Guest

Cisco Application Virtual Switch Installation Guide, Release 5.2(1)SV3(1.20)

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Application Virtual Switch Installation Guide, Release 5.2(1)SV3(1.20)

Chapter Title

Installation

Results

Updated:
June 23, 2016

Chapter: Installation

Installation

Cisco AVS Installation

Installing the Cisco Application Virtual Switch (AVS) consists of two separate sets of tasks: configuring the Cisco Application Policy Infrastructure Controller (APIC) and then install Cisco AVS using the Cisco Virtual Switch Update Manager (VSUM), the ESXi CLI, or the VMware Virtual Update Manager (VUM). You also must verify the installation.

This section provides the instructions for each set of tasks that you need to perform to install Cisco AVS to use within the Cisco Application Centric Infrastructure (ACI) fabric.

Prerequisites for Installing the Cisco AVS

You need to perform the following tasks before installing the Cisco AVS.

  • You must set up the Cisco APIC before you can set up the Cisco AVS. See the Cisco APIC Getting Started Guide for instructions on how to configure the Cisco APIC for the first time.

  • You must make sure that all switches are registered and that the Cisco ACI fabric is up to date. See Cisco Application Centric Infrastructure Fundamentals and the Cisco APIC Getting Started Guide.

  • You must install Cisco VSUM if you plan to use it to install or update the Cisco AVS.

  • When connecting the Cisco AVS using VXLAN encapsulation, set the maximum transmission unit (MTU) value equal to or greater than 1600 on all intermediate devices on the path between the Cisco ACI fabric and the Cisco AVS. These include FI switches and UCS-B. However, to optimize performance, the MTU should be set to the maximum supported size that all intermediate devices on the path between the Cisco ACI fabric and the Cisco AVS support. The maximum configurable MTU on AVS is 8950.

  • When adding additional VMware ESXi hosts to the VMM domain with the Cisco AVS, ensure that the version of the ESXi host is compatible with the Distributed Virtual Switch (DVS) version already deployed in the vCenter. For more information about Cisco AVS compatibility for ESXi hosts, see the Cisco AVS Release Notes for your Cisco AVS release.

    If the ESXi host version is not compatible with the existing DVS version, vCenter will not be able to add the ESXi host to the DVS, and an incompatibility error will occur. Modification of the existing DVS Version setting from the Cisco APIC is not possible. To lower the DVS Version in the vCenter, you need to remove and reapply the VMM domain configuration with a lower setting.

Workflow for Installing the Cisco AVS

This section provides a high-level description of the tasks that you need to perform in order to install the Cisco AVS.

  1. Configure Cisco APIC settings. These include registering nonconnected switches, and creating interfaces, switch, and VMware vCenter domain profiles.

    An interface policy configures the type of interface—port channel (PC) or virtual PC (VPC)—for the vSphere hosts and a link aggregation control protocol (LACP), or MAC pinning. See the appendix "Recommended Topologies" in this guide for supported topologies.

    A switch policy configures the connection between the Cisco AVS (the vLeaf) and the ESXi hypervisor by specifying a physical port on the leaf switch and by specifying Cisco AVS trunk settings. These include VLANs or VXLANs.

    A VMware vCenter domain groups virtual machine (VM) controllers with similar networking policy requirements. For example, VM controllers can share VLAN or Virtual Extensible Local Area Network (VXLAN) space and application endpoint groups (EPGs). The Cisco APIC communicates with the controller to publish network configurations such as port groups that are then applied to the virtual workloads.

    See the section "Creating Interface and Switch Policies and a vCenter Domain Profile Using the GUI" in this guide for instructions.

  2. Install the Cisco AVS and add the ESXi host to the Cisco AVS.

    Using Cisco VSUM is the recommended method for installing the Cisco AVS. Using Cisco VSUM validates the version and compatibility for the ESXi host, and in one procedure enables you to install the Cisco AVS onto the ESXi host and add the ESXi host to the Cisco AVS distributed virtual switch (DVS).

    See the section "Installing Cisco VSUM" in this guide for instructions for installing the Cisco AVS.

    However, you can install Cisco AVS using ESXi CLI or VMware Virtual Update Manager (VUM). See the appendix "Installing Cisco AVS Using the ESXi CLI or VMware VUM" in this guide.

  3. Verify the Cisco AVS Installation.

    You need to verify that the Cisco AVS has been installed on the VMware ESXi hypervisor by verifying the virtual switch status and the virtual NIC status. You also need to verify that the vmknic is created, that OpFlex is online, and that the ports are in a forwarding state.

    See the section Verifying the Cisco AVS Installation in this guide for instructions.

Configuring Cisco APIC Settings

The following sections describe how to configure the Cisco AVS and the VMware ESXi hypervisor with the Cisco APIC:

  1. Registering the Discovered Switches

  2. Creating Interface, Switch, and vCenter Domain Profiles

    1. Interface and Switch Profile Guidelines and Prerequisites

    2. vCenter Domain Profile Guidelines and Prerequisites

    3. Creating Interface and Switch Profiles and a vCenter Domain Profile Using the Advanced GUI

    4. Creating a vCenter Domain Using the Basic GUI

    5. Pre-Cisco AVS Installation Configuration Using the NX-OS Style CLI

Registering the Discovered Switches

The Cisco APIC automatically discovers leaf and spine switches. However, if your Cisco AVS host is behind leaf and spine switches, you must register them.

Register the switches by following the instructions in the Cisco APIC Getting Started Guide.

Creating Interface, Switch, and vCenter Domain Profiles

Before you can install the Cisco AVS, you need to create interface, switch, and vCenter domain profiles. As of Cisco APIC 1.1.x, we recommend that you perform these tasks in the united configuration wizard in the Cisco APIC. This is the procedure "Creating Interface and Switch Profiles and a vCenter Domain Profile Using the Advanced GUI" in this guide.

You should understand and follow the guidelines in this section before proceeding with the tasks.

Alternate Procedures

If you need to configure a FEX profile or detailed interface, switch, or vCenter domain profiles, you can find instructions in Appendix C, "Procedures for Creating Interface, Switch, and vCenter Domain Profiles" in this guide.

Firewall Considerations

If you use the recommended united configuration wizard, the Cisco APIC automatically creates a firewall policy, which can be modified later. If you instead use the alternate procedures to create interface, switch, or vCenter domain profiles, you will need to create a firewall policy manually. Follow the instructions in the "Distributed Firewall" section of the ACI Virtualization Guide.

Interface and Switch Profile Guidelines and Prerequisites

Follow these guidelines and fulfil the prerequisites when creating interface and switch profiles for your Cisco AVS.

Guidelines for Creating Interface and Switch Profiles

The Cisco AVS supports PC, VPC, MAC Pinning, and FEX interface policies. It does not support individual interface policies. See the Cisco Application Virtual Switch Installation Guide for information about FEX policies.

  • If there is a Layer 2 network between the leaf switch and the Cisco AVS vSphere host, configure the interface policy on the interfaces that are connected to the Layer 2 network.

  • The number of links and leafs that you use determine whether you need to configure a PC or a VPC policy for the Cisco AVS:

    • If you are using a single link between a leaf and an ESXi host, you need to configure a PC policy.

    • If you are using multiple links between one leaf and an ESXi host, you must configure a PC policy.

    • If you are using multiple links between multiple leafs and an ESXi host, you must configure a VPC policy.

  • Follow these guidelines for choosing a LACP policy:

    • Choose LACP (Active or Passive) if the uplinks from the Cisco AVS (vSphere host) are directly connected to the leaf switches and you want to use or turn on the LACP channeling protocol.

    • Choose Static Channel - Mode On if the uplinks form the Cisco AVS are directly connected to the leaf switches but you do not want to use the LACP channeling protocol, for example, static port channel.

    • Choose MAC Pinning if the uplinks from the Cisco AVS should not be channeled together and will operate as separate links.

Prerequisites for Creating Interface and Switch Profiles

You should verify that the leaf switch interfaces are physically connected to the ESXi hypervisor or, if you are using a Layer 2 device, verify that the leaf is physically connected to the Layer 2 device.

vCenter Domain Profile Guidelines and Prerequisites

You must create a new vCenter domain profile; you cannot convert an existing one. For information about deleting an existing VMware vCenter domain profile, see the section "Guidelines for Deleting VMM Domains" in Cisco Application Centric Infrastructure Fundamentals.

Guidelines for Creating a VMware vCenter Domain Profile

You can create multiple data centers and DVS entries under a single domain. However, you can have only one Cisco AVS assigned to each data center.

If you choose VXLAN encapsulation and MAC pinning link aggregation, we recommend that you enable VXLAN load balancing. See the section “Enabling VXLAN load balancing” in the Cisco Application Virtual Switch Configuration Guide.

Note

If VXLAN load balancing is enabled in the VMware vCenter domain profile, Microsegmentation with Cisco AVS cannot be enabled on the domain.

Beginning with Cisco AVS Release 5.2(1)SV3(1.15), you can use IPv6 when creating a VMM domain, provided that the vCenter and ESXi host management are IPv6-enabled.

Prerequisites for Creating a VMware vCenter Domain Profile

Make sure that the multicast IP address pool has enough multicast IP addresses to accommodate the number of EPGs that will be published to the VMware vCenter domain. You can add more IP addresses to a multicast address pool that is already associated with a VMware vCenter domain at any time.

Make sure that you have a sufficient number of VLAN IDs. If you do not, ports on endpoint groups (EPGs) might report that no encapsulation is available.

If you want to change the switch mode on a Cisco AVS, you first must remove the existing DVS and then add the VMware vCenter domain with the desired switching mode. For instructions on removing the existing DVS, see Cisco Application Virtual Switch Configuration Guide.

vCenter must be installed, configured, and reachable through the in-band/out-of-band management network.

You must have the administrator/root credentials to the vCenter.

Note

If you prefer not to use the vCenter administrator/root credentials, you can create a custom user account with minimum required permissions. See the section Creating a VMware vCenter Domain Profile in Appendix C in this doc for a list of the required user privileges.

