10-06-2021 02:00 PM
Hi, Community.
We have a production Leafs -> FI -> UCS Chassis w/ VMM Integration and it's working well. Now we have a user case that a blade server in the same UCS Chassis (aka Uplink to FI then Leafs) needs to join the existing EPG, how can I achieve this? Where can I assign the static VLAN? at this moment, we just assign it the same VLAN id as the VMM dynamic VLAN but I do not think that's an elegant approach.
We do have some EPGs with both VM w/ dynamic VLAN and bare metal w/ static leaf ports w/ static VLAN but those bare metal servers are not on the same Leafs connecting to FI.
Leo
Solved! Go to Solution.
10-07-2021 08:13 AM
You're pretty much set - you have an AEP (AAEP-VMM) with all the corresponding Domains/VLAN pools already.
All you have left to do is:
1) Add the Physical Domain (likely 'DOM-Baremetal') to your EPG
2) Add 2 static path bindings to the EPG. This should use the corresponding VLAN ID from your BareMetal VLAN pool, and point to the two VPC Policy Groups that connects to UCS-FI-A & UCS-FI-B.
Would look something like this:
The only thing beyond this is you would need to configure the UCS side of things and plumb that VLAN (in my example vlan-100) down to the baremetal host's interface.
Robert
PS - Not sure what the "DOM-VMM" physical domain is used for. At most you only likely need a VMM domain, and a Physical Domain.
10-06-2021 03:01 PM
For your question, I'm assuming you have a "baremetal" server (non-VMM) endpoint that you want to be able to communicate with VMM integrated endpoints (in the same EPG). It's the same approach as any EPG with baremetal & VMM integrated connections, but you have options depending what you want to happen from an L2 perspective.
Option 1: Using the same VLAN ID used by the VMM binding/port group for your static binding.
This would allow L2 reachability between VMM & non-VMM endpoints within the same FI. For FI-A > FI-B paths, it would still traverse the1 upstream leaf. This gives the benefit of keeping some of the traffic local to the FIs where possible, but it also limits ACI's visibility to the communication. This also would also complicate micro segmentation if you wanted to leverage this feature. This also gets messy if you ever delete the VMM domain binding from the EPG, and ever wish to re-add it back, which could allocate a different dynamic VLAN ID. This is not my recommended approach.
Option 2: Keep your dynamic VLAN ID Pool used for VMM, and create (if one doesn't yet exist) a static VLAN pool for using for this EPG & non-VMM integrated endpoints. You'd treat these endpoints as you would any static path. Along with the respective VLAN pool (static), you'll also need a Physical Domain, and link them to the same AEP associated to the UCS Interface Profiles/Policy Groups. The end result is that UCS will use two different VLAN IDs to carry traffic to/from this EPG - one for VMM endpoints, and one for non-VMM integrated endpoints. This option gives you the most flexibility and visibility. (Preferred option).
Robert
10-07-2021 07:07 AM
Thanks Robert.
Option 1 is what we are using now, and I prefer to use Option 2 as it is the config we are using for VMM + Non-Blade Bare metal mixed EPG environment which ACI has 2 VLANs for such given EPG, 1 is static assigned as static leaf port and 1 is dynamic assigned as VMM.
Our Leafs are VPC to FIs and the associated AAEP does include both dynamic VLAN pools and static VLAN pools (for P vlans), I know in concept ACI will have 2 VLANs for this EPG, 1 dynamic VLAN has been provisioned via VMM, I just do not know how can I static assign a VLAN to this EPG which has:
Can you please elaborate this part "... you'll also need a Physical Domain (I have already), and link them to the same AEP associated (I have already) to the UCS Interface Profiles/Policy Groups (not sure this part). ..."
Leo
10-07-2021 08:13 AM
You're pretty much set - you have an AEP (AAEP-VMM) with all the corresponding Domains/VLAN pools already.
All you have left to do is:
1) Add the Physical Domain (likely 'DOM-Baremetal') to your EPG
2) Add 2 static path bindings to the EPG. This should use the corresponding VLAN ID from your BareMetal VLAN pool, and point to the two VPC Policy Groups that connects to UCS-FI-A & UCS-FI-B.
Would look something like this:
The only thing beyond this is you would need to configure the UCS side of things and plumb that VLAN (in my example vlan-100) down to the baremetal host's interface.
Robert
PS - Not sure what the "DOM-VMM" physical domain is used for. At most you only likely need a VMM domain, and a Physical Domain.
10-07-2021 11:10 AM
Done, thanks Robert. Much appreciated as always!
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide