Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
1
Helpful
3
Replies

What would be the use cases for using more than two VLAN Pools?

SIMMN
Spotlight
Spotlight

‎08-01-2025 05:25 AM - edited ‎08-01-2025 05:42 AM

Just as title suggests, I am trying to come up with use cases that requires more than two VLAN pools for a single Tenant ACI fabric (single site, multipod or multisite)...

I typically have one synamic VLAN pool with static entries defined for physical domains and VMMs. I would also have another VLAN pool as static for L3Out domains. What would be the requirements to drive for creating additional VLAN pools?

Quote from ACI Design Guide: "It is common practice to have a 1:1 mapping between a VLAN pool and a domain."...I guess I just do not yet understand the benefits of doing so...

Thanks in advance! 

0 Helpful
3 Replies 3

RedNectar
VIP Alumni
VIP Alumni

‎08-01-2025 06:12 PM

Hi @SIMMN ,

You know, with a single tenant, you could probably get away with one dynamic VLAN pool with added static ranges for L3Outs and directly mapped attachments.  In fact, with the latest versions of ACI, you can assign VLANs in dynamic ranges to static use without ACI getting upset.

So to answer your question:

What would be the use cases for using more than two VLAN Pools for a single Tenant ACI fabric (single site, multipod or multisite)...?

You'll have to dig deeper into when you need more than one VLAN pool, be it for one or more than one tenant.

And probably the best way to do that is to explore the problems that can occur if more than one VLAN pool is used with the same VLAN ID and the Overlapping VLAN Pool Problem comes up. Now this is a pretty deep topic, and I suggest you read this post from the Understanding EPG vnid in ACI fabric heading onwards to learn how VNIDs are assigned but it essentially comes down to the broadcast domain used to relay STP BPDUs

In a nutshell, if you have two ACI leaf interfaces in the same STP domain, and each interface carries traffic for (say) VLAN 99, but one interface is linked back to VLAN_Pool1 and the other interface is linked back to VLAN_Pool2, then you can have a horrible problem, even if VLAN 99 is in both VLAN pools, because the STP BPDUs for one interface will not be relayed out the other.

Maybe a better way of saying the same thing can be found in this document:

  • Make sure VLAN pools do not have overlapping vlans. The reason is that ACI floods STP Bridge Protocol Data Units (BPDUs) to the VXLAN network identifier (VNID) assigned to the FD VLAN. VNID is assigned through the VLAN pool so encapsulation has to be part of same VLAN pool to be in part of same STP domain. Otherwise STP BPDU can be dropped by ACI. [https://aci-troubleshooting-lab.readthedocs.io/en/latest/epg.html] 

But I digress. Hopefully by now you are reasonably satisfied that it is usually not good to have multiple VLAN Pools, especially if the same VLAN Id appears in both.

But, if you've followed the logic that links STP Domains to VLAN Pools, you'll realise that if you have a leaf that has connections to multiple independent STP domains (say multiple customers maybe) then you would be best to use a different VLAN Pool for each case. And IF you had somehow linked all of these STP domains back to a single tenant, then there you have a use case for using more than two VLAN Pools for a single Tenant- but I'd be questioning your design and tell you that you are crazy for having multiple customer connections coming back to a single tenant.

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

SIMMN
Spotlight
Spotlight
In response to RedNectar

‎08-02-2025 06:10 AM

First of all, appreciate your effort on the information!!! In a nutshell, within the context of this post, there is not much use case or situation to use multiple VLAN pools risking to have overlapping IDs.

I still prefer a dedicated static VLAN pool for L3Out despite I am allowed to use a dynamic pool for L3Out domain now. Old habit I guess but this way I could have a clear understanding which VLANs are being reserved/used for transit purposes.

 

0 Helpful

RedNectar
VIP Alumni
VIP Alumni
In response to SIMMN

‎08-02-2025 02:45 PM

Hi @SIMMN ,

In a nutshell, within the context of this post, there is not much use case or situation to use multiple VLAN pools risking to have overlapping IDs.

Great nutshell

I still prefer a dedicated static VLAN pool for L3Out despite I am allowed to use a dynamic pool for L3Out domain now. Old habit I guess but this way I could have a clear understanding which VLANs are being reserved/used for transit purposes.

Me too. I kind of like the idea of a VLAN Pool for static mappings to EPGs, an other for VMM integration and another for L3. But that is purely an administrative preference. 

One thing to consider though is if any interfaces are shared between tenants. (OK - I've now left the parameters of your single tenant of your question). If this happens, say because they share a connection to a shared router/firewall, then it's worth considering creating a VLAN Pool + L3 Domain + AAEP for that shared connection.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License