Solved: Infra VLAN Question

ADC Lane · ‎04-19-2023

Hi Team,

I have confuse about infra VLAN, Cisco recommend use 3967 or any vlan which no existing/overlap other platfrom.

My Question is: if I use vlan 3979 or any vlan id higher 3967, is it possible ?

(I think it's silly question) but if it's impossible, could you help share some brief explaination about risks ?

Thank you in advance !

RedNectar · ‎04-19-2023

On a scale of 1 (unimportant) to 100 (VERY IMPORTANT) - the IMPORTANCE of actual VLAN you use for the infra VLAN probably about a 5 - VERY CLOSE to UNIMPORTANT

The risk? Well, you really need to be doing some special things to make the INFRA VLAN ID important

You have to be using VMM Domains (now or anytime in the future. And who can tell the future?)
You have to be using Cisco's AVE (Application Virtual Engine - now or anytime in the future. And who can tell the future?)
The supported VLANs on your connected equipment may have restricted VLANs

So, since no-one can tell the future, Cisco recommends a VLAN of 3914 or less - but NOT VLANs 1002-1005. And they are absolutely correct in doing so.

WHAT? You THOUGHT it was VLAN 3967 or less? Sorry about that - you forgot to consider that Cisco can change the rules at any time. Once upon a time it WAS VLANs 3967 or less, but that changes when the UCS 6400 series Fabric Interconnects were released!

Let's deal with these:

If you are not using VMM Domains and are sure you never will be - go ahead and use 3979 if you want to
If you are not using Cisco's AVE and are sure you never will be - go ahead and use 3979 if you want to
OK. You should only get to this point if
1. You are, or think you might, use VMM Domains AND
2. You are, or think you might, use Cisco's AVE
  - So now you need to consider: Is the path to the Hypervisor using the AVE passing through switches Fabric Interconnects (or other vendors equipment) that don't allow certain VLANs - specifically for Cisco
    - Nexus 5000 switches reserve VLANs 3968 to 4029
    - In UCS environments, VLANs 4043 to 4047 and from 4094 to 4095 are reserved - in some versions VLAN 4093 as well
    - UCS 64xx and 65xx Fabric Interconnects reserve VLANs with IDs from 3915 to 4042.

So to put it statistically, your risk of having a future problem using VLAN 3979 as the infrastructure VLAN, based on the 3 use-cases above (my opinion only - happy to change my opinion if someone can come up with a better explanation)

Not using VMM Domains - approx 0.5% risk
Using VMM Domains, but NOT using AVE approx 0.6% risk
Using VMM Domains AND using AVE AND using your Hypervisors are connected to ACI via Cisco Fabric Interconnects (or Nexus 5000) - 100% risk

Note: If you don't know what AVE is, read this post and mark it as helpful !

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

MHM Cisco World · ‎04-19-2023

check below comment

ADC Lane · ‎04-19-2023

Hi @MHM Cisco World ,

Thanks for yours time to reply.

it mean I can use vlan ID (3968, 3979 ...) higher than ID 3967 for Infra VLAN ID in ACI ? no problem ?

MHM Cisco World · ‎04-19-2023

you mention ACI so check below link

Solved: Find all encap vlans configured & used - Cisco Community

N7K

N9K

RedNectar · ‎04-19-2023

Hi @ADC Lane ,

On a scale of 1 (unimportant) to 100 (VERY IMPORTANT) - the IMPORTANCE of actual VLAN you use for the infra VLAN probably about a 5 - VERY CLOSE to UNIMPORTANT

The risk? Well, you really need to be doing some special things to make the INFRA VLAN ID important

You have to be using VMM Domains (now or anytime in the future. And who can tell the future?)
You have to be using Cisco's AVE (Application Virtual Engine - now or anytime in the future. And who can tell the future?)
The supported VLANs on your connected equipment may have restricted VLANs

So, since no-one can tell the future, Cisco recommends a VLAN of 3914 or less - but NOT VLANs 1002-1005. And they are absolutely correct in doing so.

WHAT? You THOUGHT it was VLAN 3967 or less? Sorry about that - you forgot to consider that Cisco can change the rules at any time. Once upon a time it WAS VLANs 3967 or less, but that changes when the UCS 6400 series Fabric Interconnects were released!

Let's deal with these:

If you are not using VMM Domains and are sure you never will be - go ahead and use 3979 if you want to
If you are not using Cisco's AVE and are sure you never will be - go ahead and use 3979 if you want to
OK. You should only get to this point if
1. You are, or think you might, use VMM Domains AND
2. You are, or think you might, use Cisco's AVE
  - So now you need to consider: Is the path to the Hypervisor using the AVE passing through switches Fabric Interconnects (or other vendors equipment) that don't allow certain VLANs - specifically for Cisco
    - Nexus 5000 switches reserve VLANs 3968 to 4029
    - In UCS environments, VLANs 4043 to 4047 and from 4094 to 4095 are reserved - in some versions VLAN 4093 as well
    - UCS 64xx and 65xx Fabric Interconnects reserve VLANs with IDs from 3915 to 4042.

So to put it statistically, your risk of having a future problem using VLAN 3979 as the infrastructure VLAN, based on the 3 use-cases above (my opinion only - happy to change my opinion if someone can come up with a better explanation)

Not using VMM Domains - approx 0.5% risk
Using VMM Domains, but NOT using AVE approx 0.6% risk
Using VMM Domains AND using AVE AND using your Hypervisors are connected to ACI via Cisco Fabric Interconnects (or Nexus 5000) - 100% risk

Note: If you don't know what AVE is, read this post and mark it as helpful !

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

ADC Lane · ‎04-19-2023

Hi @RedNectar ,

Wonderful !!!!

Your explanation is excellence !

Thank you so so much for your time ! Hope best for you !