Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
0
Helpful
4
Replies

Control with in same EPG

imalvi
Level 1
Level 1

‎01-24-2016 05:35 AM - edited ‎03-01-2019 04:55 AM

Hi,

I have a question, one of the customer is asking for having control with in same EPG. For example if there is an EPG_FE with multiple VMs in it.How can we block access between these VMs under the same VLAN or EPG in ACI fabric?

Customer only have DVS in vcenter env.  

Labels:
0 Helpful
4 Replies 4

Tomas de Leon
Cisco Employee
Cisco Employee

‎01-25-2016 06:06 AM

In ACI version 1.2(1i) or later, There is a feature "Microsegmentation".

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/virtualization/b_ACI_Virtualization_Guide_1_2_1x/b_ACI_Virtualization_Guide_1_2_1x_chapter_01000.html

Microsegmentation with Cisco ACI provides support for virtual endpoints attached to Cisco Application Virtual Switch (AVS) and for Microsoft vSwitch using the OpFlex protocol. This feature is not available with VMware DVS.

So unfortunately for your customer this feature will not work.  A way you can still do this is create multiple EPGs within the same BD and use contracts to enforce policy.

Cheers!

T.

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee

‎01-25-2016 06:18 AM

In addition to what Tomas mentioned, there is an Intra-EPG isolation feature on the roadmap which is targeting the next major release.  No ETA at this point, but its coming. 

Robert

0 Helpful

imalvi
Level 1
Level 1
In response to Robert Burns

‎01-25-2016 09:57 PM

Thank you Tomas and Robert for the clarification. So AVS is the way to go unless new release comes up with micro-segmentation for DVS.

Thanks.

Regards

Imran

0 Helpful

bruno.fernandes
Level 1
Level 1
In response to Robert Burns

‎02-02-2016 09:53 AM

Hi Robert,

Just to see if I understood you correctly .... If I have two bare metal servers in the same EPG, Intra-EPG isolation is not available at the current latest release ... yet (by the way I'm running 1.2(1i) ... correct ?

Regards,

Bruno Fernandes

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License