Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
5
Helpful
3
Replies

ACI Multipod Design Questions

dm2020
Level 1
Level 1

‎01-23-2023 09:57 AM - edited ‎01-23-2023 09:59 AM

Hi All,

I'm still in the process of working on a ACI Multipod design. Lots of helpful info and pointers already received so thank you.

A few other areas that I'm trying to wrap my head around. 

1) TEP pool sizing will be a challenge due to address space that is available to us and to adhere to the recommendation that the TEP pools are unique and dont clash with anything in our network. The largest subnet that is available for us to use is a /21 for each pod. How is the TEP sizing calculated so that I can determine if a /21 is adequate for day one and for any future requirements? Is it possible to use RFC 5735 (198.18.0.0/15) or RFC 6598 (100.64.0.0/10) address space for the TEP pools? Has anyone used these without any issues?

2) We will be migrating a number of VLANs from a legacy Nexus 7K switch to ACI, some with L3 SVIs (all within a single VRF) and some L2 for purposes such as ISCSI and vMotion for our VMware cluster, and for providing connectivity between VMs and a firewall that sit within our DMZ.

For the L2 only requirements, I plan to create BDs with no SVIs and EPGs (keeping the BD + EPG = 1 VLAN approach) and attaching the EPGs to the required devices. This will all be within our single Production Tenant, Production VRF and Production application profile. For scenarios such as DMZs, is the above an acceptable solution? The reason that i'm doubting this and looking for some guidance, is because the BD will be associated to our Production VRF which doesn't seem right for a DMZ. Granted that the BD will not have an L3 interface, but would it be better to use a different VRF/Application profile within our Production Tenant for this purpose, or even a new Tenant all together (or is that going too far)?

Similar question for L2 only traffic such as ISCSI and vMotion - is it ok for the BD and EPG to be associated to the Production VRF/Production Application Profile or should these be added to a dedicated VRF and Application Profile such as for network services?

Apologies in advance if these seem quite rudimentary questions, still learning ACI and best practices in real world scenarios.

 

Labels:
0 Helpful
3 Replies 3

ecsnnsls
Level 1
Level 1

‎01-30-2023 10:22 PM

Hi @dm2020 ,

Question 1:

You can use the TEP size calculator as a reference. It is available on https://filedn.com/lXHxS7h2cGFBG96oj38e1z8/unofficialRef/ACI-TEP%20Pool%20Calculator%20v2.1.xlsx Most of your questions are answered here https://unofficialaciguide.com/2021/04/14/aci-tep-pool-discussion/  The guide says that you can use RFC 6598 addresses too but only if you don't reuse this in your network.

Question 2:

I understand that you will be creating a production tenant and it's APs, VRFs, BDs and EPGs. Similarly, you can create a DMZ tenant and create it's own APs, VRFs, BDs and EPGs. The iSCSI and vMotion can still be under Production tenant. All in all, ACI constructs design is always dependent on how you want your traffic to be segregated and how they want to communicate with each other.

HTH.

dm2020
Level 1
Level 1
In response to ecsnnsls

‎02-02-2023 09:56 AM

Thanks @ecsnnsls 

Have you used RFC 6598 address for the TEP pool before? If so, did you have any issues?

0 Helpful

ecsnnsls
Level 1
Level 1
In response to dm2020

‎02-06-2023 10:05 PM

No, I haven't used it.

Sorry for the delay.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License