ACI vpc and Vmm integration-LAB

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

and I didn't get a chance to do those labs last night I'll just work on them sometime today so how you complete that bare-metal host configuration all four cases I didn't do the lap Tran for we did lab 1 and 2 yes ok I didn't have the passwords when I sat down I didn't realize I didn't copy that one password ok so we are going to do VDC lab first and then we have to do vmm integration today this is fine switch / 2 3 & 4 we are going to do VPC in ACI fabric I'm going to use these two interfaces which is showing administratively down interface range of a 1/4 switch port channel group let's say Here I am taking channel group number 11 in curve mode passive no shut exit interface for channel 11 let's say poor mode trunk okay sweep or run encapsulation dot1q it work more trunk show it'll channel something so here if you see it is showing down and in to waiting state because I haven't configure anything on the ECA side so I'm removing all the configuration admin config rollback no conflict rollback to this configuration so all the configuration is deleted from my epic now so for V PC you have to go to fabric tab under the fabric tab you have access policies under the access policy you have to complete the physical configuration so you can create a VLAN pool name VPC VLAN static allocation any VLAN you can define here or you can separate a single wheel and also that not a shoe then you can create a physical domain you can call your reel and pull submit third step you have to create the AAP which is under global you can map your domain one update then policies so we need people to see here we need CDP we need a four-channel policy more should be LACP and permanent we created you go back to your just to your link level you said you created 3 I do use the tool ok the two-speed then under the interfaces leaf interface policy group inside that you had to create a policy group under the V PC interface to right click on this VC policy group VPC IBG you can call your policy DP on 4 channel policy attachment entity profile and submit your policy group is ready then you have to create an interface profile leave interfaces number two 1/2 interface policy group is VPC IPG okay so minute then you can create a switch profile directly from here what I am going to create through the Quick Start so you can go here now inside this you can define your switches it switches is 1 0 1 1 0 2 and your profile name is that's a V PC switches here under this V PC period you have to define the V PC domain so domain ID is 11 switch 1 0 1 1 0 2 and save so we do i define a V PC domain 11 because we make V PC for channel 11 into our downstream device we created the switch profile but that switch profile is not having any interface profile till now so we will map that thing so submit if I go to this under the switches leaf switches profile here I will get V PC profile under profile everything is showing here just one thing is missing which is associate interface electro profile so just add your interface profile here and submit once this thing is done let's see what is the status on our l3 switch show if the channel summary goatish showing us our port is into the down state let wait for few minutes port street see i'm trying to follow your diagram that you sent me maybe as the ports are different yeah the Pens are different with this layer 3 switch connects to Oh layer 3 switch 1 there it is never mind so it connected it physically is connected to the leaf okay yep well I was looking at yeah I was looking at the one you the overall topology now time hopefully they'll give you the same issues as yesterday no no oh there goes taking this time maybe finding a shank for channel is ok same thing we can verify on our si said also you can go to the inventory under the inventory you can go to the port 1 under the port 1 you have leave 1 and leave 1 0 1 and 1 0 2 you can go to the interface under the interface you are getting the VDC interface so you make the poor channel 11 you can click on that it is showing primary and everything is fixes and the PF state is up same way you can check on so the way this these leaves are just like a um it's just so if leaf 101 goes offline that switch will still could work through leaf 102 so it's yeah your normal judoka so here we haven't defined when we are so what's the number 1 was that something that was just there which number 1 once again this yeah this is the internal mapping under this logical one it is mapping the interface 1/2 ok so whatever policy we applied all pulses are applied if you have access Oh see how come the doesn't show your your understand as High Command doesn't show your pol oven we configured I'm on the leap one zero one I can figure that we PC domain ID 11 okay it is showing peer status agency form is okay okay Pierre spitters like it is identify the Pierre VP Cpl keep Ally status disabled because that is able to reach via is a fabric no way PC role is rambling okay same way if I share with PC on leaf too I'll be showing the same status here so when you scroll yeah when you scroll back down so to where it says so where says the V PC the ID one and po6 that's internally created correct that's what it is so okay so this is this one is that one you are asking like under the port 11 then I explained that one you are getting one that will an ID so it is showing internally everything is up and this is our V PC status and leave when 0 2 is - the country enter how does it decide was primary in secondary ok my topology for V mmm mmm integration v mm integration means we will integrate the VMware hypervisor with ACA so in my network I have to you see a server UCS e-series server these are my UCS e-series ever I write it here you see CCD server ok or you can understand any server let's say Dell server emc server any server in that server i install the ESXi hypervisor and I install lots of VM inside that so we have to integrate this ESXi with our ACI info such er before that going into the integration let take a small introduction about the ESXi and all those though let's suppose I have here the UCS is the Cisco shall see right now it's not a fiscal chassis you chassis is UCSB d series okay T series is direct mon server like your router's okay but that is managed to the if manager only okay so now understand it's like any server let's say any PC in that PC we are using that VMware Workstation right so in that server this is my server any wonder okay I'm using here hypervisor ESXi so once I install the ESXi here it will become a host so in VMware term I will tell it's a ESXi host okay now this hypervisor is ready and inside that I can create multiple VM let's say VMs are connect created and you assign IP address to the VMS and you want to ping internally when this ESXi is created internally it create one switch also and that switch is known as V switch and by default all these VMs are connected with that we switch so that switch name is we switched zero this which is known as standard switch now so that server host that's how all the VMS get whatever applications they need from that server for the host ok now we have one more host so that is host to so if you want to manage these hosts on host 2 there is a VC 0 here is we switch Jiro if you want to manage these host right or this ESXi these VMs right so till we amber 6.0 there is a utility vSphere client we speak client this is the basically one small software right through which you can manage this ESXi host and you can manage this ESXi host but at a time either you can manage the host one or you can manage the host - there is no centralized management okay later on after 6.5 they came up with they remove this vSphere client and through HTML you can connect but again you are able to do a management single host at a time you can manage only one host let this thing yeah I'm following you but I guess that's where I'm that's where I'm confused well go ahead because I thought when you log in there like vSphere or and you use kleiner HTML you can see all your hosts now when more component come into the picture vCenter so they came up with one solution we Center this is for centralized management okay so that's what I'm yeah so VMware vCenter single sign-on okay right so this V Center you can install in any of the hypervisor any of the hosts note issue you can use Microsoft operating system also on Microsoft server you can install that we Center it will also work ok so you can install anywhere this V Center once you install that we Center then you have to add host and host means host one and two once you add the host one and two on the vCenter then you will get this and this both the hosts present on vCenter and all the VMS you can see there so this will provide you the centralized management ill now any issue you can ask any question no no I'm okay take a follow on I mean I'm following this right now next this V switch 0 standard switch let's say I add all these hosts on the V Center so now you can understand I want to talk with this VM 1 to V m5 both the post are added into the V Center but the VMS are present on the V switch 0 in the different different V switch so by default they can't communicate it will be look like this there are two switches one PC connected on one switch and another PC connected on another switch but between the switch to switch there is no connectivity so vCenter will provide you one more advantage DVS distributed virtual switch and this distributed virtual switch you can create only through the vCenter once you create the distributed switch on the vCenter then you can move this VM from this virtual switch to let's I create this switch so you can move this VM once you move the VM into the distributed switch so they belongs to the same switch and they can communicate now okay so that's so I know the standard switch you said this is distributed switch yeah distributed switch is required when you want to add different virtual switch VM to a single switch character okay so let me show you that thing first so so but when you say they're just real quick when you say they can host one here and host two or was that one in five or of them but you're saying they can't communicate you mean switch to switch but the the particular VMS couldn't communicate probably let me show that thing it will be more clear no you're fine so I had two hosts in my data center one is HTTP is this is my ESXi host one on this host approximate gems are present all these beams are present on that if you click on the networking you are getting this v0u and right now 16 VMS are connected order ok yep no same way if I go with the ESXi host to see I guess I don't see this part because I don't want you know work on the server you can do one thing have you work on the VMware Workstation yeah I have it on my laptop here I go in there and wisely install that is exciting that it will work fine everything you can set up there so here again 18 VMS are there under the networking you are getting all these VMs ok some external stuff you are getting here like distributed switched distributed switch distributed switch right because we Center is there and some distributed switch are pushed through the ACI right so that's why you are getting here I created these VMs these VMs are present on ESXi - so whatever configuration I will do I will do with respect to a sec ty - okay now so these are my VM right now they are connected with internally with any switch oh no if you hear me I'm back whenever you're ready hello I you hear me can you hear me I don't know if you got me muted or not so these are my BMS yep okay sorry I couldn't hear you I'm back now don't know what happened yep I see you building I'm writing here some stuff see there is one point when you integrate the VMware with AC a fabric one distributed switch will be create automatically on the V Center [Music] integrate with ACA on we center so once I integrate this with a CI one distributed switch will create so I will take a name let's say Rakesh vmm DVS so it's just a switch it just a box that box is not having the ports so for the port's you need the port guru second thing so the ruckus ruckus ruckus that's your distributed switch right okay when you create a PG and a CI that will become port group for VM for group for the VM so for example if I create a PPG where BPG so on this distributed switch the port group will be there so let's say this is my and etg port group web EPG after that simply you have to connect these VMs so now it same bare-metal host configuration scenario member in the same EPG they can communicate member in the different EPG they can't communicate if you want to communicate then you have to make a contract so what what type what kind of that's why I've never really paid attention you say a via I know a virtual machine but what kind of machine can that be I know we host like I don't know if you heard of like a wise terminal little no II see well little pcs that that all communicate back to true VMware these VMs can be any via Microsoft Linux redhead other any any vm ok culture clear this thing so when we are doing the lab there are some information which you need it to be understand 192 168 10.1 to 1 this is the IP address or ESXi host we Center IP is 192 dot 168 or 10.1 to to somewhere in the configuration it will ask data center or data store data center sorry not datastore so data store will be DC to - k SPL it will ask the user name and password somewhere so username and password is administrator at the raid easy to let me write it username then the configuration it will ask these things so let me show you all these DC do dot K spill is my DNS this is my V Center axis so you can see here DC - - case peel this is my data center name we Center - V dot BC - dot K SPL this is my V Center name IP address is 1 2 - ESXi host is 1 to 1 right yes so now we are going to do vmm integration and after this I will give you a chance to implement this lab this lab is very important because in the production environment lots of stuffs are integrated through the VMware may be your firewall is virtual so traffic is going through the firewall and that perv all you have to integrate right so if you are integrating the firewall and that wire firewall is the virtual so first thing you have to implement there vmm integration then you can integrate your purple so let me go to my ESXi now you we don't have any other information and in configuration so we have to follow the same two configuration physical configuration and logical configuration if you see under my V Center if I go to the networking tab right now I don't have any distributed switch right and if [Music] all the VM connected with the vm network which is the standard switch so first step you have to create a VLAN pool so vmm pool whenever you ha oh sorry so you're gonna go well maybe you maybe you say cover so whenever you create doing the integration with the VMware or Microsoft rather any hypervisor you have to choose to do dynamic allocation now encapsulation block let's say I'm giving here we Len 350 to 400 thousand yeah my question was gonna be so when you create those 50 VLANs mm-hmm um does that represent might just you base that on a number ax I host you have no no no these VLAN for let's say if you want to implement internally if you want to go with the wheel and let's say if you want to put a specific VM into the specific villain I got you okay awesome so would it be our norm would it be your normal VLAN pool if you use a thousand VLANs would you put all of them out there just the or yup it's the ones you need for your data center yeah okay civilians okay after the Leland we are creating the physical domain right but I told you whenever you are doing the vmm integration no need to create the physical domain you have to go to virtual networking tab under the virtual networking you are getting one option vmm domain under the VM men you are getting right now for option microsoft openstax redhead and vmware so these hypervisor you can integrate right now I have VMware environment so I am going to integrate with the VMware right click on this create a V Center domain so my switch names that switch is a distributed switch so according to my topology Rakesh vmm devious it's a distributed virtual switch and there are some advanced third parties which is also from the Cisco AVS application virtual switch AV e application virtualization 12 AVS is used but right now let's say it's not fixed it's not seven and right now ESXi seven or someone is there so AV is supported now attachment associate attachment entity per file right now we haven't created so we are not choosing that option you can call your vm m domain pool so women pool i created no need to do anything into the security domain you have to make a V Center credential just click on the plus sign it's a credential policy basically you can give any name username is administrator at the ADC - dot kil password is cisco at 1 2 3 then from the password cisco add 1 2 3 click ok to make this VMware credentials then you have V Center click on the plus sign name V Center controller name any name you can give let's say my V Center is V Center - be V Center IP address 192 dot 168 - 10.11 - devious version distributed switch version put it we Center default data center my data center name is DC 2 - K SPL we don't require management EPG here Associate credential whatever credential policy you created just call that policy simply click OK V PC policy CDP and submit once you do this configuration your distributed switch will be there controller will be there if you expand the controller you will get the hypervisor inside that hypervisor you are getting 190 168 10.1 21 and whatever VMs are present there on that hypervisor all VMs are getting here so they refine a host on its own because you put in 122 that 122 is the IP address of me Center center here and 121 is a server IP host IP which is not so sir which is associated with that we vendor okay so that's the es e XXI host of yeah I'm a PI associated this host ESXi host to under the vCenter be clip here if you click on your controller controller it will show you here online if it is showing unknown state is unknown that means there is some issue in your configuration here it is showing online online means everything is working fine till now your configuration is good you can go to your V Center oh and now I see go back okay now it's there are all those VMs and then pay attention to that there's all your VMs ok and these are the same beams so you do the same steps for each gig yes yes X I chose I haven't done for the ESXi host I integrated my V Center with the ACI so whatever information is having that V Center that is coming to the ACI now yeah but I mean it looks like it has your ax e sx i host fo yeah yeah ok if i go to the networking tab oh I see what you're saying if you add more within the vmware it's gonna populate it in ACR exactly ok and if you see this switch name rakesh vm m DVS i integrated my v center so that rakesh vmm DVS that is after integration that is present on my V Center sighs clear yeah still steps but yes you know when you've never done it so I ma I guess my only question was back to the VLANs so if you're using VLANs and VMware because usually I think in our environment just say we're using VLAN 1 through 50 mm-hmm so the way whatever switch port or BladeCenter this is connected to who we may be an allow and just say we allow VLANs 1 through 50 in a pig do those VLANs have to be 1 through 50 or it doesn't care what via and you use you are losing one to 50 now so here I give 350 to 400 the things are things you can utilize 1 250 or 350 to 400 in the same way yeah this one say oh so it doesn't have to match yeah okay so I can have 1 through 50 on the actual devices but it'll map and they don't matter what I use in a pic it'll map it yeah I'm just telling that information to the ACA these VLANs are available for my VMs to vCenter is there now again you will go to the CCI fabric go to the fabric tab so you can say it through the vmm networking tab I created a virtual domain now you can go to the policies under the policy global attachment exists entity profile create that vmm ap inside the domain you can map your logical domain which is this rakesh vmm DVS update next finish so it seems like no matter what you've done you've always had to come into this part the attachable yes and all the configuration physical and logical configuration will be same steps are same then policies I already created a one gig policy and I have a CDP policy also so I will call these policies so no need to create again then interfaces under the interfaces go to the leaf interface firstly create a policy group leave access policy group port group right click on this create a leaf access port food which lets a vm m a PG you can call your policy which is one good connectivity CDP is on you can call that CDP also that is again CDP policy it comes when you integrate the vCenter attachment entity profile we have the vm m and submit so our policy group is ready the next step we have to create a profile will give vm m interface profile for the port is 17 17 interface policy group vmm IBG okay submit the interface profile is ready then you can the switches leaf switch profile create leaf profile vmm switch profile leaf selector 1 0 1 1 0 2 update next vmm interface profile and finish so what we have completed we completed the physical configuration now let's come to let me ask you this real quick in a production environment is there a when you're adding new devices like that and is there anything you can do to like while you're to impact the other stuff I mean I know if you delete something but I mean while you're setting up you can edit that thing now let's say right now I just integrated that part like vmm integration right now in my environment I have to be a success ever that's a later on I created one more ehh sighs so I had to just create a interface profile and I can call that interface profile in the same switch profile let's say created one more ESXi so after that if you want to do any modification you can go to your switch profile and you can associate that particular next interface also here yeah but what I was saying is it seem like it's pretty straightforward that if you're setting something up you shouldn't impact you're already live environment it's what I was saying yep then let's say it one more tenant let's say I'm creating a rakesh submit under this you can create your B RF v mm - v RF you can create your bridge domain c v mm - BD you can call the v RF okay inside the BD i am defining one subnet and that IP address i will use on my client side for example 'take 62-54 slash 24 and I am putting private to be RF only submit the next you are creating application profile let's say we we mmm inside that you can create to your EPG so let me show you one more thing right now inside this distributed switch you don't have any port group right now if I go to my ESXi I'm creating here to code groups twe pidgeys so one is app EPG you can associate your BD here VM MBD finish did one more wave or disturbs see the thing is you have to follow that sequence whatever sequence on the first configuration I've shown you now if you follow that particular step-by-step everything will be remembered well yeah I know with with time and repetition but yeah right now it's just like man you've done a lot don't worry like with the same configuration I make a document with you document okay so I shared with you okay I created the application profile and in that I created the EPG as I told you those EPG whatever EPG I created here that will become the port groups for my VM but if I see inside my V Center I'm not getting that app and we have information here why because those EPG are not associated with the V mm domain so right-click on that domain add V mm domain Association select your v mm domain deploy immediate and submit so right now I just associated at EPG if I go there you can see now so it is telling rakesh is the tenant dream inside that this is the application profile name and then this is the EPG it is not showing web because that is not associated till now at minimum domain once you associate deploy immediate the met and if you go here you can see where BP G's also there all right let me test this thing now so if I go to the host and cluster under my V Center I had to VM CSI router once a set out a tool so I just map when csr outer image here so just right click on this go to the edit setting under the network setting network adapter - I am choosing one more step is missing we haven't tell that thing like okay this distributed switch will be available for which host so just right click on your distributed switch there is a option add and manage host click on that add post to this distributed switch add new host select the host ok next assign uplink VM Nick 1 okay next next all the VMS are showing here next and finish so once you associate this distributed switch with your host then you can go to the VM that's a csr router one VM go to added setting VM network browse so that information is coming here now so firstly I am going with that thing same subnet semi PG so right now I'm choosing app for CSR 1 and CSR 2 also ok and so both these wheels are under the same a PG right now but let me check what IP address present there you see sr1 csr - let's see what type it is present there I give the subnet a 60 dot 0 dot 0 dot 250 for my subnet IP sixty dot Network this is my Caesar one interface gig - IP address 60 dot zero dot one over four - five four - four 4.0 61 0.2 - 500 - 500 - 500 0 exit do show IP interface brief ok so I paid us is 60 . - if I try to ping do ping 62 or 0.1 it should bring ok it is pinging so that means we have implement the vmm integration and same EPG same subnet let me go with another configuration different subnet different EPG so CSR one is having 50.00 sorry 60 dot 0 dot 0 dot 1 IP address so here I will use let's say interface gig - IP address let's say here I am giving 70 dot 0 dot 0 to 1 255.255.255.0 and exit now we need a default route also so this to communicate in another subnet I am putting 70 dot 0 dot 0 dot 254 0.0 0.0 0.0 0.0 on CSR 1 also I need a default route IP space route 0.0.0.0 then 60.0 2:54 after that I need another subnet under my VD so you can create a 70 subnet here let's say 70.000 250 4/24 so subnet is present here then second case what do you want under the CSR - you have to change the network adapter setting you just go to the edit setting right now both the VMS are under the same IP g so here i am changing app to web so this or the web okay summit so CSR one is under a PPG CSR to under web EPG routing is there [Music] so remote desktop disconnected in just wait for one minute so the first time you did this you have app and you chose your app for both the web server no you you had the same that's where I'm confused okay but no you can keep going when I work through it I'll figure it I mean they'll be better when I start working through it I'll understand a little bit better - so you're going to understand it was like I said I'll probably make more sense once I start working through yes - then previously they are connected with TVs then this is my PPG and they are connected like this man but this time and they have the same IP address but this time they are connected like this day yeah I have where BPG this is having IP address 60 dot zero dot one here I define the gateway gateway is 60.00 254 and here is 70 dot zero dot one and Gateway IP is 70 dot 0 dot 254 okay but right now between them there is no contract only routing is there so there is no contract contract so let me try to communicate that thing so I am on 60 Network I can type a ping ping 70 dot zero dot one repeat let's say I'm putting five thousand ok so the communication is not going on correct no contract you just go to your epic make a contract get a contract let's say up to two web contract scope is we are F subject name you can put any filter I am choosing the default again just click on update okay submit so I create a contract now let up lie the contract so this is my app right-click on the contract ad provide contract choose the contract submit contract ad consume contract submit now let's see you can see where communication is parted

Info

Channel: Rakesh langain

Views: 1,611

Rating: undefined out of 5

Keywords:

Id: XnCpjWrTBAQ

Channel Id: undefined

Length: 76min 40sec (4600 seconds)

Published: Mon Apr 20 2020