Configuring a Cisco ACI L2OUT

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to the latest video in the HCI bite-size series the bite-size video is meant to be small chunks of tasty ACI morsels easily consumable and digestible which basically just show a single configuration element of a ACI fabric so in this video we're going to be creating and l/2 out or an external bridge domain okay so there's our topology so we're going to be concentrating on this section up in the top right basically extending some British domains that we've already created in our previous videos out into the legacy world okay so that's where we are at the moment so the policy in force within the fabric is pretty much what that bolon graphic looks like so we've got our application profile already configured our endpoint groups and our bridge domains and if you want to see how those are configured I just refer to the previous bite-size video of configuring and integrating cisco ucs so the object of this video is to extend those bridge domains out into the legacy world numerous reasons for doing that most commonly would be for a migration from a legacy network into an AC a fabric or they may just be a requirement to extend layer two outside of the fabric for whatever reason okay so the what success will look like on this video is I've actually got a couple of SV is configured on an external router in our legacy environment so the object of the exercise will be to ping through to those IP addresses from within endpoints within our EPDs within our ACI bridge domain so for example from our web tier which is in which domain VLAN 10 we want to ping through to our SPI on VLAN 10 our legacy world so physically I've got a Cisco 3650 Rooter connected by a single link one gig link into the no 2 on port 23 generally in the real world you'd probably have that dual connected via a V PC and for a bit of added resilience okay and that's how I look like from a logical point of view so are two British domains are the sort of pinky boxes down there and we're going to extend those British domains into the legacy environment VLAN 10 and the 920 respectively now there's two ways of doing an L 2 L you can either extend the EPG and again as we if you want to have a look at how that's done it's a very similar process to basically configuring an EPG on a particular port but it's pretty similar to how a bare-metal server is integrated into the fabric or the other way is to extend the bridge domain and so the main difference being is you're again remembering our ACI 101 and elements within an EPG by default can talk requiring no contract you can turn that off but by default they will talk without a contract so if you have any requirement to control the traffic between your ACI environment and your legacy environment which I guess majority of customers would in that case you would want to create an external EPG and which means that you can actually have a contracts between the two so contract between your internal EPG and your external EPG and so that's the method we'll use here extending out the bridge domain okay so let's get on with the configurations so let's get a ping going to our SP is so this is my external switch so that I show IP int brief you'll see I've got two SV is created they'll add 10 and VLAN 20 both of which end in 200 and if I have a look at the interface that connects into the hand no tooth fabric okay so it's pretty simple it's just a tagged dot1q trunk link carrying both VLAN 10 and VLAN 20 okay so first thing we need to do is set up the connection into the legacy switch from the fabric so again looking at our diagram is port 23 on node 2 so we're pretty familiar how to do this by now let's go into our fabric and again we use the wizard so this is not a VPC it's a single connection so at the moment the only switch policies we've got are apply to two switches so we need to add an additional switch policy which is only first node 102 okay oh um just node 102 and let's add an interface to that so send individual Inc lots of EPC this time and it is on port 1 slash 23 I'll give a sensible name work legacy switch so again this would probably more commonly represent a nexus or a catalyst which outside of the ACI environment okay we want to create a link level policy as I mentioned this is only a one gig link so you want to create a one gig policy nice capital T there and speed to one gig okay well disable CDP and enable lldp anything else we need there okay so again choosing wit using the wizard we can actually carry on this configuration so it is actually a external bridged device that we are adding in which is the other name for l2 out and we're going to create a domain called legacy networks domain and the to the lens that we're going to trunk outside of our environment are ten and twenty okay save and submit okay so that's the physical side done for the infrastructure okay so let's now go and do the logical side in fact just before we do this this is always interesting let's kick off a couple of pings so this is from our web tier and the ten rich domain so this kickoff ache continues to ping to the SVI in the legacy environment and we'll do the same for the apt here so this is in the British domain only 20 subnet so the object of the exercise is to get those pings responding okay okay so let's go back to our tenants and now let's do in lab tenant as I've looked allocations doing okay so we've got our web and app tiers so the object now is to extend those out enter the legacy network so in order to do that we go into our networking tab external bridged networks we want to create I think Bridgette outside so I pull this regal an 10 associate that with the legacy networks domain and we're going to so she ate it with our internal VLAN 10 which domain and we need to use the same encapsulation that the legacy switch is expecting so we'll tell that VLAN 10 and our port which we created with a little wizard is on port 23 of node 2 I'm going to click Add there ok that all looks good ok so obviously we need to associate a contract with an LPG so in this case we need to create an external representation of that network so we just need to give it a name and we'll call it external VLAN 10 okay that's all we need there okay finish so there's our VLAN 10 external bridge domain with our external VLAN 10 network or X 10 or EPG so let's do the same for the UN 20 so for this vivan 20 external bridge remains the same one legacy networks domain our internal bridge domain will now be on VLAN 20 fish domain and again the encapsulation has to match the tagging on the external layer to switch so he'll be 20 against a single port against the same port node 2 port 23 and at that next weekend we'll create our external EPG to represent that Network and we'll call it external VLAN 20 okay okay so have both of those in okay so the next thing to do is to create our contracts between our extend leap EG and our internal EP G's so between our web and directs dental VLAN 10 and vice versa with VLAN 20 so let's go into that so let's give a provided contract on all these external EP G's contracts had a provided contract again these will use that permit any again you could you create this as granular and contracts or ACLs as you needed to and we'll update that I can will create provided contract on our external VLAN 20 e PG okay so now let's just confirm that we have a consumed contract on both of our EP G's within our application so our web tier okay we have a provided contract but on a not a consumed contract so obviously we need to marry that those contracts up so that's provide a consume the contract and we'll just use the permit any let's just double-check our application EPG contracts and we already have a consumed contract there so let's have a look at our location now so you can see now we have a couple of l2 ELPS let's check our pings okay so we can help in through to is VI on both feet LAN 10 and VLAN 20 so it's also popped back to our external switch and just make sure we can ping inside the fabric so try and ping our which domain or duplicate way within the fabric okay let's jump in a couple of workloads with VMs and simmer the VLAN 20 that our bridge domain Gateway within the fabric and one of our VMs obviously if you had your default gateway outside of the ACI fabric and which is more unfeasible and again that may be for a temporary migration measure or it could be you know you've got an external firewall providing your default gateway and that's when you would need to change the behavior of the bridge domain says I must quit clerkly would do that so we go into our rich domains like working yeah so by default they're the Bridgette we intercept two Hardware proxy which basically means that if the Leafs don't know a destination it will just send it to the spines now obviously if the destination is outside of the fabric that those apps or that traffic is not going to get to its destination so if you if you're using a gateway outside of the fabric or extending your layer to outside of the fabric you need to just send that to flood okay so I think that about concludes this video hope you can join me for the next bite-sized video so in the meantime take a
Info
Channel: ucsguru
Views: 17,499
Rating: 4.9741936 out of 5
Keywords: cisco, aci, l2out, external, bridged, layer 2, vlan
Id: xKxplvVa1xw
Channel Id: undefined
Length: 16min 30sec (990 seconds)
Published: Fri Jul 14 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.