Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
25
Helpful
3
Replies

Vlan Pool assignment to the VMM domain - Explanation

Go to solution
Beacon Bits
Level 1
Level 1

‎01-15-2023 04:00 PM

Hi Everyone,

I'm finding little difficulty in understanding the Vlan Pool assignment to the VMM domain.

What sort of vlans are these and how are they being used?

I read that the DVS (vmware) communicate with ACI(APIC) using this vlan pool.

Is there any document that how these vlans are being picked and what communication flow is? This whole area in ACI is little dark.. I cannot find anything yet. Everywhere I looked, not a single explanation explains in detail.

Cisco's own documentation does not explain well.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/virtualization/Cisco-ACI-Virtualization-Guide-42x/Cisco-ACI-Virtualization-Guide-421_chapter_010.html

Nothing in this document is satisfying.

Please can anyone guide me to the right direction....

Regards,

B

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
RedNectar
VIP
VIP

‎01-15-2023 05:10 PM

Hi @Beacon Bits ,

Let me address your comments:

I'm finding little difficulty in understanding the Vlan Pool assignment to the VMM domain.

What sort of vlans are these and how are they being used?

These VLANs are simply VLANs - nothing special about them

I read that the DVS (vmware) communicate with ACI(APIC) using this vlan pool.

THAT IS NOT CORRECT. I'll add more below.

Is there any document that how these vlans are being picked and what communication flow is? This whole area in ACI is little dark.. I cannot find anything yet. Everywhere I looked, not a single explanation explains in detail.

Here's some background reading from other answers I've given might help: This and this and even this one from a few minutes ago, and finally (at the risk of breaking the rules) because I con't find anything better, this post from my blog may help.

Now, the crux of the question

How the APIC and VMware play together in ACI

In ACI there is a concept of a Virtual Machine Management (VMM) Domain, which for VMware users pretty much equates to a VMware vSphere Distributed Switch (VDS)

When you create a VMM in ACI, the APIC will communicate with vCenter and ask vCenter to create VMware vSphere Distributed Switch. The VDS will be given exactly the same name as the VMM Domain and be placed in a folder in vCenter, again with the exact same name as the VMM Domain.

[Tip: if you want to integrate an existing VDS, create a folder for it in vCenter, give it exactly the same name as the VDS, then create a VMM Domain in ACI with the exact same name]

You need to realise that this VDS now exists in both vCenter and the APIC, but at this stage not on any ACI switches or any ESXi hosts, and no VLANs have been consumed or allocated.

However, before creating the VMM in ACI, you will have need to have allocated a VLAN Pool to the VMM Domain.  Like I said, at this stage none of these VLANs have been allocated.

Next one of two things happen. The order doesn't matter, but both have to happen

  1. ESXi hosts are given access to the VDS by assigning an uplink to the VDS on a particular ESXi host
  2. The VMM Domain is assigned an EPG in ACI.

When and EPG is associated with a VMM Domain, a portgroup is created on the DVS and allocated one of the VLANs from the VLAN Pool. This VLAN can be one chosen at random by the APIC, or the user can specify a specific VLAN from the pool (with some caveats - you'll need a static range of VLANs in the pool, although that restriction may have gone now).

So now you have an ESXi host with an uplink and a VDS with a portgroup that corresponds to the EPG. It will be named TenantName|ApplicationProfileName|EPGName - which can end up being a pretty long name. However, you can edit this during the EPG assignment to the VMM Domain.

But you are not done yet.  Your EPG is pretty useless without EndPoints. So the final piece of this jigsaw is to now deploy some VMs to the ESXi host, and allocate the virtual NIC of the VM to the portgroup that corresponds to the EPG.

There you have it. APIC and vCenter playing nicely.  The APIC checks every so often to see if there are any changes in vCenter, and if so you should see this information in the APIC GUI - which BTW can vive you a much more pleasing view of your host and VDS configuration than vCenter.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

Go to solution
Beacon Bits
Level 1
Level 1

‎01-19-2023 06:07 AM - edited ‎01-19-2023 09:18 AM

Hi RedNectar,

Thanks for you reply.

The question is still there that why Vlan pool is being attached when VMM domain is being created.

What you answered is also correct that this is mandatory to have a vlan pool dynamically or statically and all the steps you mentioned.

I did some discovery and found that:

APIC assigns each EPG an internal vlan-id that is random and only significant to each leaf. 

BeaconBits_4-1674137078822.png

 

Portgroup in the vmware also has an vlan-id.

BeaconBits_3-1674137046161.png

EPG in APIC and Portgroup in vmware communicates in the same encapsulated Vlan-id. This vlan has to be same. (see image)

Note: If we choose static vlan allocation in APIC VMM domain then the portgroup we want to communicate also must have the same vlan-id we need to create.

Therefore, to make this communication automatic "A dynamic vlan pool is preferred. Let say APIC will assign the vlan-id 710 to the EPG and when it creates the portgroup in vmware it will also assign the same vlan-id 710 to it. So its automatic."

