Application Virtual Switch is thepurpose-built, hypervisor-resident virtual switches designed for the ACI fabric. AVS is integrated into the ACI architecture and supports Application Network Profile (ANP) enforcement at the virtual host layer consistent with the Nexus 9000 series physical switches. AVS is managed centrally along with rest of the ACI fabric components through the Application Policy Infrastructure Controller (APIC).
Virtual Machine Manager Domains
The APIC is a single pane of glass that automates the entire networking for all virtual and physical workloads including access policies and Layer 4 to Layer 7 services. In the case of the Cisco Application Virtual Switch (AVS) on ESXi, all the networking functionalities and port groups (EPGs) creation on vCenter are performed using the APIC.
Virtual Machine Manager Domain groups vCenter Servers with similar networking policies requirement. Multiple vCenters can share VLAN or VXLAN space and application endpoint groups (EPGs). For Cisco AVS the APIC communicates with vCenter using OpFlex protocol to publish network configurations such as port groups that are then applied to the virtual workloads.
Provisioning of EPGs in VMM Domain
The APIC pushes EPGs as port groups in vCenter. The vCenter administrator then places vNICs into these port groups.
An EPG can span multiple VMM domains, and a VMM domain can contain multiple EPGs.
Policy Enforcement Options For VMM Domain
When you associate EPG to VMM domain, there are different ways to enforce and push the policy in the physical and virtual fabric. These options to enforce policy are shown in the following picture.
It is important to understand what those options are and how are they going to impact during deployment. Following table lists these options, their description and recommendation for Cisco AVS.
This property is to deploy policy from APIC controller to physical leaf switch.
It specify whether policies are applied immediately or when needed. The recommended deployment option for Cisco AVS is On Demand. The default is also On Demand.
This property is to deploy policy from physical leaf switch to virtual leaf (AVS is a virtual leaf)
It specify whether policies are resolved immediately or when needed. The recommended value for Cisco AVS is On Demand. The default is also On Demand.
Once the policies are downloaded to the physical leaf software, deployment immediacy can specify when the policy is pushed into the hardware policy CAM.
Immediate — Specifies that the policy is programmed in the hardware policy CAM as soon as the policy is downloaded in the leaf software.
On Demand — Specifies that the policy is programmed in the hardware policy CAM only when the first packet is received through the data path. This process helps to optimize the hardware space.
Immediate — Specifies that EPG policies (for example VLAN, VXMLN bindings, contracts or filters) are downloaded to the associated virtual leaf switch (AVS) software upon hypervisor attachment to Cisco AVS.
On Demand — Specifies that EPG policies (for example VLAN, VXLAN bindings, contracts or filters) is pushed to the virtual leaf node (Cisco AVS) only when a physical NIC (pNIC) attaches to the hypervisor and a VM is placed in the port group (EPG).
This policy enforcement is also summarized in the following diagram:
Following diagram is just for the reference. It shows a sample tenant (te1), its application profile (ap1), an EPG (epg1) and VMM domain association to the EPG.