How to Integrate Cisco ACI with VMware Using DVS
Integrate Cisco ACI with VMware Using DVS
Integration of VMMs with ACI
allows you to apply policies to individual VMs.
Will show you how to
integrate the APIC with the vCenter domain, assign multiple VMs to their port
groups and test the IP connectivity among them.
Task 1: Configure VMM Domain Integration
Cisco
ACI supports three integration methods with VMware vCenter:
·
Distributed Virtual Switch (DVS)
·
Cisco Application Virtual Switch (Cisco AVS)
·
Cisco ACI Virtual Edge (AVE)
Step
1
Configure
a vCenter domain.
A.
Go to Virtual Networking > VMM Domains and
open the folder. Right-click VMware, and choose Create
vCenter Domain.
D.
Enter the name: Anoop.
E.
Make sure that VMware vSphere Distributed Switch is
selected.
F.
Leave Associated Attachable Entity Profile (AAEP) empty.
|
|
will create an AAEP and associate it with
the VM provider in the next procedure.
|
G.
Choose Create VLAN Pool from the VLAN Pool
drop-down menu:
H.
Create a VLAN pool with these settings:
o Name: Anoop_VLAN
o Allocation mode: Dynamic
Allocation - this is the default option.
o VLAN Range: 100–199 (click
the plus sign [+] in the Encap Blocks table to configure the range).
o Allocation Mode: Inherit
allocMode from parent
o Role: External or
On the wire encapsulations
|
|
The role defines the use of the VLAN range.
External or On the wire encapsulations is used for allocating VLANs for each
EPG assigned to the domain. The VLANs are used when packets are sent to or
from leafs. The Internal role is used for private VLAN allocations in the
internal vSwitch by the Cisco ACI Virtual Edge (AVE). With the Internal role,
the VLANs are not seen outside the ESX host or on the wire.
|
I.
Click OK and Submit.
J.
Click the plus sign (+) in the vCenter Credentials table to
define credentials with these settings. Then click OK.
o Name: Cred
o vCenter username: Anoop_VM
o Password: xxxxx
K.
Click the plus sign (+) in the vCenter table to define the
controller settings:
o Name: Anoop-vCenter.
The vCenter controller name does not have to match the name of the vCenter
domain. It is done for simplicity.
o Hostname or IP
address: 192.168.10.50
o DVS Version: vCenter
Default
o Stats Collection: Leave
the default value (Disabled)
o Data center: DC.
The data center name must match the data center that is defined in the VMware
vCenter.
o Management EPG: Leave
empty. You do not configure any EPG for managing the VMware vCenter because the
connection from Cisco APIC to the vCenter is out-of-band (OOB.)
o Associated
Credential: Cred
L.
Click OK.
M.
Leave all other settings in the Create vCenter Domain page at
their default values and click Submit.
|
|
The port channel mode and vSwitch policy can
either be configured within the vCenter domain, or within the access
policies.
|
Task 2: Verify Cisco APIC Connection to VMware vCenter
Server
Activity
Step
1
Verify
that Cisco APIC has discovered the vCenter.
A.
Go to Virtual Networking > VMM Domains > VMware and
expand your vCenter domain with all discovered sub-elements.
|
|
The APIC connects to the vCenter and obtains
its inventory, including hypervisors, VMs, and uplinks. You will see all VMs
that have been installed on your host.
|
Step
2
Verify
that a DVS has been provisioned in your vCenter.
·
connect to the vCenter
- Go to Networking. Expand
the folder that is created under your data center (DC). You should see a
DVS with the name of the configured vCenter domain within a folder of the
same name. Expand the DVS to see two networks that have been automatically
created. Click the Summary tab to check the information
about the DVS.
|
|
It can take up to 15 minutes to be ready.
When vCenter becomes active and reachable, you will be able to see the
elements.
|
Task 3: Configure AAEP to Selectively Allow VLAN Traffic
Attachable Access Entity
Profiles (AAEPs) can be considered the “where” of the fabric configuration, and
are used to group domains with similar requirements. They allow a one-to-many
relationship between the policy groups and domains.
