Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
5
Helpful
2
Replies

First VmWare integration into ACI

Go to solution
jfhernandez
Beginner
Beginner

‎06-09-2022 07:42 AM

Good day.

We are going to add 5 new Dell HCI servers and integrate a virtual domain for the first time to ACI and I have some doubts.
Right now, we have only bare metal servers, using a network centric approach (Vlan-EPG-BD) with the gateway outside the Fabric using a L2 Extension. Cause only bare metal, we have only a phys domain and we are using static ports.

Now my questions are:
When creating the virtual domain, the Vlan pool that I will use, I know I have to create a new one and must be dynamic.
My question is, should it be different from my first pool, the phys pool?
In the phys pool I have vlans from 1-1525. So, should i create one from 1526-2500 for example? Or can they repeat vlans?

Another question:
When Im creating the Policy Groups for the new HCI servers, should I use the phys AEEP (the only previous one created for my bare metal servers) or should I use the new AEEP created (if I have to create a new AAEP) for the VCenter Domain?

And last question, once on the EPGs, I know I have to add the Virtual domain on "Domains".
But, should I also add static ports for the interfaces of my new servers? or because I added on the policy groups
the new AAEP, it wont be necessary?
Imagine I have a Virtual Machine on one new server, this machine is going to need to access the gateway that is outside the fabric. So it will need the L2 Extension, so would it be necessary to add static ports, on trunk and with the vlan encapsulation needed?

 

Hope you can help me clear some doubts Im thinking for the integration

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎06-09-2022 09:41 AM

"My question is, should it be different from my first pool, the phys pool?
In the phys pool I have vlans from 1-1525. So, should i create one from 1526-2500 for example? Or can they repeat vlans?"

Yes, the VLAN range for your VMM domain should be separate, dynamic and be large enough to at least account for 1 VLAN ID  per EPG you plan on deploying to the vDS.  If you plan on doing Segmentation (Intra-EPG) or MicroSegmentation it will need to be larger (akin to PVLAN needing two VLANs for primary & isolated)

"When Im creating the Policy Groups for the new HCI servers, should I use the phys AEEP (the only previous one created for my bare metal servers) or should I use the new AEEP created (if I have to create a new AAEP) for the VCenter Domain?"

The same AEP can be used.  You can bind both your Physical domains and VMM domains to the same AEP.   Some people may choose to separate them, but both options are viable.  

"And last question, once on the EPGs, I know I have to add the Virtual domain on "Domains".
But, should I also add static ports for the interfaces of my new servers? or because I added on the policy groups
the new AAEP, it wont be necessary?"

With VMM integration no need to add static paths.  Since the ACI will be aware of the Hypervisor (and VMs) location using CDP/LLDP, it will automatically deploy the policy to the interfaces needed (which would be a subset of those bound to the same AEP & Interface Profiles). 

"Imagine I have a Virtual Machine on one new server, this machine is going to need to access the gateway that is outside the fabric. So it will need the L2 Extension, so would it be necessary to add static ports, on trunk and with the vlan encapsulation needed?"

The external GW should already have connectivity into the fabric - which likely maps into an EPG.  As long as your VMs exist in the same EPG as your GW, they should be able to reach it.   Your physical GW likely has a statically assigned VLAN ID as part of the Static Path binding, but your VMM-integrated VMs don't need this.  ACI handles all the tagging between the Hypervisor vDS and ACI.  This may result with the same EPG for your VMs & GW may using different VLAN tags - but this is expected, and not an problem.  Again, as long as they land in the same EPG, you're good to go.  Just be sure that your Bridge domains involved are set to Flood mode for unknown unicast (not HW proxy).

Robert

View solution in original post

2 Replies 2

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎06-09-2022 09:41 AM

"My question is, should it be different from my first pool, the phys pool?
In the phys pool I have vlans from 1-1525. So, should i create one from 1526-2500 for example? Or can they repeat vlans?"

Yes, the VLAN range for your VMM domain should be separate, dynamic and be large enough to at least account for 1 VLAN ID  per EPG you plan on deploying to the vDS.  If you plan on doing Segmentation (Intra-EPG) or MicroSegmentation it will need to be larger (akin to PVLAN needing two VLANs for primary & isolated)

"When Im creating the Policy Groups for the new HCI servers, should I use the phys AEEP (the only previous one created for my bare metal servers) or should I use the new AEEP created (if I have to create a new AAEP) for the VCenter Domain?"

The same AEP can be used.  You can bind both your Physical domains and VMM domains to the same AEP.   Some people may choose to separate them, but both options are viable.  

"And last question, once on the EPGs, I know I have to add the Virtual domain on "Domains".
But, should I also add static ports for the interfaces of my new servers? or because I added on the policy groups
the new AAEP, it wont be necessary?"

With VMM integration no need to add static paths.  Since the ACI will be aware of the Hypervisor (and VMs) location using CDP/LLDP, it will automatically deploy the policy to the interfaces needed (which would be a subset of those bound to the same AEP & Interface Profiles). 

"Imagine I have a Virtual Machine on one new server, this machine is going to need to access the gateway that is outside the fabric. So it will need the L2 Extension, so would it be necessary to add static ports, on trunk and with the vlan encapsulation needed?"

The external GW should already have connectivity into the fabric - which likely maps into an EPG.  As long as your VMs exist in the same EPG as your GW, they should be able to reach it.   Your physical GW likely has a statically assigned VLAN ID as part of the Static Path binding, but your VMM-integrated VMs don't need this.  ACI handles all the tagging between the Hypervisor vDS and ACI.  This may result with the same EPG for your VMs & GW may using different VLAN tags - but this is expected, and not an problem.  Again, as long as they land in the same EPG, you're good to go.  Just be sure that your Bridge domains involved are set to Flood mode for unknown unicast (not HW proxy).

Robert

Go to solution
jfhernandez
Beginner
Beginner
In response to Robert Burns

‎06-09-2022 09:48 AM

Thank you so much for your help Robert! It helped me a lot.
I was also concerned about the difference on vlans tags as you said, but now is clear shouldnt be a problem.
Again thanks a lot!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents