we are thinking about implementing vmm-integration in our aci-fabric. We are using hundreds of VLANs already. For VMM integration most of the time design guides show dynamic vlan assignment. We would need a free unused vlan-range to reserve for these VMM integration which could be complicated (how many vlans do you need? we might have 20 or more esx hosts on the same leaf with vms in dozens of different vlans active?).
We could however also use static vlans and reuse the same vlan tags that we already have. The only difference I see is that you have to specify the vlan tag when binding the EPG to the vmm domain. Is there any other downside of using static vlans with vmm integration?
You can actually use the existing used vlans in a new dynamic vlan pool, but you must be super very careful. You need to make sure that the EPGs which will be deployed as PG to the new hosts do not already have domains associated with overlapping vlans.
Also, VLAN pools containing overlapping encap block definitions should not be associated to the same AAEP (and subsequently the same leaf nodes). This can cause issues with BPDU forwarding through the fabric if the domains associated to an EPG have overlapping VLAN block definitions.
When an EPG has more than one domain with overlapping VLAN pools, avoid adding more than one domain to the AEP that is used to deploy the EPG on the ports. This avoids the risk of traffic forwarding issues.
However, when an EPG has only one domain with overlapping VLAN pool, you can associate multiple domains with single AEP.
If you plan to use static vlan pool, and the vlan is used in a different EPG, here is a reference of supported/unsupported designs:
thanks for your answer!
I do not want to use overlapping vlans though. I know that this can get complicated and has scaling limitations to this is not an option at all.
Let me give an example:
We have 100 vlans. Those are trunked to esx servers today because we have vms in those vlans. We also trunk these vlans to physical servers and physical firewalls and loadbalancers.
So in ACI we would have static bindings for these connections. When using vmm integration we want to keep the same vlans and still use vmm integration by using static allocation (no duplicate vlans, just static bindings for physical and for vmm). Why would you NOT want to do this? What are the downsides or what are the benefits of using dynamic allocation?
Ah got it now. Sorry I misunderstood it.
Well, apart of the manual configuration of the vlan for each EPG/port-group, nothing concrete comes to my mind.
Is there any other downside of using static vlans with vmm integration?
Yes. You have to manually assign each VLAN to each EPG/Portgroup.
Now some people prefer this. But it does mean you probably have to keep records of what you have used for what. On the other hand, that may make troubleshooting easier anyway.
Other than that, there is no "downside" that I can see.
In fact, I'm really only writing this to back-up @msdaniluk's last answer.
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
static VLAN assignment can be a hassle. Especially when you need to create a more app-centric design where you don't want to have any VLAN encaps overlapped between EPGs.
Imagine that you have a server with existing encap of 105 mapped to network centric VLAN 105, and tomorrow you decided to create application centric EPGs so you can align your network construct with applications, you have to split up EPG-105 into something else. At this point, you need to decide what VLANs to use. By using dynamic VLAN assignment, you don't have to worry about it at all. On the other than, if you want to manually pick a VLAN, you'll go through a process to first validate that the VLAN is free, and then keep it tracked at all times.