Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2824
Views
5
Helpful
4
Replies

EPGs for VM Pushed Twice in VMWare Portgroup

Go to solution
Trinh Nguyen
Level 1
Level 1

‎09-12-2017 06:46 AM - edited ‎03-01-2019 05:20 AM

EPG.png

Per VM team request, I created three EPGs for their VM Networking: Vmotion, Management, and Production.  The gateways for these EPGs are outside of the ACI.  Vlans for these EPGs to communicate outside ACI are 501, 502, and 503. 

When a VM domain creates and configures in Application EPG, those three EPGs were pushed and appeared in VM Networking Portgroups.  

When checking the VM Networking Portgroups, the three EPGs were pushed twice.   For instance, the EPG SERVER-MGMT was showed in Portgroups as SERVER-MGMT and Production|AP-Prod|SERVER-MGMT.  Acording to the VM team, the Portgroup SERVER-MGMT is Vlan 501 and Portgroup Production|AP-Prod|SERVER-MGMT is a random Vlan from DVS.

Is this a problem or normal behavior? Ideas, sugesstions?

The Vcenter is version 6, virtual switch is DVS.  ACI version 2.2(1o). 

Best Regards,

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RedNectar
VIP
VIP

‎09-12-2017 11:41 AM

There are two approaces to integrate VMs with ACI.

  1. Using a Software Defined Networking (SDN) approach (which uses dynamic VLANs)
  2. Using a Traditional Networking approach (which uses Static VLANs)

You have used the integrated SDN approach, where the APIC assigns VLANs and portgroups with nanes like Production|AP-Prod|EPG-Name. The server team were expecting that THEY would determine which VLANs go where.

To use the Server Teams VLANs means you have to give up the SDN approach and statically map the VLANs to EPGs, just like you would for Bare Metal Hosts.  This is NOT the way CIsco envisigened ACI to be implemented, BUT if that's what you want it is perfectly OK to do it this way.

Now there is a kind of middle ground configuration too.  You can have both dynamic VLANs and static VLANs in the VLAN Pool that is used with your vCenter VMM Domain.  BTW, it can be a bit tricky to set up a VLAN Pool with both staitc and dynamic VLANs using the GUI - easiest to set up the dynamic and static ranges when you create the VLAN Pool. The GUI doesn't like you changing it later, but its not too hard using the API - so long as you know how to use the API!!!!!!!

Using this approach (both staitc and dynamic VLANs in the same VLAN Pool) you could map VLANs 501, 502 and 503 to EPGs, but they woud still create PortGroupslike Production|AP-Prod|EPG-Name in vCenter.

My Suggestion is that you do a combination.

  1. Tell the server team that they should use the port groups created by the APIC and not worry about the static VLANs, but also

  2. ceate a static VLAN Pool with VLANs 501-503 and link it to a Physical Domain. Then in the tenant space, staticly map any ports connected to the exiting network to the appropriate EPGs.  Moving forward, these statically mapped VLANs may go away or get re-used somewehre else

 

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

 

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

4 Replies 4

Go to solution
Jason Williams
Level 1
Level 1

‎09-12-2017 10:01 AM

Do you notice any raised faults under the VMM domain? There might be instances of F1606 raised with a description of "Cannot find an EPG policy in the domain for the portgroup."

If this is the case then you should be able to manually delete those port-groups, which do not have the Tenant|App|EPG naming convention, in vCenter. This assumes that no VM is using those port groups either. 

Would you be able to create new EPGs for VMM or associate the VMM domain to other EPGs as a further test? This would be to see if adding the domain to new EPGs would still create extra port groups. 

-JW

0 Helpful

Go to solution
RedNectar
VIP
VIP

‎09-12-2017 11:41 AM

There are two approaces to integrate VMs with ACI.

  1. Using a Software Defined Networking (SDN) approach (which uses dynamic VLANs)
  2. Using a Traditional Networking approach (which uses Static VLANs)

You have used the integrated SDN approach, where the APIC assigns VLANs and portgroups with nanes like Production|AP-Prod|EPG-Name. The server team were expecting that THEY would determine which VLANs go where.

To use the Server Teams VLANs means you have to give up the SDN approach and statically map the VLANs to EPGs, just like you would for Bare Metal Hosts.  This is NOT the way CIsco envisigened ACI to be implemented, BUT if that's what you want it is perfectly OK to do it this way.

Now there is a kind of middle ground configuration too.  You can have both dynamic VLANs and static VLANs in the VLAN Pool that is used with your vCenter VMM Domain.  BTW, it can be a bit tricky to set up a VLAN Pool with both staitc and dynamic VLANs using the GUI - easiest to set up the dynamic and static ranges when you create the VLAN Pool. The GUI doesn't like you changing it later, but its not too hard using the API - so long as you know how to use the API!!!!!!!

Using this approach (both staitc and dynamic VLANs in the same VLAN Pool) you could map VLANs 501, 502 and 503 to EPGs, but they woud still create PortGroupslike Production|AP-Prod|EPG-Name in vCenter.

My Suggestion is that you do a combination.

  1. Tell the server team that they should use the port groups created by the APIC and not worry about the static VLANs, but also

  2. ceate a static VLAN Pool with VLANs 501-503 and link it to a Physical Domain. Then in the tenant space, staticly map any ports connected to the exiting network to the appropriate EPGs.  Moving forward, these statically mapped VLANs may go away or get re-used somewehre else

 

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

 

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Trinh Nguyen
Level 1
Level 1
In response to RedNectar

‎09-12-2017 01:34 PM

RedNectar
Very well explanations, thank you.
To be clear, I need to integrated VMs to ACI in mixing environment to live migration of VMs in legacy network to ACI. So now the VM team (and also my network team) understand what are those portgroups mean, we can easily to avoid them, no more confusing.
0 Helpful

Go to solution
RedNectar
VIP
VIP
In response to Trinh Nguyen

‎09-12-2017 02:40 PM

Glad it helped.

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License