cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
714
Views
0
Helpful
1
Replies

PSA: Beware of this side effect using UCS Central's ID Range Access Control Policy

rui.leong
Level 1
Level 1

First and foremost, I understand that what I'm about to describe is not a bug, but normal behavior.
However, it caught one of our customers off guard when attempting to follow the UCS Central Operations and Best Practice Guide.
I just think the issue is interesting enough to warrant a post.

 

If you read about the ID Range Access Control Policy feature from the UCSC best practice guide, you'll see that this is an extemely useful feature that helps to minimize the number of pools (and therefore Service Profile Templates) needed in an environment.
Although the guide only uses IP blocks as an example, the ID Range Access Control Policy can also be used in the other follow pools:

  • IP
  • UUID
  • MAC
  • WWNN/WWPN

Here is a brief explanation of what the ID Range Access Control Policy feature does:
Say you have 2 UCS Domains, SitePri and SiteDR.
In UCS Central, you put them in two Domain Groups - SitePri-DG and SiteDR-DG, respectively. (You do use Domain Groups, right?)

Now, say you want SPs (Service Profiles) deployed inside these two Domain Groups to use different IP ranges, UUID ranges, MAC ranges and WWXN ranges. For example, you want it like this:

Pool Type SitePri SPs to use: SiteDR SPs to use:
IP 192.168.0.0/24 172.16.0.0/24
UUID 00FF-000000000001 x500
00FF-100000000001 x500
MAC 00:25:B5:00:00:00 x500
00:25:B5:10:00:00 to x500
WWNN 20:00:00:25:B5:00:00:00 x500
20:00:00:25:B5:10:00:00 x500
WWPN 20:00:00:25:B5:00:00:00 x500
20:00:00:25:B5:10:00:00 x500

Now, without using the ID Range Access Control Policy feature, you'd have to create two sets of the pools, and then two SP-Templates. E.g., TemplatePri points to IP-Pool-Pri, UUID-Pool-Pri, MAC-Pool-Pri, WWNN-Pool-Pri, WWPN-Pool-Pri.
TemplateDR points to IP-Pool-D