cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2067
Views
5
Helpful
8
Replies
Highlighted
Beginner

ACI - l3 Out to Virtual F5

Originally posted to Application Networking Forum - Reposting Here:

 

--//--

 

Could someone give me a steer please.

 

I have a virtual F5 load balancer (VMM Domain is VMware). The VMM Domain is connected to my ACI and working for a number of VM's / Apps (excluding F5). 

 

Having installed the F5 VM and added OSPF to it, I wish to setup L3 to the ACI. 

 

If I'm building a L3 Out to the F5 LB's surely the ACI Interface would need to be a VLAN and trunked to the VMM Domain rather than configured as an Access port / Dot1p. is this correct. 

 

Hope that makes sense. 

 

Regards

 

Darren

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

"My original question and hope was that I could use L3 on the ACI to route OSPF with the virtual F5 on VLAN 500."

 

Yes you can use this vlan on the L3out as long as you don't have another EPG with VMM domain using this vlan.   In other words, If you already have a  (normal) EPG associated to the vmm domain and it assigned to vlan 500   you won't be able to use this vlan 500 on the l3out.

View solution in original post

8 REPLIES 8
Highlighted
Cisco Employee

Hi Darren,

 

As you know EPGs associated to a VMM domain get a vlan dynamically from the associated vlan Pool.   Also, under the L3out you CAN’T associate a vmm domain for the l3out EPG, instead you need to associate this with a routed domain.   Now having said, even if you define an EPG with the vmm domain for your F5 VM and grab the vlan assigned to configure the L3out the ACI will report that there is another EPG assigned to the same vlan encap.

 

What you can do instead, assuming you have ESXi host is to assign your F5 VM to vSwitch or a non ACI manage DVS.  This way the vlan used for this traffic will not be part of a VMM EPGs and you can configured your l3out. 

 

Note that this will require another uplink from the ESXi host.

 

hope this helps.

 

 

 

Highlighted

Thank you Manuel, this is great information.

 

My ACI setup needs some attention. The partner who helped me set it up didn't define dynamic VLAN's for the VMM Domain. We created a pool yes but it was statically defined so my server Admin and I have to coordinate the mappings. We hope to change this soon with our new Cisco partner.

 

Irregardless of whether it's static or dynamic I believe the issue still exists i.e. the VLAN assosciated to the L3 out will still in conflict with the one I would have to trunk to the VMM Domain. Is that correct.

 

I'll ask my server Admin if he has a spare uplink. It's a blade enclosure so I would have thought we were good on this.

 

Appreciate the help, thanks again.

Highlighted

What do you mean by:

 

"We created a pool yes but it was statically defined so my server Admin and I have to coordinate the mappings."

 

Does this mean ACI doesn't manage the dVS but instead this is managed my your server Admin?

 

Or does it means that the vlan pool is set to dynamic but the vlan blocks are set static?

 

"Irregardless of whether it's static or dynamic I believe the issue still exists i.e. the VLAN assosciated to the L3 out will still in conflict with the one I would have to trunk to the VMM Domain. Is that correct."

 

I  am not  sure if I understand your question:

You can define a vlan (static vlan) under the vmm vlan pool and share vlan pool with the routed domain, and use this new static vlan on the L3out domain only.

 

Highlighted

Yes, sorry for the confusion. The vlan pool is set to dynamic but the vlan blocks are set static.

 

Under Fabric/Access Policies/VLAN, the pool is defined as 'dyanmic allocation; but the VLAN's within it (100-300) have the Allocation Mode set to Static Allocation.

 

In additon I have a seperate VLAN defined in the same pool - VLAN 500. This was the VLAN to be used to connect to the Virtual F5 in the VMM Domain.

 

The Domain section at the bottom of the screen shows the VMM Domain.

 

The ACI does manage the DVS. When we create a new EPG for a host in the range of 100-300, I add the assosciation statically and my server colleague does likewise to his uplink.

 

The install didn't follow the Cisco recommend method of using  dyamic VLAN's.

 

My original question and hope was that I could use L3 on the ACI to route OSPF with the virtual F5 on VLAN 500.

 

Regards

 

Darren

 

Highlighted

"My original question and hope was that I could use L3 on the ACI to route OSPF with the virtual F5 on VLAN 500."

 

Yes you can use this vlan on the L3out as long as you don't have another EPG with VMM domain using this vlan.   In other words, If you already have a  (normal) EPG associated to the vmm domain and it assigned to vlan 500   you won't be able to use this vlan 500 on the l3out.

View solution in original post

Highlighted

Great. Thanks once again for the follow up, this is good news.

 

Regards

 

Darren

Highlighted
Cisco Employee

I have the same scenario, actually I am connecting a virtual CSR to the fabric,

It is clear now that I should use a different vlan, but I have no sense on how to configure the "path" of Interface profile.

Could you tell me how you set this?

Highlighted

De plus, j'ai un VLAN séparé défini dans le même pool - VLAN 500. C'était le VLAN à utiliser pour se connecter au Virtual F5 dans le domaine VMM.