Recently in ACI we have come across a situation where the same vlan has to be configured on two ports in two different EPG. Generally if we try to configure a same encap vlan for two different EPGs(static binding) we get error like below.
But certainly there can be some use cases where we need to have same encap-vlans in the different EPGs. Here to note; encap vlans in ACI is a little different from the vlan in normal switching technology. Normally vlan is a broadcast domain however in ACI Vlan tag is just used to identify the EPG for the particular traffic. The broadcast domain in ACI resides in BD(bridge domain) boundary.
Now lets discuss how we can achieve the same encap vlan under two different EPG.
Port-vlan
In ACI we have a concept called port-vlan where we configure vlan scope as port-local in IPG(interface policy group) instead of global . For this we need to attach an layer 2 interface policy under IPG. If you don’t already have the layer 2 policy you may create one.
Fabric > Access policies > interface > policy groups > leaf access port > advanced polices
VLAN
There needs to be two different vlan pools configured for this implementation. You can see below I have created two different pools with same vlan encap. Also to note these vlan pools are assigned to two different physical domains.
Next we can attach these domain to AEP which can be same for both the domains.The same AEP can be added to the IPG and subsequently we can configure the IPF(interface profiles). I am not showing images of these parts because these parts are business as usual in ACI.
Now once this is done we can have domain and interfaces attached to EPGs. In my case I have two different EPGs, portvlan1 and portvlan2. Since we have already created two different domains, we can attach those two domains to these EPGs. Also we have created two different IPFs so we can attach those two different IPFs to the EPG , the catch is that while doing static binding we need to specify the same encap vlans in both the EPGs. Check the below images.
Tenant>APN>Application EPG >(EPG name)> static ports > right click(deploy static EPG on VPC, PC or interface)
And this is how we can put these two EPGs in same vlan encap.
This is the configuration, now lets see how to make endpoints communicate between these EPGs.
Layer 3 BD.
Lets assume that between these two EPGs we have two different BDs , in order for endpoints to communicate we just need to configure two different BD subnet and put contract between the EPGs. The traffic should work.
L2 BD
The problem arises when we have l2BD i.e. BD is not assigned IP address and these two different EPGs are suppose to be talking over l2 network because they have same vlan encap. In ACI we don’t allow that unless they are part of the same BD but here the BDs are different because ACI doesn’t allow port vlan EPGs in same BD on same switch. see the 3rd case in below image.
So to make this work we need additional config where we go under AEP and attach the EPG directly to the AEP. See below
This should enable the layer two communication between the EPGs. And of-course we need contract between them.
Until my next post, thanks for reading.