Monday, 4 August 2025

Complete Steps to Create vPC in Cisco ACI (via APIC GUI)

 Understanding vPC in Cisco ACI: A Modern Approach to High Availability

In the evolving landscape of data center networking, Virtual Port Channel (vPC) stands out as a cornerstone of high availability and link redundancy. While traditional NX-OS environments rely on CLI-driven configurations, Cisco ACI reimagines vPC through a policy-driven, intent-based model that aligns with the fabric’s overarching design philosophy.

Unlike legacy setups, ACI abstracts physical connectivity into logical constructs, allowing administrators to define vPC behavior through interface policy groups, switch profiles, and attachable access entity profiles (AAEPs). This not only simplifies deployment but also ensures consistency across the fabric.

At its core, a vPC in ACI enables two leaf switches to present a unified uplink to a downstream device—be it a server, firewall, or load balancer—without relying on spanning tree protocols. The result is active-active forwarding, improved bandwidth utilization, and seamless failover.

In this guide, we’ll walk through the step-by-step configuration of vPC in Cisco ACI, demystifying each component and highlighting best practices to ensure a robust and scalable deployment.

Note:- In Cisco ACI, a Fabric Extender (FEX) can be integrated using a port channel in a straight-through topology, where each FEX connects directly to a leaf switch. While vPCs can be established between hosts and the FEX for redundancy and load balancing, the FEX itself does not support vPC connectivity to multiple leaf switches.

 Complete Steps to Create vPC in Cisco ACI (via APIC GUI)

Step 1: Leaf Onboarding (One-by-One)

๐Ÿ” Monitor Discovery in APIC

  1. Log in to the APIC GUI
  2. Navigate to:
    Fabric → Inventory → Fabric Membership → Nodes Pending Registration
  3. Wait for Leaf101 to appear
    • You’ll see its Serial Number
    • Node Role: Leaf
    • Status: Blank / Not Registered

๐Ÿ“ Register Leaf101

  1. Right-click on Leaf101’s serial number
  2. Click Register
  3. In the registration window, enter:
    • Node ID: 101
    • Node Name: Leaf101
    • Click Register
    • Wait for it to appear in Registered Nodes

๐Ÿ“ Register Leaf102

  1. Repeat the same steps for Leaf102:
    • Wait for it to appear in Nodes Pending Registration
    • Right-click → Register
    • Enter:
      • Node ID: 102
      • Node Name: Leaf102
    • Click Register
    • Wait for it to appear in Registered Nodes

๐Ÿ”ข Step-by-Step ACI Configuration Flow

2. VLAN Pool (VLAN 113)

  • Navigate to:
    Fabric → Access Policies → Pools → Right Click on VLAN and click Create Vlan Pool
  • Create VLAN Pool:
    • Name: VLAN_113_Pool
    • Mode: Static
    • Click + under Encap Blocks

ร˜  Range:  113 – 113

ร˜  Allocation mode: Static

    • Click Ok - >Submit

3. Domain (Physical Domain)

  • Go to:
    Fabric → Access Policies → Physical and External Domains ->Right Click on Physical domain ->
  • Create Physical Domain:
    • Name: PhysDom_VLAN113
    • VLAN Pool: VLAN_113_Pool
    • Click Submit

4. AEP (Attachable Access Entity Profile)

  • Navigate to:
    Fabric → Access Policies → Policies-> Global → Right Click on Attachable Access Entity Profiles -> Click Create Attachable Access Entity Profiles
  • Create AEP:
    • Name: AEP_VLAN113
    • Click + under Domains and Associated Domain: PhysDom_VLAN113
    • Click Update ->Next -> Finish

5. Interface Policy Group (vPC)

  • Go to:
    Fabric → Access Policies → Interface → Leaf Interfaces - >Policy Groups->Right click on VPC Interfaces - >Create VPC Interfaces
  • Create VPC Interface Policy Group:
    • Name:  vPC_LF101_LF102_1_1
    • AEP: AEP_VLAN113
    • Port Channel Policy: system-lacp-Active
    • Link Level Policy: system-link-level-XG-Auto
  • Click Next > Finish

6. Create vPC Policy (Your Mentioned Step)

  • Go to:
    Fabric → Access Policies → Policies → Switch
  • Right-click on Virtual Port Channel Default

Name:VPC_101_102

ID:10

VPC Domain Policy: Default

Switch1: Leaf101

Switch2: Leaf102

This step ensures the vPC behavior is defined at the switch policy level.

