03-10-2021 05:28 AM
Hi All
I saw a few posts on VLAN overlap.. My scenario is a little different.
I have VLAN 10 - 10.10.10.0/24 in DC1, and the same VLAN 10 - 20.20.20.0/24 (different IP Range), and extended over multipod.
To begin with the SVI's still stay in Nexus, but the local EPGs doesnt work. I was reading about Per port EPG's . Is that the only option in this case?
Also, when the SVI's flip over to ACI, can we just do a secondary IP address on the BD, and use both VLANs with the same EPG ID?
Regards
Solved! Go to Solution.
03-10-2021 07:07 AM
EPGs are not restricted to any IP subnets. You can have multiple subnets using the same EPG. Where the Per Port VLAN comes into play is when you're trying deploy multiple EPGs with the same VLAN encapsulation on the same switch. If that's not your case, then it shouldn't apply. What you should note is that your BD becomes your flooding domain, so expect that traffic from both subnets would be flooding into VLAN 10 on from both pods.
Is your end goal to allow Endpoints from both subnets to be treated the same (communicate freely etc)? This approach of mapping both subnets into the same EPG is going to allow this. Another option you might want to consider is uSeg (Microsegmentation) and matching on the IP subnet, where you could separate the Endpoints (in ACI) based on their incoming subnets. The end result would be something like this:
10.10.10.0_EPG
20.20.20.0_EPG
This would then also allow you to restrict external flooding to just the respective EPGs (Flood in Encap).
Robert
03-10-2021 06:29 AM
can we just do a secondary IP address on the BD, and use both VLANs with the same EPG ID?
i was thinking the same way to have secondary IP for the VLAN other subnet.
03-10-2021 07:07 AM
EPGs are not restricted to any IP subnets. You can have multiple subnets using the same EPG. Where the Per Port VLAN comes into play is when you're trying deploy multiple EPGs with the same VLAN encapsulation on the same switch. If that's not your case, then it shouldn't apply. What you should note is that your BD becomes your flooding domain, so expect that traffic from both subnets would be flooding into VLAN 10 on from both pods.
Is your end goal to allow Endpoints from both subnets to be treated the same (communicate freely etc)? This approach of mapping both subnets into the same EPG is going to allow this. Another option you might want to consider is uSeg (Microsegmentation) and matching on the IP subnet, where you could separate the Endpoints (in ACI) based on their incoming subnets. The end result would be something like this:
10.10.10.0_EPG
20.20.20.0_EPG
This would then also allow you to restrict external flooding to just the respective EPGs (Flood in Encap).
Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide