ACI VLAN Pools: Definitions
- A VLAN Pool defines one or more groups (one or more blocks) of VLAN IDs.
- A single VLAN Pool can be associated to many or all domains configured in the APIC.
- A VLAN Pool is used internally by the fabric to map endpoints to EPGs. Remember that the concept of VLAN has in ACI a local significance: a VLAN in ACI is just telling the leaf port which encapsulation it should put on the frame travelling southbound from APIC.
- A VLAN Pool has a VLAN allocation type. It means how the VLANs from this VLAN Pool will be allocated. VLAN allocation can be Static Allocation or Dynamic Allocation.
We will learn the difference between the two in a moment.
ACI VLAN Pool: Encap Blocks
In VLAN Pool, we need to define one or more ranges of VLAN IDs, called Encap Blocks or VLAN Ranges:
- A VLAN Pool Encap Block is simply a range of VLAN IDs:
- The Encap Block have two possible allocation types: a static allocation or a dynamic allocation. The default is to inherit the allocation mode from the VLAN Pool, which is denoted with inherit allocMode from parent.
- We can define one or more Encap Blocks per VLAN Pool.
- It is possible to configure an Encap Block with static allocation when the VLAN Pool is either in static or dynamic allocation mode.
- However, in order to be able to create an Encap Block configured in dynamic allocation mode, the VLAN Pool must be set to dynamic allocation too. Otherwise the option to select Dynamic Allocation appears greyed out:
- An Encap Block configured with dynamic allocation means “APIC selects VLAN dynamically from the VLAN range.”
- A VLAN Pool configured as Dynamic Allocation means that the APIC will assign VLAN IDs dynamically to the end points that are associated to the VLAN Pool through the ACI domain,
- A VLAN Pool configured as Static Allocation means:
- that the endpoint associated to the EPG indirectly associated to this VLAN Pool will be assigned a VLAN ID in the static range.
- In ACI, the VLAN allocation to EPGs is either static or dynamic
- a statically allocated VLAN to the EPG is called static binding. This case is seen with Legacy Bridge Domains .
Attention however: We need to distinguish two concepts related to VLANs: internal namespace and external namespace. Why? because the VLAN that an ACI administrator configures is “semantically” different from what each ACI leaf implements on the ASIC, although numerically they are the same.
For example, an ACI administrator sets Encap value to 5, which is part of a configured VLAN Pool. The leaf hardware under the hood will set its own VLAN value, and if through pure coincidence the internal VLAN value is also 5, then it does not mean that we are using the same VLAN set by the administrator.
- Internal namespace refers to the internal VLAN ID used by the leaf to switch the endpoint frames within the fabric.
- external namespace refers to the static VLAN encapsulation that the ACI administrator assigns to an EPG
- We can also assign a range of VLAN IDs to an EPG. This VLAN range is called VLAN Pool.
- it is recommended to design VLAN pools based on funtional role, e.g Firewall_VLP.
- attaches to one or more domains. Beware that when using the same VLAN Pool for more than one domain, the VLAN significance is local to each domain. The recommendation however is not to reuse the same VLAN Pool.
- When a physical non-virtualization server is connecting to the ACI fabric, then configure static VLAN mapping.
- When a virtualization server is connecting to the ACI fabric, then use dynamic VLAN allocation.
ACI VLAN Pools: Configuration
- I name the VLAN Pool
- After naming my new VLAN Pool I click on the plus button to add the VLAN range:
- I define the VLAN range, let the other settings unchanged and click OK:
- Now my VLAN Pool is created. I can close the VLAN Pool window with Submit:
- A VLAN Pool can be created also from the AAEP configuration menu: