Re: Per Port VLAN

Thilo · ‎01-15-2018

Ok so here is the scenario:

Network Centric migration to ACI. VLAN=BD=EPG. VLANs 1-4000 in use for Baremetal, VMs and physical Firewalls today. Want to use vmm integration in ACI. So I need an additional dynamic VLAN pool with unique non used VLANs. I don't have any free VLANs so I use per port VLAN feature and reuse VLANs 1-4000 in a second VLAN pool.

Switchport 1 is Baremetal Server EPG100=VLAN100=BD100 via static binding. Switchport 2 is esx-server with vmm integration. It uses a dynamic VLAN Pool with VLANs also used for static baremetal servers. That's why I use per port vlan feature. Now the esx could host for example EPG200=BD200 but use VLAN 100 encap dynamically. No Problem, I use per port vlan and BD of the two EPGs is different (needs to be different for per port vlan feature).

Question:

What happens if this esx now also hosts EPG100=BD100 with encap-vlan (example) 300 and at the same time on switchport 1 EPG100=BD100 uses encap VLAN 100? Is this possible?

Regards

Thilo

gmonroy · ‎01-17-2018

Thilo,

When using Per Port VLAN, you must follow these guidelines:

EPGs must be associated with different bridge domains.
EPGs must be deployed on different ports.
Both the port and EPG must be associated with the same domain that is associated with a VLAN pool that contains the VLAN number.
Ports must be configured with portLocal VLAN scope.

If I am reading your example correctly you are referring to a scenario in which one EPG is using two different Encaps, one for the VMM domain and one from the static binding, but on the same physical port?

If so, a single EPG can only be deployed once onto a single port at any given moment. You can find this information form the Scalability Guide:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/3-x/verified_scalabilty/b_Verified_Scalability_3_0_1x_and_13_0_1x.html

Maximum amount of encaps per EPG per port

One (path or leaf binding)

I would assume that the second attempt at programming on the same int would fail, and a fault would be flagged to indicate that.

-Gabriel

Rick1776 · ‎01-17-2018

I agree, you run into issues within the same BD.

Thilo · ‎01-17-2018

Hey Gabriel,

thanks for the answer. I guess I did not express myself well. What I meant was:

One EPG is using two different Encaps, one for the VMM domain and one from the static binding, on two different physical ports of the same leaf. Possible?

Rick1776 · ‎01-18-2018

Yes it looks like you can pick different domains VM or bare metal to apply the static binding.

See the following documentation. (See Page 5)

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/200964-Configure-Access-Polices-Static-Binding.pdf

Thilo · ‎01-18-2018

I have a vmm domain with dynamic(!) vlan allocation and a physical domain with static(!) vlan allocation. Both domains are bound on the same leaf. VMM on Switchport 1 and physical on switchport 2. A Physical domain static binding on switchport 2 is made with epg 100=vlan100=bd100.

What happens if

a) switchport 1 dynamic vlan chooses encap-vlan 200 for epg100=bd100 (same epg as switchport 2 but different encap-vlan)

b) switchport 1 dynamic vlan chooses encap-vlan 100 for epg200=bd200 (different epg as switchport 2 but same encap-vlan)

Also what would another esx-server on switchport 3 in the same vmm domain do if it also has a vm in the same epg as the esx in switchport 1? Does it always choose the same vlan for the epg as the other esx or is it random and per switchport?