Creating Interface and Switch Profiles and a vCenter Domain Profile Using the Advanced GUI

Caution: Cisco recommends that you do not mix configuration modes (Advanced or Basic). When you make a configuration in either mode and change the configuration using the other mode, unintended changes can occur. For example, if you apply an interface policy to two ports using Advanced mode and then change the settings of one port using Basic mode, your changes might be applied to both ports.

For information about using Advanced and Basic modes, see the Cisco APIC Getting Started Guide.

Before You Begin

Before you create a vCenter domain profile, you must establish connectivity to external network using in-band management network on the Cisco APIC.

    Step 1   Log into the Cisco APIC, choosing Advanced mode.
    Step 2   On the menu bar, click Fabric > Access Policies.
    Step 3   In the Policies Navigation pane, right-click Switch Policies, and then click Configure Interfaces, PC, and VPC.
    Step 4   In the work pane, click the green + icon and perform the following steps:
    1. In the Select Switches to Configure Interfaces field, make sure that the Quick radio button is selected.
    2. From the Switches drop-down list, choose the appropriate leaf ID.

      In the Switch Profile Name field, the switch profile name automatically appears.

    3. Click the green + icon again.

      As shown in the image below, the screen displays a wizard that enables you to configure interface, switch, and vCenter domain profiles.

      Figure 1. Unified Configuration Wizard

    Step 5   In the wizard, perform the following actions:
    1. In the Interface Type field, choose the appropriate radio button.

      PC or VPC are the only valid options for Cisco AVS deployment. See the section Guidelines for Creating Interface and Switch Policies in this guide.

    2. In the Interfaces field, enter the interface or interface range for your vSphere hosts.

      Once you enter the interface or interface range, the wizard enters a name in the Interface Selector Name field.

    3. In the Interface Policy Group area, choose the Create One radio button.
      Note   

      This procedure assumes that you are creating interface and switch policies and creating a vCenter domain from scratch. If you choose the Choose One radio button, you will not be able to do so in the wizard.

    4. From the CDP Policy or the LLDP Policy drop-down list, create a policy.
      Note   

      If you use a Cisco Unified Computing System (UCS) server, create a policy to enable a Cisco Discovery Protocol (CDP) policy and a policy to disable Link Layer Discovery Protocol (LLDP).

      Note   

      Beginning with Cisco AVS Release 5.2(1)SV3(1.15), CDP and LLDP policies are disabled by default. You must enable them in the configuration wizard. Enable CDP or LLDP policies in the Interface Policy Group Field to enable them on Cisco AVS and other switches in the fabric. If you want to enable CDP or LLDP only on Cisco AVS, enable them in the vSwitch Policy area of the configuration wizard.

    5. From the Link Level Policy drop-down list, choose the desired link level policy or create one.

      The link level policy specifies the speed of the physical interface. If you do not choose a link level policy, the speed will default to 10 Gbps.

    6. In the Port Channel Policy drop-down list, choose Create Port Channel Policy.

      You need to choose the same policy that is on the ESXi server. For example, if the server does not support LACP, you can choose Static Channel - Mode On or MAC Pinning.

    7. In the Attached Device Type field, choose AVS VLAN Hosts or AVS VXLAN Hosts.
      Note    If the hypervisors are directly connected to leaf switches, you can use either VLAN or VXLAN. (Cisco UCS blade servers, where Fabric Interconnects are connected to the fabric, are considered to be directly connected.) However, if the hypervisors are not directly connected to leaf switches, you must use VXLAN. For more information, see the Overview section.
    8. In the Domain area, make sure that the Create One radio button is chosen.

      The Create One option is used when creating a new VMM domain for an interface or switch profile, as you do in this procedure. The Choose One button is used when creating an interface or switch profile for a new host that you want to make part of an existing VMM domain.

    9. In the Domain Name field, enter the domain name.
    10. If you chose AVS VLAN Hosts in Step 5 g, in the VLAN Range field, enter the VLAN range as appropriate.
      Note   

      Do not define a range that includes the reserved VLAN ID for infrastructure network because that VLAN is for internal use.

    11. If you chose AVS VXLAN Hosts in Step 5 g, in the Fabric Multicast Address field, enter an address, such as 225.1.1.1.
    12. If you chose AVS VXLAN Hosts in Step 5 g, in the Pool of Multicast Address Ranges field, create a new multicast pool or choose an existing one.
      Note   

      The multicast address configured in Step 5 k must not overlap with the ranges configured in Step 5 l.

    13. If you chose AVS VXLAN Hosts in Step 5 g, in the Local Switching area, choose True or False.

      With local switching, traffic within an endpoint group (EPG) does not go to the leaf, so if you choose local switching, you might not see some traffic counters. If you want to see all intra-EPG traffic, you should choose False. See the section Cisco Application Virtual Switch Overview for additional information about Local Switching and No Local Switching modes.

