Solved: Hongjun,I am testing a few

Hongjun Ma · ‎06-11-2015

Hello,

I'm not clear why/when we need to associate a physical domain with an EPG?

Without associate the EPG with a physical domain, the EPG can pass the traffic OK through static path binding. The front panel ports can get active vlans from AEP->domain->vlan pools association. Why do we need another EPG->physical domain association?

For virtual domain VMM, I understand I need to associate EPG with VMM domain for port-group DVS creation. But why physical domain association with EPG??

Thanks

Hongjun

Joseph Ristaino · ‎06-12-2015

Hongjun,

I am testing a few things in my lab and had a couple questions. What code are you running? Do you see any faults under the EPG when you don't add the physical domain and just have the static path?

You mention that the front panel ports can get active vlans from the AEP. Without a domain attached, there is nothing that can tie that EPG (vlans) back to the AEP. The AEP has the domain mapped. In my lab it is working without having to associate the domain and there are no faults. I'm wondering if the behavior changed.

Joey

View solution in original post

dpita · ‎06-15-2015

Hello

Just wanted to help Joey clarify. He is correct, without a domain attached to the EPG there is no way for the EPG to be tied to and access policies / AAEP or even a VLAN. When ACI 1.1 comes out, the behavior will change and the EPG will throw a fault for nwissue invalid path and invalid VLAN.

The domain association is what ties together the Tenant/EPG policies/namespaces to the access policies and physical infrastructure abstraction. A static path is only half of the *supported* configuration. A static VLAN pool, physical domain, AAEP and all the switch policies are required.

Hope this helps!

View solution in original post

Joseph Ristaino · ‎06-15-2015

My pleasure, more to come :)

Daniel beat me to the punch, yes we will enforce this in our newest release out now 1.1(1j):

https://software.cisco.com/download/release.html?mdfid=285968390&softwareid=286278832&release=1.1(1j)&relind=AVAILABLE&rellifecycle=&reltype=latest

As far as "why" we require this...I don't have an amazing answer for you, but it is important that we limit where we can deploy EPG resources. If we don't enforce only applying the static path info on interfaces part of the AEP, we don't have consistency. We want our customers to be familiar with creating these mappings regardless of whether the domain is physical or virtual. When you add the domains to the AEP, you are saying that resources for these domains can get deployed on interfaces using this AEP. If we don't add the domain to the EPG, we are bypassing this.

I hope this helps :)

View solution in original post

Joseph Ristaino · ‎06-12-2015

Hongjun,

I am testing a few things in my lab and had a couple questions. What code are you running? Do you see any faults under the EPG when you don't add the physical domain and just have the static path?

You mention that the front panel ports can get active vlans from the AEP. Without a domain attached, there is nothing that can tie that EPG (vlans) back to the AEP. The AEP has the domain mapped. In my lab it is working without having to associate the domain and there are no faults. I'm wondering if the behavior changed.

Joey

Hongjun Ma · ‎06-12-2015

Thank you Joey for the reply.

APIC version is 1.0(4h). The EPG is happy with no faults.

I have AEP associated with physical domain and static vlan pool. My confusion is that why there is again another option to associate with physical domain under EPG as I already associate the domain at AEP.

BTW, I love your presentations and training videos, very precise and informative. thanks!!

Hongjun

dpita · ‎06-15-2015

Hello

Just wanted to help Joey clarify. He is correct, without a domain attached to the EPG there is no way for the EPG to be tied to and access policies / AAEP or even a VLAN. When ACI 1.1 comes out, the behavior will change and the EPG will throw a fault for nwissue invalid path and invalid VLAN.

The domain association is what ties together the Tenant/EPG policies/namespaces to the access policies and physical infrastructure abstraction. A static path is only half of the *supported* configuration. A static VLAN pool, physical domain, AAEP and all the switch policies are required.

Hope this helps!

Hongjun Ma · ‎06-15-2015

Thank you Daniel and Joey for the replies.

I got the concept now. I like ACI 1.1 enforcement so users won't be confused with typing EPG with physical domain.

Thanks!!!

Joseph Ristaino · ‎06-15-2015

My pleasure, more to come :)

Daniel beat me to the punch, yes we will enforce this in our newest release out now 1.1(1j):

https://software.cisco.com/download/release.html?mdfid=285968390&softwareid=286278832&release=1.1(1j)&relind=AVAILABLE&rellifecycle=&reltype=latest

As far as "why" we require this...I don't have an amazing answer for you, but it is important that we limit where we can deploy EPG resources. If we don't enforce only applying the static path info on interfaces part of the AEP, we don't have consistency. We want our customers to be familiar with creating these mappings regardless of whether the domain is physical or virtual. When you add the domains to the AEP, you are saying that resources for these domains can get deployed on interfaces using this AEP. If we don't add the domain to the EPG, we are bypassing this.

I hope this helps :)

EPG associate with physical domain