vCenter VDS Integration

vCenter VDS Integration

VMM Domain is a component to connect ACI policies with virtual switches managed by third-party virtual machine (VM) controllers such as VMware vCenter, Microsoft SCVMM and so on. You will focus on the most basic VMM integration which is with VMware vCenter VDS.

The key functionalities of VMM domains are the followings.

• Pushes ACI policy such as EPG to VM controllers.

• Retrieve information such as VM inventory from VM controllers.

1. The APIC administrator creates a VMM domain.

2. The Cisco APIC performs an initial handshake and open TCP session with VMware vCenter specified by a VMM domain.

3. The APIC creates the VMware VDS with the VMM domain name or uses an existing VDS if there is one already created (matching the name of the VMM domain). If you use an existing VDS, the VDS must be inside a folder on vCenter with the same name.

4. The vCenter administrator adds the ESXi host to the integrated VDS and assigns the ESXi host ports as uplinks on the integrated VDS. These uplinks must connect to the Cisco ACI leaf switches.

5. The APIC automatically detects the leaf interfaces that are connected to the integrated VDS via LLDP or CDP from the integrated VDS.

6. The APIC administrator creates EPGs and associates EPGs to the VMM domain.

7. Cisco APIC dynamically picks a VLAN for the associated EPG and maps it to a port group in vCenter.

8. vCenter creates a port group with the VLAN under the integrated VDS. The port group name is a concatenation of the tenant name, the application profile name, and the EPG name.

9. The APIC pushes policies to leaf switches. The same VLANs used for mapping EPGs to port groups can then be trunked over the leaf switch ports where the ESXi is connected to.

10. The vCenter administrator instantiates and assigns VMs to the port group.

VMM Domain Components

when a VMware vCenter is associated to the VMM domain, it will deploy a VMware VDS under the vCenter. Then, when the VMM domain is associated to an EPG, it will deploy VMware port group on the VMware VDS as a representative of the ACI EPG.

To deploy components to VM controllers, a VMM domain contains the following information:

• Credentials: Used to access associated VM controller or controllers to post configurations via their API and retrieve inventory information from them.

• Controller: Specifies which VM controller such as VMware vCenter to associate with this VMM domain.

  • Please note that, although each VMM domain can contain multiple VM controllers, they must be of the same kind. For example, a single VMM domain can interact with multiple VMware vCenters but the same VMM domain cannot be used for Microsoft SCVMM.

• EPG association: A VMM domain will map associated EPGs to VMware port groups, SCVMM VM Networks and so on, and deploy them on the integrated vSwitch. One EPG can be associated to multiple VMM domains so that VMs on different type of VM controllers can belong to the same EPG and use the same security policies such as contract on ACI.

• Attachable entity profile association: A VMM domain relies on AAEP to scope which leaf interfaces may be connected to the integrated vSwitch. As mentioned in the workflow, it will use LLDP/CDP to further identify a specific interface that is indeed connected to the integrated vSwitch so that VLAN can be dynamically deployed only on necessary interfaces.

• VLAN pool association: A VMM domain will use VLANs from the associated VLAN pool when EPG association occurs. This VLAN will be deployed on leaf interfaces and the integrated vSwitch (for example, VMware port group on VDS).

• Port channel mode: This mode is to control the integrated vSwitch’s load-balancing mode and uplink aggregation (LAG/LACP) mode.

• • Static channel—mode on
  • LACP active
  • LACP passive
  • MAC pinning
  • MAC pinning-physical-NIC-load

VMM Domain VLAN Pool Association