Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1685
Views
10
Helpful
3
Replies

uSeg EPG Creation

Go to solution
a12288
Level 3
Level 3

‎09-28-2018 06:18 AM - edited ‎03-01-2019 05:39 AM

We have few application EPGs under a same BD domain, and like to create a uSeg EPG based on VM tag, like DEPT=HR for example.

 

I believe we need to check "Allow Micro Segmentation" in the "VMM Domain Association" part. The uSeg EPG is created and VMs can move into this new uSeg EPG should its VM TAG DEPT=HR condition meets. But we found out 2 Private VLANs are created at the "base" EPG / PortGroup, hence, the rest VMs cannot communicate with each other, just like enable Intro-EPG Isolation.

 

Is this behavior expected, or we did something wrong? Thanks.

 

Leo

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
micgarc2
Cisco Employee
Cisco Employee
In response to a12288

‎10-12-2018 06:17 AM

Performance no but scalability yes. Go by the scale guides:

 

https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html

 

As far as contract scalability should be the same between uSeg and normal EPGs.

 

 

View solution in original post

3 Replies 3

Go to solution
micgarc2
Cisco Employee
Cisco Employee

‎10-02-2018 07:44 PM

To set this up you have to "Allow Micro-Segmentation’ on the  base EPG to VMM Domain association. This puts the base EPG in PVLAN mode. Once you add an attribute to the uSeg EPG and it matches the VM is no longer learnt in base EPG and moves to micro EPG.
 

Traffic is now not allowed between a VM in a base EPG and VMs in the microseg EPG. This will require contract to allow the communication.

Go to solution
a12288
Level 3
Level 3
In response to micgarc2

‎10-12-2018 06:03 AM

Thanks for your further explanation, by putting the base EPG into PVLAN mode.

 

Then any communications between 2 VMs will be forwarded to upstream Leaf and handled by Leaf, will this cause any potential performance or scalability issues if the the number of PVLANs increase? Is there any rule of thumb in terms of micr-segmentation design? thanks.

 

Leo

0 Helpful

Go to solution
micgarc2
Cisco Employee
Cisco Employee
In response to a12288

‎10-12-2018 06:17 AM

Performance no but scalability yes. Go by the scale guides:

 

https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html

 

As far as contract scalability should be the same between uSeg and normal EPGs.

 

 

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License