05-02-2017 07:17 AM
With respect to ACI and microsegmentation in a VMware environment, other than the OpFlex capability, what are the differences b/t using the AVS vs. DVS?
Can we get the same level of granularity w/ both AVS and DVS, e.g. OS, hostnames etc.?
Thanks,
Scott
Solved! Go to Solution.
07-07-2017 10:39 AM
When dealing specifically with uSeg differences, they implement uSeg slightly differently. vDS uses PVLANs, whereas AVS uses mac based EPGs for segmentation. The differences are mainly under the hood. The same level of granularity are available to both in terms of uSeg attributes.
Robert
07-07-2017 10:39 AM
When dealing specifically with uSeg differences, they implement uSeg slightly differently. vDS uses PVLANs, whereas AVS uses mac based EPGs for segmentation. The differences are mainly under the hood. The same level of granularity are available to both in terms of uSeg attributes.
Robert
08-15-2017 08:42 AM
There is a scenario where the two differ greatly. If you have a non-ACI leaf switch in the path between the ACI fabric and the VM Hosts then the AVS switch will be able to "tunnel" through that non-leaf node switch and still provide a end-to-end fabric experience (i.e. application-centric mode). I've seen this when a data center has an existing VBlock implementation with N5Ks top of rack and is not able/willing to upgrade them to N9Ks. By deploying AVS in the VM environment, ACI is able to maintain an end-to-end fabric view of the VM endpoints. If you go with DVS for that scenario then the VBlock VM environment will need to be left in network-centric mode (along with every subnet/vlan that lives in that VM space).
08-25-2017 06:20 AM
Well it's not entirely correct. You can still segment a subnet in multiple EPGs if you have an intermediate L2 switching device between the fabric and the hosts. EPGs are identified by VLAN and subnet is completely abstracted. This means that you can have the same subnet carved up into multiple EPGs, therefore multiple VLAN. The extra step is just to configure these VLANs on the intermediate switch. If micro-segmentation is required, then this becomes cumbersome since you need to find a way to automate (preferably) the PVLAN configuration. There's no such thing as network-centric vs application-centric mode in ACI, only design choices against requirements.
Regards,
Nicolas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide