The main objective of the Application Centric Infrastructure is to decouple endpoints from the underlying physical network. It provides a distributed Layer 3 gateway that ensures optimal Layer 3 and Layer 2 forwarding. The ACI fabric supports standard bridging and routing without location restrictions (any IP address anywhere) and also removes flooding requirements for Address Resolution Protocol (ARP)/Gratuitous Address Resolution Protocol (GARP). All traffic within the fabric is encapsulated within VXLAN.
In traditional data center designs, IEEE 802.1Q VLANs provide logical segmentation of Layer 2 boundaries or broadcast domains. However, VLAN use of network links is inefficient, requirements for device placements in the data center network can be rigid, and the VLAN maximum of 4094 VLANs can be a limitation. As IT departments and cloud providers build large multitenant data centers, VLAN limitations become problematic.
Spine-leaf architecture addresses these limitations. The ACI fabric appears as a single switch to the outside world, capable of bridging and routing. Moving Layer 3 routing to the access layer would limit the Layer 2 reachability that modern applications require. Applications like virtual machine workload mobility and some clustering software require Layer 2 adjacency between source and destination servers. By routing at the access layer, only servers connected to the same access switch with the same VLANs trunked down would be Layer 2-adjacent. In ACI, VXLAN solves this problem by decoupling Layer 2 domains from the underlying Layer 3 network infrastructure.
As traffic enters the fabric, the ACI encapsulates and applies policy to it, forwards it as needed across the fabric through a spine switch (maximum two-hops), and decapsulates it upon exiting the fabric.
Within the fabric, ACI uses IS-IS and Council of Oracles Protocol (COOP) for all forwarding of endpoint-to-endpoint communications. This enables all ACI links to be active, equal-cost multipath (ECMP) forwarding in the fabric, and fast-reconverging. ACI uses MP-BGP to propagate routing information between software-defined networks within the fabric and routers external to the fabric.