    14. (Optional) From the Security Domains drop-down list, choose or create a security domain.
    15. In the vCenter Login Name field, enter the vCenter Administrator/root username.
    16. In the Password field, enter the vCenter Administrator/root password.
    17. In the Confirm Password field, reenter the password.
    Step 6   Click the + icon to expand vCenter, and in the Create vCenter/vShield Controller dialog box, perform the following actions:
    1. In the Name field, enter a name to refer to the vCenter domain.

      The name does not need to be the same as the vCenter domain name; you can use the vCenter's host name.

    2. In the Host Name (or IP Address) field, enter the host name or IP address.

      If you use the host name, you must already have configured a DNS policy on Cisco APIC. If you do not have a DNS policy configured, enter the IP address of the vCenter server.

    3. From the DVS Version drop-down list, choose DVS version 5.1.
    4. In the Stats Collection field, choose Enabled.
    5. In the Datacenter field, enter the data center name.
      Note   

      The name that you enter for Datacenter must match exactly the name in vCenter. The name is case sensitive.

    6. Click OK.
    7. In the vSwitch Policy area, check the appropriate check boxes. For example, choose the appropriate port channel policy, such as LACP or MAC Pinning and the relevant CDP, LLDP and BPDU policies.
      Note   

      If you do not specify a policy in the vSwitch Policy area, the same interface policy that you configured earlier in the Interface Policy Group area of the configuration wizard will take effect for the vSwitch.

      Note   

      In the vSwitch Policy area, check the MAC Pinning check box if you have a Unified Computing System (UCS) Fabric Interconnect (FI) between the top-of-rack switch and the Cisco AVS.

    8. From the Firewall drop-down list, choose Learning, Enabled or Disabled mode.

      Learning mode is used only when upgrading from a version of Cisco AVS that does not support Distributed Firewall to a version that does. Otherwise, Distributed Firewall should be in Enabled mode.You can change the Distributed Firewall mode later. See the section "Guidelines for Upgrading Cisco AVS with Distributed Firewall" in the Cisco Application Virtual Switch Installation Guide for instructions.

    Step 7   In the Configure Interface, PC, And VPC dialog box, click SAVE, click SAVE again, and then click SUBMIT.
    Step 8   Verify the new domain and profiles, by performing the following actions:
    1. On the menu bar, choose VM Networking > Inventory.
    2. In the navigation pane, expand VMware > Domain_name > Controllers, and then choose the vCenter.
    In the work pane, under Properties, view the virtual machine manager (VMM) domain name to verify that the controller is online. In the work pane, the vCenter properties are displayed including the operational status. The displayed information confirms that connection from the APIC controller to the vCenter server is established, and the inventory is available.

    Creating a vCenter Domain Using the Basic GUI

    Caution: Cisco recommends that you do not mix configuration modes (Advanced or Basic). When you make a configuration in either mode and change the configuration using the other mode, unintended changes can occur. For example, if you apply an interface policy to two ports using Advanced mode and then change the settings of one port using Basic mode, your changes might be applied to both ports.

    For information about using Advanced and Basic modes, see the Cisco APIC Getting Started Guide.

      Step 1   Log in to the Cisco APIC, choosing Basic mode.
      Step 2   Go to VM Networking > Inventory > VMware.
      Step 3   Right-click VMware and choose Create vCenter Domain.
      Step 4   In Create vCenter Domain dialog box, in the Virtual Switch Name field, enter a name.
      Step 5   In the Virtual Switch field, choose Cisco AVS.
      Step 6   In the Switching Mode field, choose, VLAN, VXLAN, or VXLAN-NS.

      VXLAN-NS is VXLAN with no local switching.

      Step 7   Complete one of the following actions:
      If you chose... Then...
      VLAN in Step 6

      In the VLAN Pool drop-down list, choose a VLAN pool.

      VXLAN or VXLAN-NS in Step 6

      1. In the AVS Fabric-Wide Multicast Address field, type an address.

      2. From the Pool of Multicast Addresses (one per EPG), choose an option.

      Step 8   In the vCenter field, click the + icon.
      Step 9   In the Create vCenter Controller dialog box, in the Host Name (or IP Address) field, identify one or more vCenters.
      Step 10   From the DVS Version drop-down list, choose DVS Version 5.1.
      Step 11   In the Datacenter field, type the vCenter name.
      Step 12   In the vCenter Credential Name field, type the vCenter credential name.
      Step 13   In the Username field, type the username for logging in to the vCenter.
      Step 14   In the Password field, type the password for logging in to the vCenter.
      Step 15   In the Confirm Password field, retype the password.
      Step 16   Click OK.
      Step 17   In the Create vCenter Domain dialog box, in the vSwitch Policy area, check the appropriate check boxes.

      In the vSwitch Policy area, check the MAC Pinning check box if you have a Unified Computing System (UCS) Fabric Interconnect (FI) between the top-of-rack switch and the Cisco AVS.

      Step 18   From the Firewall drop-down list, choose Learning, Enabled or Disabled mode.

      Learning mode is used only when upgrading from a version of Cisco AVS that does not support Distributed Firewall to a version that does. Otherwise, Distributed Firewall should be in Enabled mode.You can change the Distributed Firewall mode later. See the section "Guidelines for Upgrading Cisco AVS with Distributed Firewall" in the Cisco Application Virtual Switch Installation Guide for instructions.

      Step 19   Click SUBMIT. The new vCenter domain appears in the central Properties pane. You now need to specify which ports are connected to the new domain.
      Step 20   Choose Fabric > Inventory, and in the Inventory navigation pane, click the Pod folder.
      Step 21   In the work pane, click Topology.
      Step 22   in your topology, right-click your leaf and choose Configure.
      Step 23   In the top section of the work pane, choose the ports on the leaf that vCenter domain is connected to.
      Step 24   In the bottom section of the work pane, click CONFIGURE INTERFACE.
      Step 25   In the Interface tab, in the Speed field, choose a speed.

      The default value is inherit.

      Step 26   (Optional) In the L2 Protocols tab, select a protocol.
      Step 27   In the VLAN tab, from the VLAN Domain drop-down list, choose a VLAN domain.
      Step 28   In the ESX And SCVMM area, click the + icon, and in the Name drop-down list, choose the vCenter domain that you created earlier in the procedure.
      Step 29   Click APPLY CHANGES.
      Step 30   In the Success dialog box, click OK.

      Configuring vSwitch Override Policies on the VMM Domain Using the Advanced GUI

      Before installing Cisco AVS, you can use the configuration wizard to create a VMware vCenter profile and create interface policy group policies for Cisco AVS. You also can create vSwitch policies that override the interface policy group policies and apply a different policy for the leaf.

      However, if you did not use the configuration wizard—or if you used the configuration wizard but did not configure a vSwitch override policy—you can configure a vSwitch override policy by using one of the procedures in this section. You can perform the override in Cisco APIC through the Fabric tab or the VM Networking tab.


      Note

      In Cisco AVS 5.2(1)SV3(1.10), you cannot create a Distributed Firewall policy on the vSwitch using the configuration wizard. See the section "Configuring Distributed Firewall" in the Cisco ACI Virtualization Guide for instructions for configuring a Distributed Firewall policy and associating it to the VMM domain.

      Before You Begin

      We recommend that you already have created access policies and an attachable access entity profile for Cisco AVS.

        Step 1   Log in to the Cisco APIC, choosing Advanced mode.
        Step 2   Perform one of the following sets of actions:
        Note   

        A vSwitch override policies configured through the VM Networking tab on the VMM domain take precedence over vSwitch override policies configured through the Fabric tab on the attachable access entity profile.

        If you want to configure the override policy... Then...
        Through the VM Networking tab

        Perform the following steps:

        1. Go to VM Networking > Inventory > VMware.

        2. In the Inventory navigation pane, choose the relevant VMM domain.

        3. In the VMM domain work pane, scroll to the VSwitch Policies area, and from the appropriate vSwitch policy drop-down list, choose the policy that you want to apply as an override policy.

        4. Click SUBMIT.

        Through the Fabric tab

        Perform the following steps:

        1. Go to Fabric > Access Policies.

        2. In the Policies navigation pane, open the Global Policies folder and then open the Attachable Access Entity Profiles folder.

        3. Choose the attachable access entity profile attached to the relevant VMM domain.

        4. In the Attachable Access Entity Profiles work pane, scroll to the VSwitch Policies area, and from the appropriate vSwitch policy drop-down list, choose the policy that you want to apply as an override policy.

        5. Click SUBMIT.

        What to Do Next

        Verify that the policies are in effect on Cisco AVS.

        Pre-Cisco AVS Installation Configuration Using the NX-OS Style CLI

        You can perform some pre-Cisco AVS installation configuration tasks using the NX-OS style CLI.

        Creating a VLAN Domain Using the NX-OS Style CLI
        Create a VLAN domain.

        Example: Configuring a VLAN domain with static allocation: 
        apic1# configure
apic1(config)# vlan-domain cli-vdom1
apic1(config-vlan)# vlan 101-200 

apic1(config-vlan)# show running-config 
# Command: show running-config vlan-domain cli-vdom1 
# Time: Thu Oct  1 10:12:21 2015
  vlan-domain cli-vdom1 
    vlan 101-200 
    exit


        Example:Configuring a VLAN domain with dynamic allocation: 
        apic1# configure
apic1(config)# vlan-domain cli-vdom1 dynamic
apic1(config-vlan)# vlan 101-200 dynamic

apic1(config-vlan)# show running-config 
# Command: show running-config vlan-domain cli-vdom1 dynamic
# Time: Thu Oct  1 10:12:21 2015
  vlan-domain cli-vdom1 dynamic
    vlan 101-200 dynamic
    exit

        Configuring a Port Channel Using the NX-OS Style CLI
        Create a port channel.

        Example: 
        apic1# config
apic1(config)# template port-channel cli-pc1
apic1(config-if)# channel-mode active
apic1(config-if)# vlan-domain member cli-vdom1

apic1(config-if)# show running-config 
# Command: show running-config interface port-channel cli-pc1
# Time: Thu Oct  1 10:38:30 2015
  interface port-channel cli-pc1
    vlan-domain member cli-vdom1
    channel-mode active
    exit


        Configuring a VPC Domain Using the NX-OS Style CLI
        Configure a VPC domain.

