04-28-2017 03:35 AM - edited 03-01-2019 05:13 AM
Hi,
Can more than one EPGs in different IP subnets (VLANs) statically bind to a single leaf port to extend the traffic?
and
Can an EPG which includes different VLANS (IP subnets) be connected to a single leaf port as a trunk?
04-28-2017 04:55 AM
Hi Thusan,
Answers below for you.
Can more than one EPGs in different IP subnets (VLANs) statically bind to a single leaf port to extend the traffic?
Yes, you can assign multiple EPGs with differing VLAN associations to the same leaf port.
Can an EPG which includes different VLANS (IP subnets) be connected to a single leaf port as a trunk?
Same again, yes this is possible.
Do you have a specifc scenario you are working on?
Cheers,
Marc
04-28-2017 11:29 AM
Hi Marc,
Thanks for the answer and I am going to do a setup like below. customer having servers in vlan 10,20 but they are same applications and customer does not allow us to change IPs, so I decided to implement in following two options, please validate me.
Option 1:
Attach them in single EPG and connect to a leaf and since the default GW is defined in FW I will use static path binding to extend vlan traffic.will connect to 2960 cluster as a trunk ports. and configure that corresponding port of 2960 as trunks also. If the customer need to restrict the communication between them I will configure the EPG as isolated.
Option 2:
Attach them into different EPGs and extend the traffic using static path binding and here I am going to use a single port which will connect to 2960 cluster and it will be configured as trunk. Firewall policies will controll the communication.
Here are some of the doughts that I came across, Please assist to resolve them.
In present servers are connected to 3750 cluster dual homed, can I connect the servers to leaf cluster dual homed then what is the configuration required in ACI?
If the servers will be connected to leaf switches dual homed I have to connect to existing 2960 cluster using port channels to extend the vlan traffic to GW so port channel config is possible in ACI or not?
05-01-2017 05:56 AM
The second option would be my recommendation and provides more flexibility from a policy perspective. If you lump all servers from VLAN 10 & 20 into a single EPG, they're limited to applying with the same policies to all endpoints in that EPG from an ACI perspective.
You say these servers are the same application, but are they the same tier? (Web/App/DB etc)? The flexibility of ACI is best seen when you can separate your various app tiers by policy.
You have the right idea with statically path binding them to the legacy network using a trunk between the Border Leafs and 2960's.
For your question about dual connecting hosts, sure that's possible. You can do host connected VPCs on ACI leaf switches (Assuming the leaf pair are the same generation).
For your last question, you can channel as many links as you with (up to 16) in a port channel between ACI & the legacy 2960 stack.
I assume your plan is to setup connectivity between the fabric & Legacy network, so you can migrate servers/endpoints from the legacy > ACI without losing connectivity between the two environments (seeing as the GW resides in the legacy environment still). At some point, you'll likely want to relocate the FW and/or GW to the ACI fabric to optimize forwarding.
Robert
05-01-2017 09:37 PM
Hi Robert,
Thanks and This is what I am going to perform, please validate.
Let's say I'm going to migrate one of the servers fro legacy network to ACI. I will connect that sever to both of the leafs using VPC. and since the GW is defined on firewall I will configure the BD similar to leagcy L2 domain where I will
I will enable L2 unknown unicast to flooding
Enable ARP flooding
Then I have to extend the traffic to FW. Then I have to connect two leafs to two 2960 switches so there are 4 ports to be configured in static path binding EPG.
Here Do I need to use VPC to connect leaf switches to 2960 cluster?
In static path binding config window, can I provide more than one in vlan encap field or do i need to provide the vlans seperately one by one in vlan encap field?
Or can you provide the recommended steps to migrate the servers from exsisiting legacy network to ACI according to the diagram I have shared?
12-07-2022 02:35 PM
For vlan 10
you will have EPG with static path of the port which the server connected and another static path for the port which connected to the firewall (acitve) and it there will be standby firewall , there will be third static path for the standby so each EPG 10 or 20 will have three static path entries correct ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide