10-17-2019 07:22 PM - edited 10-17-2019 08:40 PM
Hi,
I have some queries regarding VMM Integration to aci.
My ACI topology is like 1 BD = 1 EPG = 1 VLAN type. All vlan gateways are on firewall, outside the ACI. Using dot1q , i am flowing traffic from endpoint to firewall Gateway. As Simple it is.
I am trying to create DVS on ACI for VMM Integration of VMWARE. For that i have created VLAN POOLs, Interface profile and mapped EPG to VMM domain.
1)Physical domain ---- VLAN POOL 1-1500( STATIC) ----- AEP-TEST
2) Vmm domain ----- VLAN POOL 2500-2700 (Dynamic) ---- AEP-TEST (same AEP used)
I have configured DVS, i am able to see VMware ESXI and other things on ACI. NOW, I have mapped EPG 3 (which is already part of physical domain / vlan pool) to VMM domain.
VMs IPs are belongs to VLAN 3 ( EPG 3), Whose gateway is on Firewall. My concern is as below:
1. When i mapped EPG 3 to VMM domain, it took dynamic vlan 2501. So, all the VMs , which has port group EPG3 automatically tagged 2501, Which is not available on my firewall. So, gateway is not reachable. Is there any point to use dynamic vlan in this case?
2. May i stretch EPG3 to vmm domain? means same EPG 3 to both physical and virtual domain using same AEP. Vlan pool different but vlan id 3 is common in both pool. I am not seeing any advantage if i am statically tagged everything inside the vmm. Please brief me.
There are multiple documents available on this, read some of them and now confused.
Please guide me on this and what's the advantage of integration?
Thanks in advance.
Solved! Go to Solution.
10-18-2019 07:41 AM
ACI will do vlan normalization, till the time your FW and VMs are learned under same BD, they should be able to talk to each other regardless of the vlan tag being used for each device is different, since L2 boundary in ACI is not Vlan, its BD which has both vlans under it (some exceptions like STP BPDU flooding is done in vlan)
10-18-2019 07:41 AM
ACI will do vlan normalization, till the time your FW and VMs are learned under same BD, they should be able to talk to each other regardless of the vlan tag being used for each device is different, since L2 boundary in ACI is not Vlan, its BD which has both vlans under it (some exceptions like STP BPDU flooding is done in vlan)
10-18-2019 10:02 AM - edited 10-18-2019 10:07 AM
THANKS. Testing DONE. I thought it will take time. But it is easy. Under BD, MUST use FLOOD IN BD, rest will do ACI.
10-18-2019 10:25 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: