Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
770
Views
0
Helpful
3
Replies

Using inb-mgmnt with an shared L3ExtOut

petar.forai1
Level 1
Level 1

‎08-17-2016 07:03 AM - edited ‎03-01-2019 05:01 AM

Hi,

I do have all the infrastructure like NTP, DHCP, DNS and vCenter (for VMM integration) behind an shared L3ExtOut that is configured within the common tenant. So far we're using the L3ExtOut for connectivity from user tenants successfully, so everything is working nicely there. 

What is the best approach to enable connectivity from the mgmt tenant to the L3ExtOut from the common tenant? Is it enough to attach the L3ExtOut profile to the inb's VRFs L3 Out association or are there some extra steps involved? I would also want the APIC to reach the vCenter server for VMM integration via the same L3ExtOut. 

best,

P

Labels:
0 Helpful
3 Replies 3

Tomas de Leon
Cisco Employee
Cisco Employee

‎08-17-2016 07:17 AM

Petar,

I am a traditionalist and I try to separate management traffic separate from fabric traffic.  I use a separate L3out in the Tenant Management and the "int" VRF in tenant management.  This separates management traffic from the fabric data from the external networks.  If you share an L3Out in Common the L3Out is most likely in a common VRF.  Hence, now you have to Route leak between VRFs.  Do you really want to do this for management traffic?

If you want to proceed with the configuration that you mentioned above, you will not to make sure the contracts are configured between tenants and the route leaking is working as desired.

Cheers!


T.

0 Helpful

petar.forai1
Level 1
Level 1
In response to Tomas de Leon

‎08-17-2016 07:24 AM

So it basically works like it would do for any other subnet, right? I don't see any subnet being present with in the mgmt tenant. I can configure an IP policy, but do I need to create a matching subnet first? 

0 Helpful

Tomas de Leon
Cisco Employee
Cisco Employee
In response to petar.forai1

‎08-17-2016 07:58 AM

You create the INBAND infrastructure just like any other "Network" in the Fabric.

ie.

VRF -> inb
BD -> inb
Node MGMT EPG -> In-Band default

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/video/cisco_apic_configure_mgmt_access_using_gui.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License