06-03-2016 07:34 AM - edited 03-01-2019 04:58 AM
I have created a rather successful setup in terms of vmware integration and one tenant. From my point of view all important things are properly configured, but I still have some issues. I won't go into details unless it turns out absolutely necessary. The simple question is: Can this architecture work at all?
ACI fabric leaf -> IOS layer 2 switch -> fabric interconnect -> vsphere running on UCS blade servers
In every document and article I found everybody is talking about either bare metal server connected directly to the leaf switch, or fabric interconnect being directly connected to the leaf. Not to mention physical routers again being directly connected, and not through L2 switches.
Is this supported? I thought that additional layer 2 connectivity won't hurt. CDP is enabled all the way through for instance. Vlans are created on that L2 switch as well. Maybe I am missing some point here and before I go deeper into troubleshooting it would be great to know if I should give up this design right now.
06-03-2016 07:52 AM
Hello!
In short, this can work, but requires Cisco AVS. When running DVS in the fashion you describe, the leaf doesn't directly see the CDP information from the DVS or the ESX host and so is unaware of the location of the ESX server in the fabric. With AVS, this information is taken care of through OpFlex, so direct connectivity of the VM Host to the Leaf switch is not required.
This document has a bit more info on DVS: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/b_ACI-Fundamentals/b_ACI_Fundamentals_BigBook_chapter_0111.html
06-03-2016 08:01 AM
Thanks for the quick answer!
Would this inproper setup prevent vlans being created on the leaves? Because this is the most obvious problem I have. Other things seem fine. I see all VMs on my esx host, EPG is propagated over there as well, I have AEP configured and connected to vmm domain etc. But it all boils down to the fact that there are no vlans on the leaves.
Also I have strange CDP behavior. Interface status on the leaf says it sees no CDP neighbor, but when I open a CDP page, there is my IOS switch just fine. :)
Anyhow, never worked with AVS. Can you tell me in brief what are the requirements for using AVS and the difference to DVS.
06-03-2016 08:42 AM
Hi Bojan,
In this case you can use DVS, but you will need to use the "Pre-Provision" deployment immediacy instead of "On-Demand" or "Immediate". The latter two options require CDP or LLDP while "Pre-Provision" does not. When using Pre-Provision, the VLANs will be deployed on all the interfaces that have interface selector, switch selector, etc. that are linked to the AEP for VMM Domain.
As stcorry mentioned, you also have the option to use AVS which does not require CDP/LLDP adjacency. In this scenario you just need to bridge the infra VLAN through the L2 Switch and Fabric Interconnect. OpFlex will take care of the rest.
As a side note, keep in mind that LLDP and CDP are link-layer protocols. So the L2 Switch will not pass the information through from one side to another, it will be terminated on the interface that it's received on. That's why if you want to do dynamic deployment (as opposed to pre-provisioning), then you need the ACI leafs directly connected to the server itself or the FIs in the case of a blade series deployment.
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide