We're building 2 UCS domains with Windows Server 2012 (on physical blades) servers across 2 geographical sites. These servers will be grouped in AlwaysOn Availability groups (SQL Server 2012) with 4 nodes (2 from each site) per availability group. A key requirement for an availability group is that all nodes in it must be able to exchange heartbeat messages via unicast and UDP at port 3343. Microsoft supports routed VLANs for multi-site (multi-subnet) heartbeat for Windows/SQL 2012. The storage is accessed via FCoE.
(1) Given the converged infrastructure with UCS, heartbeat messages will share the same network path as the public interface. So, is there a need for a separate VLAN for heartbeats? Or can the public interface be used? Microsoft supports both separate VLAN and using the public interface. However, I'm trying to see the benefit with a separate VLAN given the converged infrastructure.
(2) We can QoS Heartbeat and Public VLANs giving Heartbeat a higher priority (as Heartbeats are latency sensitive), but with such high network bandwidth within the UCS domain, is it really worth doing this (setting up QoS on FI and Nexus 5K)?
(1) Separate Heartbeat network makes most sense if it is on a completely different network path as that of the public network. The crossover cable is a good option for servers in adjacent racks (no dependency on switches).
(2) Even if you place heartbeat and public VLANs on different Fabrics, failover will bring them together.
(2) As I see it, the only guaranteed separation between Heartbeat and public within UCS is on te Blade where we could use separate adapters (we use B200 M3), but this makes the costs prohibitive and not much sense if the paths are shared beyond the adapter.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...