Configure a Cisco ACI Network with Qumulo Core

IN THIS ARTICLE

Outlines how to configure a Cisco ACI network with native VLAN and VLAN Trunks to integrate with Qumulo Core

REQUIREMENTS

• Cluster running Qumulo Core
• Network deployment using Cisco ACI

NOTE: Qumulo requires the back-end (cluster-only communications) to be an untagged VLAN. The front-end (user-facing interface) can be run on the same untagged VLAN interface for simplicity, or can optionally utilize VLAN tagged interfaces.

DETAILS

Cisco ACI offers 3 modes to configure VLAN allocation on an edge-port. In the example where the uplink physical ports are a single, physical port or VPC, the port or port-channel then gets a so called “static path assignment” to map a particular VLAN on the uplink to an endpoint group. This is where the encap-mode for the access port is configured.

There are three different types of VLAN modes: trunk, access (802.1P), and access untagged. See the sections below for descriptions of each.

Trunk Mode

Trunk is the default deployment mode. Select this mode if the traffic from the host is tagged with a VLAN ID. This is also used in many environments that need multiple VLANs to be trunked across a single link (e.g., for ESXi hosts).

• Cisco Gen1 leaf switches in this mode support only tagged traffic per interface.
• Cisco Gen2 leaf switches in this mode support simultaneous tagged and untagged traffic per interface. This behavior also requires >/= ACI software version 3.2(3i).

Access (802.1P) Mode

Select this mode if the traffic from the host is tagged with an 802.1P tag (prioritization). When an access port is configured with a single EPG (End Point Group) in native 802.1p mode, its packets exit that port untagged. When an access port is configured with multiple EPGs, one in native 802.1p mode, and some with VLAN tags, all packets exiting that access port are tagged VLAN 0 for the EPG configured in native 802.1p mode and for all other EPGs packets exit with their respective VLAN tags.

When choosing Access (802.1P) mode, one must make sure to have only a single VLAN tagged to a port. In the case where VLAN25 is assigned, for example, this is then the native VLAN and frames are sent and received untagged.

NOTE: Only one native 802.1P EPG is allowed per access port.

Access (Untagged) Mode

Select this mode if the traffic from the host is untagged (without VLAN ID). When a leaf switch is configured for an EPG to be untagged, for every port this EPG uses, the packets will exit the switch untagged.

NOTE: Both Access (802.1P) and Access (untagged) are supported by ACI on any generation of LEAF. If one uses Gen1 LEAFs, there may be a need to try Access (untagged) instead of Access (802.1P), as there may be a possibility that the Gen1 LEAFs always send a tagged frame with VLAN-ID set to 0 when configured in Access (802.1P) mode.

NATIVE 802.1P AND TAGGED EPGS ON INTERFACES

When assigning Access (802.1p or Untagged) modes, follow the guidelines below to ensure that devices that require untagged or 802.1p packets operate as expected when they are connected to access ports of an ACI leaf switch. The guidelines apply to EPGs deployed on ports on a single leaf switch (when EPGs are deployed on different switches, they do not apply).

• In the APIC GUI, when you assign VLANs on ports to EPGs, you can assign one of the following VLAN modes: Trunk, Access (802.1p), or Access (Untagged).
• Only one 802.1p VLAN or one untagged VLAN is allowed on a port. (It can be one or the other, but not both.)
• In releases prior to Cisco APIC release 3.2(3i), if an EPG deployed on any port on a leaf switch is configured with Access (Untagged) mode, all the ports used by the EPG should be untagged on the same leaf switch and its VPC peer (if there is one).
• Beginning with Cisco APIC release 3.2(3i), you can have a combination of untagged and tagged ports on generation 2 switches (with -EX, -FX, or -FX2 suffixes).
• You can deploy different EPGs using (tagged) VLAN numbers in Trunk mode on the same port, with an EPG deployed on the port in Access (Untagged) mode.

There are some differences in traffic handling, depending on the switch, when a leaf switch port is associated with a single EPG that is configured as Access (802.1p) or Access (Untagged) modes.

Cisco Gen1 Switch

If the port is configured in Access (802.1p) mode:

• On egress, if the access VLAN is the only VLAN deployed on the port, then traffic will be untagged.
• On egress, if the port has other (tagged) VLANs deployed along with an untagged EPG, then traffic from that EPG is zero tagged.
• On egress, for all FEX ports, traffic is untagged, irrespective of one or more VLAN tags configured on the port.
• The port accepts ingress traffic that is untagged, tagged, or in 802.1p mode.

If a port is configured in Access (Untagged) mode:

• On egress, the traffic from the EPG is untagged.
• The port accepts ingress traffic that is untagged, tagged, or 802.1p.

Cisco Gen2 Switch

Generation 2 (or newer) switches do not distinguish between the Access (Untagged) and Access (802.1p) modes. When EPGs are deployed on Generation 2 ports configured with either Untagged or 802.1p mode:

• On egress, traffic is always untagged on a node where this is deployed.
• The port accepts ingress traffic that is untagged, tagged, or in 802.1p mode.

The following details the APIC GUI interface for a Native VLAN port configuration:

In the Bridge Domain configuration, the following settings are used and ACI provides the Gateway with Unicast routing for the BD (Bridge Domain) turned on.

When ACI is not managing the gateway, one would set “L2 Unknown Unicast “ to “Flood” and turn Unicast routing off completely.

RESOLUTION

You should now be able to  configure a Cisco ACI network to integrate with Qumulo Core

ADDITIONAL RESOURCES

Connect to Multiple Networks in Qumulo Core

 

Like what you see? Share this article with your network!