf Switches and FEX can be deployed?
Q6 – What are the benefits of Nexus ACI compared to traditional network solution/architecture?
Q7 – What is the role of the APIC controller in ACI fabric?
Q8 – What happens when all APIC controllers in fabric go down?
Q9 – Where do we connect servers in ACI Spine-Leaf Architecture?
Q10 – What is the Bridge domain in Cisco ACI?
Advanced Cisco ACI Interview Questions and Answers
Q11 – What do you mean by Endpoint, End Point Group (EPG)?
Q12 – What do you mean by Tenant? What are Common Tenant, Infrastructure Tenant, and MGMT Tenant?
Q13 – What is Interface Policy in ACI? What happens if we do not create an Interface Policy in ACI?
Q14 – I have Trunk ports configured in one EPG. Can the access ports also be added in the same EPG?
Q15 – Explain the concept of SHARDS?
Q16 – What routing protocol is used for communication between ACI Spine and Leaf switches?
Q17 – What is the difference between multiport and multisite?
Factors Cisco ACI MULTI-POD Cisco ACI MULTI-SITE Management Central management domain for the entire multi-pod fabric Central point for both the configuration as well as the management of fabric. ACI Functionality All ACI features available A subset of ACI features available, limited to each site Availability Availability of a single zone with one APIC cluster Multiple availability zones within each fabric and separate APIC cluster Replication In the case of an inter-pod network, it makes use of multicast Makes use of head-end replication VM Integration Seamless Live VM integration across pods Limited VM integration across sites, requires IPN Traffic Handling It makes use of multicast in inter-pod networks Multi-destination traffic is handled Node Count Up to 400 leaf nodes per pod, multiple pods per cluster Up to 400 leaf nodes per site, multiple sites per cluster Q18 – What are the two types of tables found on Leaf Nodes in Cisco ACI?
Q19 – Is it possible to connect Access Layer switches in the downlink to the Leaf Node?
Q20 – Explain the term L3Out and Why is it required?
Cisco ACI Interview Questions and Answers PDF
Conclusion