7. Interface Profile

  • Navigate to:
    Fabric → Access Policies → Interface → Leaf Interface -> Profiles
  • Right click on the interface profile and click Create Interface Profile:
    • Name: IntProf_Leaf101_102
  • Click + under Interface Selector:
    • Name: Eth1_4
    • Interface ID: 1/4
    • Policy Group: vPC_LF101_LF102_1_1
  • Click Ok - > Submit

 

8. Switch Profile

  • Go to:
    Fabric → Access Policies → Switches → Profiles
  • Right Click on Profile and click Create Leaf Profile:
    • Name: LeafProf_101_102
  • Click + under Leaf Selector:
    • Name: Leaf101_102
    • Node Block: From 101 to 102
  • Click Update -> Next
  • Attach Interface Profile:
    • IntProf_Leaf101_102

9. Create Tenant

  • Navigate to:
    Tenants
  • Click Add Tenant
    • Name: Tenant_WebApp
  • Click Submit

10. Create VRF

  • Navigate to:
    Tenants
  • Click Networking -> VRF -> Right click on VRF -> click Create VRF
    • Name: WebApp_VRF
    • Uncheck Create A Bridge Domain
  • Click Finish

11 Create BD

  • Navigate to:
    Tenants
  • Click Networking -> Bridge Domain -> Right click on Bridge Domain-> click Create Bridge Domain
    • Name: WebApp_BD
    • VRF: WebApp_VRF
    • Click Next
    • Click + under Subnet

ร˜  Gateway IP: 10.1.1.1/24

ร˜  Check “Make this IP address Primary”

ร˜  Scope: check “Advertised Externally”

  • Click OK -> Next-> Finish

 

12. Create Application Profile (AP)

  • Inside Tenant_WebApp, go to:
    Application Profiles
  • Right Click on Application Profile  and Create Application Profile:
    • Name: WebApp_AP
  • Click Submit

13. Create Endpoint Group (EPG)

  • Inside WebApp_AP, go to:
    EPGs
  • Right Click on Application EPG and click Create Application EPG:
    • Name: WebApp_EPG
    • Bridge Domain: WebApp_BD
    • Click Finish
  • Right Click on WebApp_EPG and click ADD Physical Domain Association:
    • Domain Association: PhysDom_VLAN113
    • Click Submit

14. Create Contract (Allow TCP Port 80)

  • Go to:
    Tenant_WebApp → Contracts -> Standard
  • Right Click on Standard -> Click Create Contract:
    • Name: Allow_HTTP
  • Click + under Subject:
    • Name: HTTP_Subject
    • Filter: Click + under Filter
      • Click + Under Name
      • Name: HTTP_Filter
      • Click + under Entries
      • Name: HTTP_Entry
      • EtherType: IP
      • IP Protocol: TCP
      • Destination Port: From http – To http
      • Click Update-> Submit
      • Click Update -> Ok -> Submit
  • Provide contract to/from EPG as needed

15. Static Binding of EPG to Port

  • Go to Tenant WebApp_EPG-> Application Profiles -> WebApp_AP ->  Application EPGs -> WebApp_EPGs
  • Right Click on WebApp_EPGs -> Click Deploy Static EPG on PC,VPC, or Interface
    • Path Type: Virtual Port Channel
    •  Path: Leaf101/eth1/4 and Leaf102/eth1/4
    • Mode: Trunk
    • Encapsulation: vlan-113

 

Posted by at
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)