cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
707
Views
0
Helpful
1
Replies

Multiple ESXI with VPC/PC

eric.loiseau
Level 1
Level 1

Hi all

I would like some advice about the best pratices to define a VPC with multiple ESXi, vlan and on 2 Datacenters  my architecture is


4 leafs (2 on each DCs) leaf 1,2 then 3 and 4
12 ESXi (6 on each DCs)

For each Esxi I have 4 10G splitted in 2 Port channel (PC1 and PC2) connected to 2 leafs within the same DC
I have to permit only 4 vlans to all of these PC (2 vlans for PC1 and 2 vlans for PC2)

now if I follow some example I have to create

24 "Leaf Policy groups" (12 Esxi with 2 VPC/PC)
12 Leaf Profiles for DC1 (leaf 1,2)
12 Leaf Profiles for DC2 (leaf 3,4)


in Application EPG I created 4 EPGs one for each vlan
4 Bridges domains

Now when I wanted to assign a vlan per VPC/PC I have to perform 72 static "bindind operation"  so not easy to do

So my question is more if I can simplify one option
    reduce the VPC policy group ? one policy per DC
    via cli or xml script ?
    others things I missed

FYI the policy should be the same for each ESXi

Regards

1 Reply 1

Jason Williams
Level 1
Level 1

Eric,

Based on your description, you might be treating the ESXi hosts as a physical domain with static paths.

Can you confirm how you plan to go this route?

or

Do you plan to integrate these ESXi hosts via VMM domain?

If you're going through with static bindings (physical domain), there is a new configuration option in 2.0 (and later) code.

After creating your access policies, go to the AEP under Fabric -> Access Policies -> Global Policies -> Attachable Access Entity Profile. Choose your AAEP look at the bottom of the right pane. You should see an 'Application EPG' box. From there you can deploy a VLAN on an EPG. APIC will review all interfaces associated to the AEP and program that EPG/VLAN onto all of those interfaces. Much quicker than creating individual static bindings. Be sure that you do not forget to go to the EPG domains tab (Tenant -> App Profile -> EPG -> Domains) and associate the appropriate physical domain just as you would with a static binding. Without doing this, you should expect VLANs failing to program and fault code F0467 to raise. Example of VLAN deployment via AAEP shown below. 

If you plan to do VMM, then the VLAN programming will be performed dynamically. No need to create any static bindings. One important note about VMM integration (specifically DVS) is the resolution immediacy configured in the Tenant -> EPG -> Domains tab. Three options are On-Demand, Immediate, and Pre-provision. The best practice is to choose pre-provision. The other two options rely on APIC <> VMM controller communication. If miscommunication happens, such as ESXi host failing to report CDP/LLDP to VMM controller, then VLANs will be removed from leaf interfaces thus potentially leading to an outage on that EPG. With pre-provision, APIC will program VLANs on leaf interfaces based strictly on configured access policies. No need to worry about communication with external VMM controller. Example of pre-provision configuration shown below. 


-Jason

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License