Hi dpitathanx that clarify´s

odahlqvist · ‎02-16-2015

I am struggling with ACI mode and are trying to configure a pair of VPC client connections config, against a UCS system and a router. I noticed that when i used the same Policy Group in the interface profile only got one VPC up and running, i was checking on the leaf and there was only one VPC brought up, when I made a "unique" policy group in the second interface Profile i got another VPC on the leaf, is this the case because on the old days there was a VPC number configured under the interface and i don´t find any type that is refereeing to something like a number to Pair the interface together that is in a pair ( vpc client facing) the VPC Peer link and all that is upp and running.

So can someone clarify what is the unique stuff thaat need to be configured to get 2 or more VPC client pair config up and running, is the unique policy group the key, i was using the the the same AEP-( vlan pool) but a unique name on the policy groups.

thnx

dpita · ‎02-16-2015

Hello

Just to make sure, the first thing when configuring vPC is to configure the explicit protection group under switch policies, that way you select your leafs that will be in a vPC and assign an ID to that particular pair, then they will be assigned a TEP address from the infra range.

The only unique stuff that needs to be configured is the interface policy group, so you are right about that. The way it made sense to me was to think of the interface policy group as related to a single physical endpoint that will be using that vPC. Ill elaborate:

Sw selector my_vpc with switches 101 and 102

my_vpc switch selector is associated to my_vpc_int and references port 1/13. my_vpc_int is associated to interface policy group my_vpc_router and is a vpc policy running lldp, LACP active, 10gig interfaces and no cdp.

the configuration i created above is saying that switches 101 and 102 port 13 are a vPC to my router.

now if i wanted to use switches 101 and 102 again for another endpoint, in your case a UCS. it can be done as well:

using my_vpc i can associate a new interface selector called my_ucs_vpc using ports 1/25. my_ucs_vpc is associated to interface policy group my_ucs_host and is a vpc policy running lldp, LACP mac-pinning, 1gig interface etc etc

the two configurations above creates 2 unique vPCs to two different endpoints. the difference is the interface policy group! it can get a bit complicated when using multiple links to something like an FI but once the concept is understood its not bad because of the re-usability of most of the configuration.

Hope this helps!

odahlqvist · ‎02-17-2015

Hi Dpita

thx for the great answer it helps a lot. I have tried to go through your answer and then even asked some more to clarify what is needed to get the traffic trough !

step 1:

"Just to make sure, the first thing when configuring vPC is to configure the explicit protection group under switch policies, that way you select your leafs that will be in a vPC and assign an ID to that particular pair, then they will be assigned a TEP address from the infra range."

Here we config the VPC Domain and Peer-link stuff as we used to do... in the NX-OS world

"then they will be assigned a TEP address from the infra range."

Okay cool so the VPC domain part will be a VTEP a tunnel for VXLAN stuff , can we study this someway in the Leaf , we are see a lot of tunnel for VTEP stuff regarding VXLAN "overlay" but what is for the VPC is still a mystery.

Step2 VPC Client port-channel:

"The only unique stuff that needs to be configured is the interface policy group, so you are right about that. The way it made sense to me was to think of the interface policy group as related to a single physical endpoint that will be using that vPC. Ill elaborate:

Sw selector my_vpc with switches 101 and 102

my_vpc switch selector is associated to my_vpc_int and references port 1/13. my_vpc_int is associated to interface policy group my_vpc_router and is a vpc policy running lldp, LACP active, 10gig interfaces and no cdp.

the configuration i created above is saying that switches 101 and 102 port 13 are a vPC to my router"

Okay the "interface policy group" is the one how to make the VPC client unique and the AEP culd be the same, i noticed in the begging if i used the same policy group I did not get up another VPC port-channel in the show port-channel summary after attached to the leaf, otherwise there was no error or other hint about this was not so smart to do.

Okay Question if i want to run both Physical and VMM traffic to my UCS-FI do I need to attach more AEP to the same Policy group or is the VLAN pool open in the AEP for booth Physical load and virtual, beaccuse the fact that we will both terminate EPG on the Bare metal VLAN "endpoint" with static binding and use the AVS that will Float over the VPC client trunk and then the Port groups will be attached to the VM´s. in short will the AEP with VPC port groups be enough for then connect both EPG static binding and EPG=port groups via AVS ( N1k)

dpita · ‎02-19-2015

Hello

Yes you can run virtual and physical work loads from the same FI's and UCS-B. pretty much all you need is a new physical domain associated to the EPG and a static path on that EPG referencing the vPC where the UCS-B is and specifying the VLAN that traffic will be tagged with.

odahlqvist · ‎02-27-2015

Hi dpita

thanx that clarify´s a lot, so DVS will go on top of the VPC that we have build to the UCS for bare metal servers, and the Dvs Guide will build its on physical domain, what about the vlan that we specify in the VPC van those overlapp with the physical baremetal static bindings that we will do on the same VPC port-channel, some VM will assign a "transport" vlan and those you can´t specify more than the POOl , that pool can or should not overlap with the static bindings that you can do with the physical server ?

ACI mode and VPC client configuration and Policy groups