09-14-2021 10:54 PM - edited 09-14-2021 10:57 PM
Hello there,
We have a running ACI environment which was migrated from legacy network using Network Centric approach ( VLAN = BD = EPG). Various AEPs and Physical Domains were created as shown below:
AEP1 > PhysicalDomain1 > VLANPool1 > VLAN 1-5
AEP2 > PhysicalDomain2 > VLANPool2 > VLAN 1-10
AEP3 > PhysicalDomain3 > VLANPool3 > VLAN 1-15
EPG1 > PhysicalDomain1, PhysicalDomain2, PhysicalDomain3 > EncapVLAN1
EPG2 > PhysicalDomain1, PhysicalDomain2, PhysicalDomain3 > EncapVLAN2
EPG3 > PhysicalDomain1, PhysicalDomain2, PhysicalDomain3 > EncapVLAN3
All have been working well for couple of years (including LACP enabled workloads using VPC between the pairs of Leaves). However, when we tried to connect a new LACP enabled server recently, we faced endpoint learning issues. On digging in, we found that it was happening because VLAN overlapping. The VPC pairs used different fabric_encap for the same external VLAN ID. Removing duplicate Physical Domain from the EPG resolved the issue straightaway.
Now our concern is the rest of working workloads. All EPGs have multiple Physical Domains, having unique AEPs but each AEP has overlapping VLANs. If the leaf gets rebooted, it may take a different fabric_encap and that might cause endpoint learning issues between the VPC pairs.
Could you suggest a best possible solution to remove the overlapping VLANs? Is it wise to have a Single Physical Domain contains a single AEP that has VLAN1-2000 and that is applied to all ports in Access Policy and attach to all EPGs? Wouldn't it increase unwanted traffic in the fabric?
Please suggest. Thanks in advance!
09-15-2021 09:57 AM
in general, if you do not have a specific requirement to have more than one AEP /physical Domain/VLAN pool consolidate everything into a single object.
09-15-2021 11:10 AM
So, single Physical Domain/AEP/VLAN Pool would be OK for 14 leaves? Wouldn't it increase broadcast traffic in the fabric, especially when Flooding is enabled on EPG/BD level due to legacy switch connectivity?
09-15-2021 11:16 AM
Physical Domain/AEP/VLAN Pool are fabric policies and have nothing to do with number of leafs of traffic shaping.
09-15-2021 11:32 AM
I meant to ask if it is safe for up to 14 leaves.
You will need to have dedicated AEP etc. for IPN or ISN but the rest could use a single set of objects.
Could you please elaborate about IPN and ISN
09-15-2021 11:42 AM
again , number of leafs is not relevant and has nothing to do with number of AAEPs / domains/ pools.
IPN inter-pod and ISN inter-site network for multi-pod / multi-site
09-15-2021 11:46 AM
Please read post by Chris Welsh :
09-15-2021 11:51 AM
One more, I would recommend NOT to have range of the VLANs in the pool (like 5-3000) but add VLANs individually , later if you may need to remove VLAN from the pool, you will be able to.
Postman JSON and Excel will let you add any number of VLANs very easy.
09-15-2021 12:11 PM
Right, individual VLANs would be wise for future modifications.
Can you share any template of JSON or Excel? I think creating a Physical Domain/AEP/VLAN Pool would be easy to add as it is a one time job, but assigning the DN to Access Polices on all interface (approx. 500 ports) will be a challenge.
Do you have any suggestion to quickly change the DN on existing Interface Access Policies safely?
09-15-2021 12:27 PM
I don't have script ready to share , but is very easy top create one. If you are working with APIC you need to master JSON /postman anyways.
Got to fabric > Access policy > pools > vlan select your pool , on the right side right click on any vlan (ex 10) and "save as"
Now if you replace "10" with {{VLAN}} variable you have a script you can run in postman runner with CSV file that lists all your VLANs.
Another useful tool in APIC config (gear in top right corner) all API inspector.
There are a lot of docs how to use postman in the web.
09-28-2021 09:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide