Cisco ACI Configuration - Creating VPC and Layer 2 (L2) EPG VLAN Constructs

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome I'm Jeff Miller technical solutions architect with Cisco Systems we're going to continue with these tutorial videos I've got a couple out there already that seemed to be seem to be getting some good feedback so we'll continue making some of these hopefully they help people in their journey to learning learning ACI and implementing ACI I'm going to take some of the set up that I used for some of the previous videos and dissect it a little bit because I realize a lot of what I did was very targeted I'm just going to keep kind of targeting certain aspects of this scenario and show you how I built the different constructs so today we're going to focus solely on [Music] creating a VPC from Nexus to ACI and what that looks like and then creating a construct with an ACI to associate a nexus VLAN over layer to that VPC into the ACI world so in this scenario we've got our two nexus switches on the left hand side in green and we have a box that we'll use for just testing purposes which in this case is called migrate MIG demo migration demo one on the nexus side then we have another box on the ACI side that we'll use for the testing purposes and then as it relates to this particular video we're going to use that same tank test utility that is northbound of the fabric ACI fabric and the nexus fabric and then another ping test utility that is part of the ACI fabric to see east-west right this is in this scenario is really just going to be for connectivity testing just to show you if it's up or down things like that but hopefully this will be helpful I'm not going to probably do a postman version like I did in previous videos I will probably just build a video on how to create postman square because one of the most useful things of a CI is that we have the API inspector which makes it super simple to really script out anything you do in a CI if you really really want a postman script for what I'm doing today maybe I'll make another video just with that scenario it's not that difficult again one of the beauties of a CI having a restful api you can do any of this stuff via scripting via Python or postman with JSON so with that hopefully that's a good set up and I'm going to pause for a minute here and we'll jump into the lab thanks again for watching okay well here we are back in the demo so I guess the lab more them demo but let's go ahead and get logged in and really whenever we plug anything into the fabric and a CI fabric and the first thing we do is we go to the fabric and we go to access policies because you have to configure the physical constructs before you configure any of the logical or policy based constructs so I made an entire video on how I view access policies which you can watch I'm not going to get into a ton of detail on that but just as a quick recap you know what we're going to do today is we're going to create a VPC that goes out to a legacy world or a nexus world or just anything that's not a CI so just as a couple checkpoints we want to make sure that we have a VLAN pool created so this is the pool we created in a previous video the VLAN we're going to use is 120 so it's within this range here okay so we're good there close that back up then we're going to make sure we have a physical domain association which we created previously and we see our demo pool is associated with this demo fizz okay which is also associated with this demo AEP alright so we can check on that if we want I know it's there because I just saw it the only thing we're looking for here really is just the fact that we have our physical domain associated with this demo AEP again rip the AEP is what gets supplied to the interface the physical domain is what gets applied to the policy right so the first thing we do we plug something new in we've already gone through and done all the policy pre config you know pre work that we did in on previous videos we're not going to go through that at all so the net new plug in anything new to the system I come to my policy groups in this case I'm just going to right click and I'm going to say I want to create a new VPC okay we're going to give this a name it's in my rack a - and this is an Nexus 5 okay that we're plugging in - and then I always recommend anything in in the function or what the main is of the of the object we're creating right I'm going to turn on CDP I'm going to turn on lldp and then I'm going to pick a poor channel policy so let me scroll down here a little bit this is an LACP active again we created in a previous video and the last thing I need to do is my attachable entity profile policy which in this case is the demo AEP right and that's it that's all we have to configure right we have to configure our port channel policy we have to configure our there it is plus there we go our port channel policy and our AEP the CDP and ldpr purely optional but I want to configure those as well so submit this now this is just the policy we haven't applied it anywhere so we just created this policy here once we create the policy we need to apply two ports so we go back to our profiles these are all the ones we created and previous exercises and this is going to be a VP C on Leafs 101 and 2102 so I'm going to use this grouped policy of 2101 and 2102 to apply it so I've got some you know VP C's in here already I'm just going to create a new accessport selector and I like just to call the import there's really not a right way to do this or wrong I just do this and you could end it with probably the best practice will be to end it with you know something like this it's totally optional for you this will be ports 39 and 40 on both switches and then I'm going to grab the policy group that I just created okay you could help if I typed correctly still have to type properly otherwise it doesn't work so we'll submit when I hit when I submit this is actually this is creating the VPC okay something I'm going to do to make my life easier is I'm going to give an interface description here this area of interface description which this is version 2.2 so some things have changed on me clearly but this description is what you will see if you do a show interface status or you go look at the actual interfaces under any kind of viewing so if you do show it like I said show interface status or if you just go and look at the inventory this is what shows up so if I submit that it should show it shows right here these descriptions are purely for the GUI okay which you could put there too I'm going to submit this someone look at this a couple different ways right so this literally just created a BPC this is pretty simple right there's really not a whole lot to it if I want to look at this newly created BPC I can go to inventory and bring up the interface under one of the leaf nodes that I created look at VP sees this 101 is my peer group ID that I gave it and then I'm going to go through here and look that's not it that's not it this part could be a little bit cumbersome there it is so it's it's VPC its port its port channel three four six these are randomly assigned and this is where having a description really helps out so it's port channel six on the system so if I come into you know one of the leaf switches this is leaf 2102 and show BBC you know I see for Channel six up if I do a show so show a BBC summary summary oh no that's wrong port channel summary interface port channel 6 in this case this is what a lot of you use or is what I have used to tell whether both ports are up so I see you know my my 6 is in you know it's in switched up state both porch 39 and 40 are up right so if I did the same on the Nexus side I would see them go from this was earlier on I probably should have showed you that first but this was before I create the port channel I'm not showing you the the Nexus ID config I assume everyone can do that part but that was the previous and then now we're in the same state so just that little bit of configurations how you configure the actual physical part of a port channel ok now that we have that physical connectivity up we'll show the the policy-based configuration so under the tenant side so and what I mean by that is in our scenario that I set up earlier is that you know 101 was on the Nexus side 1 or 2 is on the ACI side obviously since we just created this new port Channel and we're only layer 2 connected into the nexus side this host has no active access to it so we're receiving no kin 1:02 is on the ACI fabric so obviously we're so you can connectivity with that I'll show you more what that looks like under the tenant so as we come into our tenant where I have this configuration build we've got our VLAN 120 again we've got all these constructs already built the gateway address lives in ACI at this point based upon previous videos about gateway migrations and the first thing I do whenever I'm building any of these DP G's is it's always helpful to good operational right so these are the hosts that the fabrics learning about obviously we're learning about one or two it's an ACI we haven't learned about 101 because we haven't associated 101 with the layer to the B PC which did so if we want to do that the first thing we need to do is add the domain right so we're going to add a physical domain which is what we created in the demo physical I'm just going to leave everything default for now and we'll submit that then we'll come under our static ports or our previously called our static path bindings and we will add a new static pathfinding basically what we're doing here is we're saying okay over this port channel just when right here right so our a 2 and 5kv PC over this port channel VLAN tag 120 is is going to be associated with a CPG right and then I submit this it will actually go and configure that so if I submit here and now I go back to my switch side if I do a show V PC I see port channel 6 my cursor is not very good with VLAN 120 now associated before it looked like these there was nothing associated right and these up here have some because these are other bbc's I have built and running so everything is is purpose configured right there's not a concept on the ACI world of once I can figure a trunk everything nothing's allowed until you add policy for it right hopefully that makes sense as I come into my pen utility probably saw a pop up here in the right-hand corner and now have connectivity if I go to my east-west this is useful at all I didn't have connectivity before I was missing you know lots of pings and now I'm up to 12 right and again like I said these these ping tests are really just in this as related to this demo purely for connectivity viewpoint so if I minimize this guy I should be able to go back to my EPG and I should be able to go back to my operational status and I see 101 now I also see some max learn from probably the Nexus side switches okay but I see this 101 right and that's really where I want to get to I want to be able to see it I see that it's learned out that BBC I see this is learned out of a V mm I'll probably make some videos on B mm integration specifically around DBS Navy s at some point but not going to do that right here something interesting though that I want to show you that is new newer way to do this as well is you know as you can imagine if I'm going to sit there and create dot1q trunks for a V PC every single time short of scripting it out it's it's somewhat could be cumbersome right so there's a new way to do this so I'm going to actually delete this static path binding and this is going to take it as you will if either way is totally fine I just want to show you multiple ways to accomplish things within a CI so if I go back to operational I'm back just down to the one and I just lost connectivity to 101 okay so kind of a cool new way to do this that was released in some time into is that under your a EP we now have the ability to associate EP G's to an AEP which means the AEP if you remember get supplied to the interface right so the minute I configure a physical interface I apply an ATP well now if I sit here and say hey I want to associate I'll pick my tenant I'll pick my particular EPG or my application and then my EPG now if I say probably wants feeling yes it does now what I'm saying is if I see VLAN 120 come out any port that this AEP has been applied to it's part of the CPG in this application this tenant well that's a really simple way to do widespread configurations okay okay and it could be super powerful so for things like management and other things like that this could just be another helpful way to do it so if I hit update here we should be able to go back to this tenant and I can already see it was restored I should be able go back to this tenant and look at the operational and voila I now see anything that that AEP is applied to from a port perspective so in this case this VPC any time we see dot1q tag of 120 come through it's automatically part of the CPG now this may not solve every problem but it's certainly easier than coming here and creating static ports for every single time now the static ports or static path bindings that was kind of the original way so this is just a newer way to do it I just wanted to highlight it as an option so as we come back to our print 10 utility real quick we see we had you know some loss if we go through here you'd see some some outages and things like that but we're back fully connected we're all green which is good and cool and and that's it really for doing a layer 2 associated to an EPG I will probably make a separate video on just you may be asking yourself that layer-2 associated EVG in this manner that I just showed you and then there's also an external bridge which is another way to do layer two and the main difference there is that that adds an element of security because when we do the external bridge we have to use contracts even though it's layer two so I'll probably make a separate video on that to be totally honest we don't see a ton of the external bridged configurations used that terribly often again it would be if you wanted to add another layer of security between yourself and another layer to network of some sort so it's definitely useful but it certainly has more configuration steps which also has more troubleshooting steps in the event of issues so with that I've probably spoken enough for this video once again I appreciate everybody watching and hopefully this was helpful and as always please leave feedback and/or any suggestions on any other videos or or anything like that but thanks and have a great day

Info

Channel: Jeff Miller

Views: 27,689

Rating: undefined out of 5

Keywords: Cisco, ACI, VPC, Networking, SDN, Data Center, Migration, Network

Id: 4x_VDuhvBRA

Channel Id: undefined

Length: 18min 52sec (1132 seconds)

Published: Fri Feb 03 2017