Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1683
Views
0
Helpful
2
Replies

Multiple APs, Multiple VRFs vs Multiple Tenants?

m1xed0s
Spotlight
Spotlight

‎01-12-2021 08:37 AM

I have some particular use cases that I am thinking either to implement as Multi-AP, Multi-Tenant or Multi-VRF. But I can not decide and would appreciate some input from your guys. 

 

I am building a greenfield DC with ACI. There would be UCS chassis/blades (ESXi) via FIs linked to the ACI fabric as vPCs. No VMM though. The vPCs would trunk/tag VLANs for the vSphere ESXi clusters. Also assuming this ACI fabric uses vzAny between EPGs.

 

I need to divide the applications/services to be hosted in this DC into various groups:

  • Live application/services, VLAN 10-20
  • Replicated application (cold standby for DR purpose), VLAN 21-30
  • Hot Failover application, VLAN 31-40

Assuming all these applications share the same UCS/VMware environment in the DC, which means all the VLANs above would be trunked over the same vPCs from ACI down stream. 

 

Also I need to plan down the road to built another DC to connect to this one as Multi-Site. So VLAN 21-30 above can be stretched between...

 

With all these been said, I want to "isolate" these application groups within the ACI...So I thought I should match the above groups into unique AP OR VRF OR even Tenant to accomplish levels of logical isolation...But which one makes most sense from operation perspective?

 

Thanks!

Labels:
0 Helpful
2 Replies 2

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-12-2021 11:47 PM

Hi @m1xed0s 

I would say it depends.

First thing, "Also assuming this ACI fabric uses vzAny between EPGs" -> do you mean that you have a vzAny-to-vzAny communication (which basically means VRF unenforced)? In this situation, the only valid separation would be AP separation.

For the inter-vrf/inter-tenant vzAny-to-vzAny, as far as I remember it was not supported. Not sure in the latest versions. However, even if it would be supported, there is no reason to complicate the config/design. When I am doing designs for my customers, I always think about troubleshooting - if it would be a hassle for someone who is new with the environment (for example TAC) to figure it out what and how the communication happens and then troubleshoot when the full network/services are down, then I am changing and simplifying the design.

 

AP separation is the way to go for you!

 

Stay safe,

Sergiu

 

0 Helpful

m1xed0s
Spotlight
Spotlight
In response to Sergiu.Daniluk

‎01-13-2021 05:03 AM

Thanks!

Regarding the vzAny, yes I do mean "vzAny-to-vzAny communication" which has the same effect as VRF unenforced but operation wise it would be different.

 

I have been using different APs in other customer PROD DC, such as server_AP vs MGMT_AP under the same Tenant and VRF. Will explore more on the similar setup for this new DC then.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License