        Example: 
        apic1# config
apic1(config)# vpc domain explicit 10 leaf 101 102

apic1(config-vpc)# show running-config 
# Command: show running-config vpc domain explicit 10 leaf 101 102
# Time: Thu Oct  1 10:39:26 2015
  vpc domain explicit 10 leaf 101 102
    exit

        Configuring a VPC on Switch Interfaces Using NX-OS Style CLI
        Configuring a VPC on switch interfaces

        Example: 
        apic1# config
apic1(config)# leaf 101 – 102
apic1(config-leaf)# interface ethernet 1/3
apic1(config-leaf-if)# channel-group cli-pc1 vpc

apic1(config-leaf-if)# show running-config 
# Command: show running-config leaf 101 - 102 interface ethernet 1/3
# Time: Thu Oct  1 10:41:15 2015
  leaf 101
    interface ethernet 1/3
      channel-group cli-pc1 vpc
      exit
    exit
  leaf 102
    interface ethernet 1/3
      channel-group cli-pc1 vpc
      exit
    exit

        Creating a VMM Domain with Local Switching or No Local Switching Using the NX-OS CLI
        Create a VMM domain with local switching or no local switching.

        Example: 
        apic1(config)# vmware-domain cli-vmm1
apic1(config-vmware)# vlan-domain member cli-vdom1
apic1(config-vmware)# vcenter 10.193.218.223 datacenter dc1 dvs-version 5.1
apic1(config-vmware-vc)# username root 
Password: 
Retype password: 
apic1(config-vmware-vc)#
apic1(config-vmware)# configure-avs
apic1(config-vmware-avs)# switching mode vlan
<or>
apic1(config-vmware-avs)# switching mode vxlan-ns
apic1(config-vmware-avs)# multicast-address 226.0.0.1
apic1(config-vmware-avs)# vxlan multicast-pool 226.0.0.11-226.0.0.20

apic1(config-vmware-vc)# show running-config 
# Command: show running-config vmware-domain cli-vmm1 vcenter 10.193.218.223 datacenter dc1 dvs-version 5.1
# Time: Thu Oct  1 10:51:45 2015
  vmware-domain cli-vmm1
    vcenter 10.193.218.223 datacenter dc1 dvs-version 5.1
      username root
      exit
    exit

apic1(config-vmware-avs)# show running-config 
# Command: show running-config vmware-domain cli-vmm1 configure-avs
# Time: Thu Oct  1 10:53:28 2015
  vmware-domain cli-vmm1
    configure-avs
      switching mode vlan
      exit
    exit

        Converting a Cisco Nexus 1000V Host to a Cisco AVS Host

        If you have a Cisco Nexus 1000V host, you can convert it to a Cisco AVS host by following the instructions in this section. If you already have a Cisco AVS host, skip this section and go to the next.

        For detailed information, see the Cisco Nexus 1000V and Cisco APIC documentation.

          Step 1   Make sure that the Cisco Nexus 1000V host has the VIB file that supports Cisco AVS.

          You need to have SV2(2.3) or later.

          Step 2   Move the VMs out of the Cisco Nexus 1000V host.
          Step 3   Remove the host from the Cisco Nexus 1000V DVS.
          Step 4   Reboot the host.
          Step 5   Create an APIC DVS in any switching mode.
          Step 6   Add the host to the APIC DVS.
          Step 7   Verify that OpenFlex status is active, that ports are in FWD state, and that the VTEP has a valid IP address.

          About Installing Cisco AVS

          You can use one of three methods to install Cisco AVS:

          • Cisco VSUM—This is the recommended method for installing Cisco AVS.

            For information about installing Cisco AVS with Cisco VSUM, see the section "About Installing Cisco AVS Using VSUM" in this guide for information Installing Cisco AVS Using VSUM.

          • VMware VUM—For information about installing Cisco AVS with VMware VUM, see the Appendix "Installing Cisco AVS Using the ESXi CLI or VMware VUM" in this guide.

          • ESXi CLI—For information about installing Cisco AVS with the ESXi CLI, see the Appendix "Installing Cisco AVS Using the ESXi CLI or VMware VUM" in this guide.


            Note

            If you are not using VMware vSphere Web Client, you cannot use Cisco VSUM or the VMware VUM and must use the ESXi CLI to install Cisco AVS.


          Note

          When you choose a Cisco AVS VIB, you need to choose the one compatible with the version of VMware ESXi hypervisor that you use. ESXi 5.1 uses xxxx.3.1.1.vib, ESXi 5.5 uses xxxx.3.2.1.vib, and ESXi 6.0 uses xxxx.6.0.1.vib.

          Cisco AVS Installation Using Cisco VSUM

          Using Cisco VSUM is the recommended method for installing Cisco AVS. Using Cisco VSUM validates the version and compatibility for the ESXi host, and in one procedure enables you to install the Cisco AVS onto the ESXi host and add the ESXi host to the Cisco AVS DVS.


