Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1856
Views
0
Helpful
1
Replies

ACI preferred group enable and vzAny

JCDM7
Level 1
Level 1

‎01-06-2022 11:33 AM

Is there any flapping or traffic disruption when enabling the "Preferred group" option in the VRF and in the EPGs?

 

There is a requirement to segment some endpoints into the ACI fabric. Those endpoints live on an EPG and all EPGs on the ACI fabric has no restrictions on communicate with each other via the vzAny contracts (any to any). Plain and simple desing.

 

The aproach to segment those endpoints is to separate them into a new "sub" EPG associated with the same Bridge domain as the "parent" EPG (can't use microsegmentation), and to use contracts to rule the communication to and from that EPG.

The problem i see is that I must place all EPGs but this new one in the preferred group and removing the vzAny contracts in order to accomplish the required segmentation, but at this moment the Preferred group is in disabled state in both VRF and the EPGs.

 

In order to do that i was thinking of: adding the EPGs to the preferred group, enabling the preferred group on the VRF and then removing the vzAny contracts.

 

Is it possible to enable the preferred group and having vzAny contracts at the same time?

Is there any flapping or traffic disruption when enabling the "Preferred group" option in the VRF and in the EPGs (taking care of the necesary contracts for L3Outs, etc.)?

Has anyone gone through a similar scenario?

 

Thanks!

Labels:
0 Helpful
1 Reply 1

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-08-2022 12:02 PM

Hi @JCDM7 

I think you are making a confusion.

By enabling "Preferred Group" option at VRF level only enables the feature in that VRF. If you have it disabled, enabling preferred group on EPGs, will not have any effect.

First question was: does it work to have preferred group & vzAny in a VRF? Answer: yes, it work. But make sure you check the contracts priorities to avoid problems, for example vzany with specific filter wins over preferred group:  https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#Contractpriorities 

Second question: is there any impact if enabling preferred group? No, it should not.

 

Cheers,

Sergiu

 

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License