Creating VLAN Pools and Layer 2 Bridge Domains in Cisco Application Centric Infrastructure
In this article I’ll be describing how to create a VLAN pool for physical connections (perhaps layer 2 connections) to a physical network switch outside of the ACI fabric, such as a Nexus 5000 series switch. I’ll then show how to create a layer 2 bridge domain which can be extended outside the fabric. Please also see the video at the end of this article for further clarification.
We’ll want to create VLAN pools that will contain all of our endpoints, be they physical hosts, virtual hosts, or any kind of appliance. We can create these pools the exact same way as described in the nine steps above. To create a vlan pool for the VMM domain, just give it a different name and supply it with the vlan range you plan on using, or are already using, in your virtual environment. Later when we create Application Network Profiles we will include the pools in the parameters. Also, keep in mind these pools will also need to be specified in UCS Manager if you’re using Cisco UCS B and C Series servers.
To create a pool for external layer 2 connectivity do the following:
- Login to the APIC
- Click on Fabric at the top
- Click on Access Policies in the sub header menu
- Expand Pools in the left navigation menu
- Right click on VLAN and select Create VLAN Pool
- Give it a name such as “N5K-VLAN-Pool”
- Next to Encap Blocks you’ll enter your VLAN pool by clicking the + sign
- Enter the range of VLANs that are on your Nexus 5000 series switch that you want to extend into ACI, or vice versa.
- Click OK and Submit.
We’ll now be able to create a bridge domain, a construct that contains subnets in ACI, that will extend outside of our ACI fabric. We want to do this to extend VLANs between the ACI fabric and the other switches in our environment. This may be for migration purposes, either permanent or temporary, or you may have a tiered application that requires layer 2 connectivity outside the ACI fabric. Whatever your reason, here’s how to do it.
Create a Layer 2 Bridge Domain:
- In the same area, under Fabric>>Access Policies right click on External Bridge Domains and click on Create Layer2 Bridge Domain
- Give it a name, such as N5K-L2-Ext-Bridge-Domain
- Pick an AEP. For more information on creating an AEP see my previous article.
- Select the VLAN Pool you just created
- Click Submit
There you have it, 14 steps to get external connectivity to your switches outside your ACI environment. For more information on creating extending layer 2 outside the ACI fabric check out this white paper. If you have any questions or comments please leave them below or find me on twitter @Malhoit.