Regards,

B

 

View solution in original post

3 Replies 3

Go to solution
RedNectar
VIP
VIP

‎01-15-2023 05:10 PM

Hi @Beacon Bits ,

Let me address your comments:

I'm finding little difficulty in understanding the Vlan Pool assignment to the VMM domain.

What sort of vlans are these and how are they being used?

These VLANs are simply VLANs - nothing special about them

I read that the DVS (vmware) communicate with ACI(APIC) using this vlan pool.

THAT IS NOT CORRECT. I'll add more below.

Is there any document that how these vlans are being picked and what communication flow is? This whole area in ACI is little dark.. I cannot find anything yet. Everywhere I looked, not a single explanation explains in detail.

Here's some background reading from other answers I've given might help: This and this and even this one from a few minutes ago, and finally (at the risk of breaking the rules) because I con't find anything better, this post from my blog may help.

Now, the crux of the question

How the APIC and VMware play together in ACI

In ACI there is a concept of a Virtual Machine Management (VMM) Domain, which for VMware users pretty much equates to a VMware vSphere Distributed Switch (VDS)

When you create a VMM in ACI, the APIC will communicate with vCenter and ask vCenter to create VMware vSphere Distributed Switch. The VDS will be given exactly the same name as the VMM Domain and be placed in a folder in vCenter, again with the exact same name as the VMM Domain.

[Tip: if you want to integrate an existing VDS, create a folder for it in vCenter, give it exactly the same name as the VDS, then create a VMM Domain in ACI with the exact same name]

You need to realise that this VDS now exists in both vCenter and the APIC, but at this stage not on any ACI switches or any ESXi hosts, and no VLANs have been consumed or allocated.

However, before creating the VMM in ACI, you will have need to have allocated a VLAN Pool to the VMM Domain.  Like I said, at this stage none of these VLANs have been allocated.

Next one of two things happen. The order doesn't matter, but both have to happen

  1. ESXi hosts are given access to the VDS by assigning an uplink to the VDS on a particular ESXi host
  2. The VMM Domain is assigned an EPG in ACI.

When and EPG is associated with a VMM Domain, a portgroup is created on the DVS and allocated one of the VLANs from the VLAN Pool. This VLAN can be one chosen at random by the APIC, or the user can specify a specific VLAN from the pool (with some caveats - you'll need a static range of VLANs in the pool, although that restriction may have gone now).

So now you have an ESXi host with an uplink and a VDS with a portgroup that corresponds to the EPG. It will be named TenantName|ApplicationProfileName|EPGName - which can end up being a pretty long name. However, you can edit this during the EPG assignment to the VMM Domain.

But you are not done yet.  Your EPG is pretty useless without EndPoints. So the final piece of this jigsaw is to now deploy some VMs to the ESXi host, and allocate the virtual NIC of the VM to the portgroup that corresponds to the EPG.

There you have it. APIC and vCenter playing nicely.  The APIC checks every so often to see if there are any changes in vCenter, and if so you should see this information in the APIC GUI - which BTW can vive you a much more pleasing view of your host and VDS configuration than vCenter.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Beacon Bits
Level 1
Level 1

‎01-19-2023 06:07 AM - edited ‎01-19-2023 09:18 AM

Hi RedNectar,

Thanks for you reply.

The question is still there that why Vlan pool is being attached when VMM domain is being created.

What you answered is also correct that this is mandatory to have a vlan pool dynamically or statically and all the steps you mentioned.

I did some discovery and found that:

APIC assigns each EPG an internal vlan-id that is random and only significant to each leaf. 

BeaconBits_4-1674137078822.png

 

Portgroup in the vmware also has an vlan-id.

BeaconBits_3-1674137046161.png

EPG in APIC and Portgroup in vmware communicates in the same encapsulated Vlan-id. This vlan has to be same. (see image)

Note: If we choose static vlan allocation in APIC VMM domain then the portgroup we want to communicate also must have the same vlan-id we need to create.

Therefore, to make this communication automatic "A dynamic vlan pool is preferred. Let say APIC will assign the vlan-id 710 to the EPG and when it creates the portgroup in vmware it will also assign the same vlan-id 710 to it. So its automatic."

Regards,

B

 

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Beacon Bits

‎01-19-2023 11:16 AM

@Beacon Bits wrote:

Note: If we choose static vlan allocation in APIC VMM domain then the portgroup we want to communicate also must have the same vlan-id we need to create.

[...]

"A dynamic vlan pool is preferred. Let say APIC will assign the vlan-id 710 to the EPG and when it creates the portgroup in vmware it will also assign the same vlan-id 710 to it. So its automatic."

To avoid any confusion, in both situation when VMM domain is assigned to an EPG with static or dynamic vlan, the selected vlan will be automatically configured on the port-group.

The "static" allocation allows you to select which vlan to be used for that EPG, while "dynamic" makes the APIC to randomly pick one from the dynamic vlan pool range.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License