          Note

          In Cisco VSUM Release 2.0, image files for Cisco AVS are uploaded separately from the Cisco VSUM software. The new Virtual Switch File Upload Utility enables you to dynamically upload the switch image files before installation. You download the switch image files from Cisco.com to your local system before uploaded them to the Cisco VSUM repository.

          You must have Cisco VSUM installed if you want to use it to install Cisco AVS. See the following sections in the Cisco Virtual Switch Update Manager Getting Started Guide for Cisco Application Virtual Switch before installing Cisco VSUM:

          1. Information About Cisco Virtual Switch Update Manager

          2. Compatibility Information for Cisco VSUM

          3. System Requirements for Cisco VSUM

          4. Prerequisites

          5. Verifying the Authenticity of the Cisco-Signed Image (Optional)

          One you have read the sections and fulfilled the system requirements and prerequisites in the Cisco Virtual Switch Update Manager Getting Started Guide for Cisco Application Virtual Switch, you can then install Cisco VSUM following the instructions in the section "Installing Cisco VSUM" in this guide.

          Once you have installed Cisco VSUM, see the following sections in this guide:

          1. About the Virtual Switch Image File Upload Utility

          2. Uploading the Cisco AVS Image File

          3. Prerequisites for Installing Cisco AVS

          Once you have read the sections and fulfilled the prerequisites, you can install Cisco AVS with Cisco VSUM following the instructions in the section "Installing Cisco AVS Using VSUM" in this guide.

          Installing Cisco VSUM

          You can install the Cisco VSUM OVA using the following steps.

          Before You Begin
          • Ensure that the Cisco VSUM OVA image is available in the file system.
          • Ensure that you have the IP address, subnet mask, gateway IP address, domain name, DNS server, and vCenter IP address and credentials for deploying the OVA.

            Note

            When you install Cisco VSUM, you must use the same credentials that you use to install the thick client.

            Step 1   Log in to the VMware vSphere Web Client.

            Step 2   Choose Hosts and Clusters.

            Step 3   Choose the host on which to deploy the Cisco VSUM OVA.

            Step 4   From the Actions menu, choose Deploy OVF Template.

            Step 5   In the Deploy OVF Template wizard, complete the information as described in the following table.
            Pane Action

            1a Select source

            Choose the Cisco VSUM OVA.



            1b Review details

            Review the details.



            1c Accept License Agreements

            Review the agreement and click Accept.



            2a Select name and folder

            Enter a name and choose a location for the appliance.



            2b Select a resource

            Choose the host or cluster to run the OVA template.



            2c Select storage

            Choose the data store for the VM.

            Choose either Thin provisioned format or Thick provisioned format to store the VM virtual disks.

            We recommend that you store the VM virtual disks in the Thick provisioned format.

            2d Setup networks

            Choose the destination network for the VM that is reachable from the vCenter Server.



            2e Customize template

            Provide the following information:

            • Management IP address

            • Subnet mask

            • Gateway IP address

            • DNS server IP address

            • DNS entry to resolve the fully qualified domain name (FQDN)

            • vCenter IP or FQDN

            • vCenter username

            • vCenter password

            • HTTP cleartext port and HTTPS port



            3 Ready to complete

            Review the deployment settings.

            Caution    Any discrepancies can cause VM booting issues. Carefully review the IP address, subnet mask, gateway information, and vCenter credentials.


            Step 6   Click Finish.
            Step 7   After Cisco VSUM deploys successfully, click Close.
            Step 8   Power on the Cisco VSUM VM. It might take 5 minutes for Cisco VSUM to be installed and registered as a vSphere Web Client plug-in.

            If the Web Client session was open during the installation, you must log out and log in again to view the Cisco VSUM plug-in.

            About the Virtual Switch Image File Upload Utility

            The Virtual Switch Image File Upload utility is a GUI that enables you to dynamically upload the Cisco AVS image files before you install Cisco AVS. You must download the Cisco AVS image files from Cisco.com on your local system before you upload them to the Cisco VSUM repository.

            Uploading the Cisco AVS Image File

            Before you install Cisco AVS using Cisco VSUM, you must upload the corresponding Cisco AVS image file to Cisco VSUM.

            Before You Begin

            Download the Cisco AVS .zip image folder from https:/​/​software.cisco.com/​download.

            Attention:

            You must download the Cisco AVS .zip image folder before starting the upload operation.

              Step 1   Log in to the VMware vSphere Web Client.
              Step 2   Choose Home > Cisco Virtual Switch Update Manager.

              Step 3   In the Cisco Virtual Switch Update Manager pane, choose AVS > Upload.

              Step 4   In the Upload Switch Image pane, click Upload.

              Step 5   In the Virtual Switch Image File Uploader window, click Browse, choose the appropriate image folder available on your local machine, and then click Upload.

              The upload might take a few minutes.

              Step 6   In the dialog box telling you that the .zip image folder was successfully uploaded, click OK.

              Step 7   You can confirm the upload in the Manage Uploaded switch Images pane.

              What to Do Next

              Install Cisco AVS as described in the remaining procedures in this chapter.

