Home
Operate and maintain
Documents in this section provide background concepts and procedures for planning, deploying, and maintaining fabrics using the Fabric Services System.
User Guide
This document describes concepts necessary to use the Fabric Services System. It also includes procedures for designing, deploying, and maintaining fabrics, and designating fabric resources for allocation to specific sources of demand.
Appendix: Workload VPN intent parameters

Operate and maintain
Documents in this section provide background concepts and procedures for planning, deploying, and maintaining fabrics using the Fabric Services System.
- User Guide
  This document describes concepts necessary to use the Fabric Services System. It also includes procedures for designing, deploying, and maintaining fabrics, and designating fabric resources for allocation to specific sources of demand.
- Digital Sandbox CLI Guide
  This document describes concepts and commands required to interact directly with the Digital Sandbox, a network simulator to which you can deploy fabric intents and workload intents from the Fabric Services System.

Appendix: Workload VPN intent parameters

This appendix describes the workload VPN intent parameters in the Fabric Services System.

Workload VPN intent parameters

Basic parameters (workload VPN intent), Subnet parameters (workload VPN intent) and Sub-interface parameters (workload VPN intent) define the required and optional workload VPN intent parameters and the appropriate values that you can set in the platform.

Table 1. Basic parameters (workload VPN intent)
Parameter	Description	Values/Range
Workload VPN Intent Name	A unique name you assign to the workload VPN intent.	Any string value
Description	A description you provide for the workload VPN intent.	Any string value
Fabric Intents	Use this field to select one or more fabrics whose resources should participate in the workload VPN intent.	By fabric
Labels	Although not enabled during workload VPN intent creation, this field can be used later to apply labels to the workload VPN intent itself.	Supported labels

Table 2. Subnet parameters (workload VPN intent)
Parameter	Description	Values
Name	A name you assign to the subnet.	Any string value
Description	A description you provide for the subnet.	Any string value
Type	Select a supported subnet type from the drop-down list.	Bridged Routed
IP Anycast Gateway (V4/V6)	IP Gateway (V4/V6): For bridged subnets, an IP gateway to act as an IRB interface. Primary: To form a BGP peering session between a multi-netted interface and a neighbor, one of the addresses must be set to primary.	Enter a valid IPv4 or IPv6 address with a required CIDR.
VNI	Specify a VNI from the selected VNI pool, otherwise the Fabric Services System assigns a VNI from the VNI pool.	Automatically Derived, Manual
Provision Type	Specify whether the route targets are automatically derived or manually entered.	Automatically Derived Manual
Mac Duplication Detection	Enables MAC duplication detection for the subnet. If this field is enabled, the following fields are applicable: Action Hold Down Time Monitoring Window Num Moves
Action	This field specifies the action to take on the sub-interface upon detecting at least one MAC address is a duplicate: stop learning - the MAC address is not relearned on this or any subinterface blackhole - frames received on this or any other subinterface are dropped if the MAC sources address or if the mac-vrf MAC destination address matches a blackhole MAC address (the MAC source address is still learned) oper-down - the sub-interface is disabled with an error mac-dup-detected; arriving frames on a different subinterface with the same source address are dropped
Hold Down Time	This field specifies the time to wait from the moment a MAC address is declared duplicate before it is flushed from the bridge table, after which the monitoring process for the MAC address is restarted.	2 to 60 minutes
Monitoring Window	This field specifies the period during which the moves are observed.	1 to 15 minutes
Num Moves	This parameter specifies the number of moves during the monitoring window after which a MAC address is considered a duplicate.	3 - 10
IPv4 Learn Unsolicited ARP Enabled	For IPv4 addresses within the subnet, setting this parameter to True enables the learning of ARP entries out of any ARP packet arriving at the IRB sub-interface, regardless of whether there was an ARP-Request issued from the IRB.	True, False
BFD	For bridged subnets, use this field to enable bidirectional forwarding detection (BFD) for this subnet.	Click the toggle to enable BFD.
IPv6 Learn Unsolicited ARP Enabled	For IPv6 addresses within the subnet, setting this field to True enables the learning of Neighbor Discovery Request entries out of any Neighbor Discovery Request packet arriving at the IRB sub-interface, regardless of whether there was a Neighbor Discovery Request issued from the IRB.	True, False
ACL Profile	For bridged subnets, an access control list that restricts the traffic permitted to cross the subnet.	Select an already-configured ACL profile
IP MTU	For bridged subnets, the maximum transmission unit allowed.	1500+

Table 3. Sub-interface parameters (workload VPN intent)
Parameter	Description	Values
Description	A description you provide for the selected sub-interface.	Any string value
Encap Type	For bridged subnets, this field configures encapsulation settings: UnTagged - specifies that untagged frames can be captured on tagged interfaces Single Tagged - you can specify one of the following options: Vlan ID Any - specifies that non-configured VLAN IDs or untagged traffic are classified to a layer-2 sub-interface Vlan ID - specify a value from 1 to 4094	Single Tagged, UnTagged
ACL Profile	An access control list that defines the traffic that is permitted (and by implication, excluded) on the sub-interface.	Select an already-defined ACL profile
IP MTU	The maximum transmission unit for the sub-interface; this is the maximum size for an IP packet that is not fragmented in the course of transmission.	1500+
Association parameters
Subnet	The subnet with which this sub-interface is associated.	Select an existing subnet from the drop-down list
Association Type	The method used to associate this sub-interface with its "parent" subnet.	Node and Interface, Interface label selector
Node ID	The node within the fabric on which the current sub-interface is located.	Select an existing leaf node within the fabric or fabrics associated with this workload VPN intent.
Interface Name	The specific interface on the selected node with which this sub-interface is associated. This setting can be a LAG.	Select an interface from the drop-down list.
IP Gateway (V4/V6)	IP address of the forwarding device. If the IP address is the primary gateway , set the Primary field. To form a BGP peering session between a multi-netted interface and a neighbor, one of the gateway IP addresses must be set to primary.	Enter the IP address of the gateway device.
Action	Specifies the action to take on the sub-interface (if action is use-net-instance-action) upon detecting at least one MAC addresses is duplicate on the sub-interface: stop learning - the MAC address is not relearned on this or any subinterface blackhole - frames received on this or any other subinterface are dropped if the MAC sources address or if the mac-vrf MAC destination address matches a blackhole MAC address (the MAC source address is still learned) oper-down - the sub-interface is disabled with an error mac-dup-detected; arriving frames on a different subinterface with the same source address are dropped
QoS parameters
QoS Classifier (IP V4)	Quality-of-Service classifier (DSCP value and forwarding class) for an IPv4 address.	Select an already-defined QoS profile from the drop-down list.
QoS Classifier (IP V6)	Quality-of-Service classifier (DSCP value and forwarding class) for an IPv6 address.	Select an already-defined QoS profile from the drop-down list.
QoS Rewrite Rules (IP V4)	Quality-of-Service rewrite rules (forwarding class and DSCP selection) for an IPv4 address.	Select an already-defined QoS profile from the drop-down list.
QoS Rewrite Rules (IP V6)	Quality-of-Service rewrite rules (forwarding class and DSCP selection) for an IPv6 address.	Select an already-defined QoS profile from the drop-down list.