AAEPs are tied to
interface policy groups. One or more domains are added to an AAEP. By grouping
domains into AAEPs and associating them, the fabric knows where the various
devices in the domain reside. Cisco APIC can push the VLANs and policy to the
required interfaces.
Step
1
Configure
an AAEP vCenter connection.
A.
Go to Fabric > Access Policies > Global
Policies, right-click Attachable Access Entity Profiles, and
choose Create Attachable Access Entity Profile.
B.
Enter the name: Anoop-AAEP
C.
Do not check the Enable Infrastructure VLAN check
box. The infrastructure VLAN is used when the VM provider uses VXLANs as the
access method. In that case, the infrastructure VLAN is the transport segment
for connectivity among the VTEPs. This option is not available for a classic
VMware DVS.
D.
Click the plus sign (+) in the Domains table and choose your from
the list. Click Update. The encapsulation, which specifies the VLAN
range that is used for the vCenter connection, will be automatically retrieved
from the VMM domain configuration.
E.
Click Next (scroll down if necessary).
F.
Keep the default Select Interfaces option (None)
and click Finish (scroll down if necessary).
Step
2
Link
your leaf policy group (ESX) to the vCenter AAEP.
A.
Go to Fabric > Access Policies > Interface
Policies > Policy Groups > Leaf Policy Groups.
B.
Select your leaf interface policy group (ESX).
C.
Scroll down and choose Anoop-AAEP in the Attached
Entity Profile drop-down menu.
D.
Click Submit and then Submit Changes.
Task 4: Add ESXi Host to APIC DVS
Activity
Step
1
Add
the hypervisors and the respective uplinks to the DVS.
A.
In the vSphere web client, go to Networking.
Right-click the created DVS and choose Add and Manage Hosts.
G.
For More infor check with ur VM admin.
Step
2
In
the vSphere client, verify that the DVS is using CDP as the discovery protocol,
which has been inherited from the access policies (CDP-Enabled, LLDP-Disabled)
that have been attached to the access port.
A.
In the vSphere web client, go to Networking and
expand the Sales-vCenter folder.
B.
Select the created DVS and choose Manage > Settings
> Properties. Discovery protocol should be Cisco Discovery Protocol.
|
|
If LLDP was enabled in the attached access
policy group, the DVS would use LLDP, and no neighbors would be discovered in
this environment.
|
Step
3
In
the vSphere client, verify the neighbors discovered
A.
Select your domain and go to Settings > Topology.
B.
Expand the first two uplinks, click the Information button (i),
and examine the neighbor information in the CDP tab.
Step
4
Verify
that the discovered neighbors can be viewed in the APIC GUI.
A.
go to Virtual Networking > VMM Domains > VMware.
B.
Expand the information tree for your vCenter domain, and examine
the data available for the uplinks. You can see neighbor details.
Task 5: Associate vCenter Domain to EPGs
Activity
When you associate an EPG
with a VMM domain, the APIC will automatically provision a DVS port group that
correspond to the EPG.
Step
1
Associate
the EPG with your VMM domain
A.
go to Application Profiles > Tiered-App >Application
EPGs and expand the <ur> EPG.
B.
Right-click the Domains (VMs and Bare-Metals) menu
and choose Add VMM Domain Association.
C.
Choose your vCenter domain profile (Anoop) and leave all
parameters at their default values.
|
|
You do not define any static encapsulation
because the APIC should dynamically assign VLANs to the VMs. The VLAN IDs
will be retrieved from the resource pool.
|
D.
Click Submit.
Step
2
Use the same approach to
associate the remaining EPGs
Step
3
In
the vSphere client, view the new port groups obtained from the APIC as a result
of the EPG associations.
A.
In the vSphere client, go to Networking and
expand the Sales-vCenter folder.
B.
Click the DVS and examine its port groups. You should see three
port groups that correspond to the associated EPGs. Refresh the web client if
you do not see them.
Comments
Post a Comment