Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1253
Views
0
Helpful
1
Replies

VMM vDS vCenter and LLDP dependencies

Johannes Luther
Level 4
Level 4

‎03-11-2024 04:50 AM

Hi board,

so I'm reviewing the ESXi host discovery process in ACI VMM integration.

When using the VMM domain resolution immediacy option "immediate", I was under the impression that LLDP (or CDP packets) from the ESXi host are enough, that the EPG is deployed on the specific port.

However when checking the documentation in a Cisco Live session (BRKACI-2645), the process involves the vCenter connection as well (slide 26+). So the LLDP adjacency to ACI is reported from the ESXi host to vCenter and vCenter (somehow?!) informs the APIC about this adjacency.

So I tested some scenarios here by blocking the vCenter to APIC connection and when using the immediate domain resolution, the EPGs are deployed on the leaf switches. To enforce the new policy push towards the leaf ports. I changed the AEP association and even rebooted the leaf switches.

I even disabled LLDP on the leaf access ports and everything still worked like a charm!

The only way I was able to break things (EPG was not deployed towards ESXi):

  • Disabled LLDP in the vDS itself (in vCenter)
  • EPG VMM domain resolution immediacy option "On Demand" (which is expected from my point of view if vCenter is not available)

So what's the truth here?

Also I am interested how vCenter informs the APIC about "events". It would not be fast enough if APIC polls in regular intervals (in fact, ACI does this every 24 hours only).

Is there some kind of subscription of events between ACI and vCenter? Is this some webhooking or SOAP magic? If yes, how to find these subscriptions in vCenter?

Labels:
0 Helpful
1 Reply 1

AshSe
VIP
VIP

‎12-04-2024 03:08 AM

Hey @Johannes Luther , Let's break your doubts into pieces and address them one by one. Here you go:

 

So I tested some scenarios here by blocking the vCenter to APIC connection and when using the immediate domain resolution, the EPGs are deployed on the leaf switches. To enforce the new policy push towards the leaf ports. I changed the AEP association and even rebooted the leaf switches.

I even disabled LLDP on the leaf access ports and everything still worked like a charm!

1. Blocking vCenter to APIC Connection:

  • If you block the connection between vCenter and APIC, the immediate resolution should still work initially because the APIC might have cached information about the ESXi host's connection.
  • However, any changes in the network topology or new ESXi hosts might not be detected correctly without the vCenter-APIC communication.
I even disabled LLDP on the leaf access ports and everything still worked like a charm!

2. Disabling LLDP on Leaf Access Ports:

  1. Disabling LLDP on the leaf access ports should ideally prevent the APIC from learning about the ESXi host's connection. However, if the information is already cached or if there are other mechanisms in place, the EPG might still be deployed.
The only way I was able to break things (EPG was not deployed towards ESXi):
  • Disabled LLDP in the vDS itself (in vCenter)
  • EPG VMM domain resolution immediacy option "On Demand" (which is expected from my point of view if vCenter is not available)

3. Disabling LLDP in vDS (vSphere Distributed Switch):

  • Disabling LLDP in the vDS would prevent the ESXi host from sending LLDP packets, which would break the discovery process, as observed.
Also I am interested how vCenter informs the APIC about "events". It would not be fast enough if APIC polls in regular intervals (in fact, ACI does this every 24 hours only).

4. Event Subscription and Notification:

  • The communication between vCenter and APIC is not based on polling. Instead, it uses a more efficient event-driven mechanism.
  • vCenter uses the VMware vSphere API to send notifications to the APIC about changes in the network topology, such as new ESXi hosts, VM migrations, etc.
  • This is typically done using a combination of SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) APIs.
Is there some kind of subscription of events between ACI and vCenter? Is this some webhooking or SOAP magic? If yes, how to find these subscriptions in vCenter?

5. Subscriptions and Webhooks:

  • The APIC subscribes to events from the vCenter. This subscription mechanism ensures that the APIC is notified in real-time about relevant changes.
  • You can find these subscriptions in the vCenter by looking at the registered extensions or plugins. The Cisco ACI plugin for vCenter would be responsible for this communication.

Conclusion

The integration between Cisco ACI and VMware vCenter relies on a combination of LLDP/CDP for initial host discovery and an event-driven communication mechanism between vCenter and APIC for real-time updates. The vCenter informs the APIC about network events using APIs, ensuring timely updates without relying on polling.

 

HTH

AshSe

Forum Tips: 

1. Paste images inline - don't attach.

2. Always mark helpful and correct answers, it helps others find what they need.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License