              Prerequisites for Installing Cisco AVS

              Installing Cisco AVS has the following prerequisites:

              • You must set up the Cisco APIC before you can set up the Cisco AVS. See the Cisco APIC Getting Started Guide for instructions on how to configure the Cisco APIC for the first time.

              • You must make sure that all switches are registered and that the Cisco ACI fabric is up to date. See Cisco Application Centric Infrastructure Fundamentals and the Cisco APIC Getting Started Guide.

              • The Cisco AVS configuration in the Cisco APIC must be completed manually. See the section Configuring Cisco APIC Settings in this guide for detailed information about configuring the Cisco APIC before Cisco AVS installation.

              • You must install Cisco VSUM if you plan to use it to install the Cisco AVS. See the section "Installing Cisco VSUM" in this guide.

              • You have downloaded the appropriate Cisco AVS image file from Cisco.com and uploaded it in the Cisco VSUM repository. See the section "About the Virtual Switch Image File Upload Utility" and "Uploading the Cisco AVS Image File" in this guide.

              • You have created a tenant configuration that contains the required bridge domain, application profile, endpoint groups, and contracts. See the Cisco APIC Getting Started Guide for more information.

              • The host has one or more unclaimed physical NICs.

              • You have administrative privileges for the vCenter Server.

              • When connecting the Cisco AVS using VXLAN encapsulation, set the maximum transmission unit (MTU) value equal to or greater than 1600 on all intermediate devices on the path between the Cisco ACI fabric and the Cisco AVS. These include FI switches and UCS-B. However, to optimize performance, the MTU should be set to the maximum supported size that all intermediate devices on the path between the Cisco ACI fabric and the Cisco AVS support. The maximum configurable MTU on AVS is 8950.

              • When adding additional VMware ESXi hosts to the VMM domain for the Cisco AVS, ensure that the version of the ESXi host is compatible with the Distributed Virtual Switch (DVS) version already deployed in the vCenter. For more information about Cisco AVS compatibility for ESXi hosts, see the Cisco AVS Release Notes for your Cisco AVS release.

                If the ESXi host version is not compatible with the existing DVS version, vCenter will not be able to add the ESXi host to the DVS, and an incompatibility error will occur. Modification of the existing DVS Version setting from the Cisco APIC is not possible. To lower the DVS Version in the vCenter, you need to remove and reapply the VMM domain configuration with a lower setting.

              Installing Cisco AVS Using VSUM

              The following procedure—using the feature labeled Add Host-AVS in Cisco VSUM—puts the hosts into maintenance mode, installs the Cisco AVS, and adds an ESXi host or multiple hosts to the Cisco AVS.

              Before You Begin

              You must obtain the following information for the Cisco AVS:

              • vCenter IP address

              • vCenter user ID

              • vCenter password

                Step 1   Log in to the VMware vSphere Web Client.
                Step 2   Choose Home > Cisco Virtual Switch Update Manager.

                Step 3   In the Cisco Virtual Switch Update Manager pane, choose AVS > Configure, choose a data center, choose the Cisco AVS, and then click Manage.

                You choose the Cisco AVS from the Choose an associated Distributed Virtual Switch area.



                Step 4   In the switch pane, choose Cisco AVS > Add Host-AVS.

                Step 5   In the Add Host-AVS tab, complete the following actions:
                1. From the Target Version drop-down list, choose the target VIB version to be installed on the host.

                2. Click Show Host.

                  The hosts are represented in the following categories:

                  • Cluster—Hosts that are part of clusters.

                  • Standalone—Hosts that are not part of clusters. You can add hosts that are in a standalone mode.

                3. Expand Cluster or Standalone, depending on your setup.

                  Hosts are further organized within the Cluster and Standalone categories:

                  • Supported—Hosts that are supported by the Cisco AVS. You can add these hosts.

                  • Unsupported—Hosts that are not supported by the Cisco AVS.

                  • Unreachable—Hosts that are in a not responding state or are in a disconnected state.

                  • Already in DVS—Hosts that are already associated with the DVS. You cannot add a host that is already associated with a DVS.

                  • No free PNIC—Hosts that do not have a free PNIC. You cannot add a host that does not have a free PNIC.

                4. Choose one or more available hosts and then click Suggest.

                   The PNIC Selection area displays the available uplinks for each host.
                5. In the PNIC Selection area, choose the PNIC or PNICs to be added to the Cisco AVS.

                6. Click Finish to add the host or hosts to the Cisco AVS.
                Step 6   Check the status of adding the host by completing the following steps:
                1. Choose the host in the left navigation pane.
                2. Click the Monitor tab and then click Tasks.

                  The task console appears in the work pane, displaying a list of tasks with the most recent task at the top.

                3. Find the task in the Task Name column and then view the status in the Status column.

                  The Status column shows whether the task is complete or in progress.

                  Note   

                  Several tasks might appear above the primary task you just performed. They might be associated with your primary task.

                  The host addition is confirmed when the primary task Add hosts to Cisco DVS has the status Completed.

                If you close the browser and later want to view the task's history, log in to the VMware vSphere Web Client, and click Tasks in the navigation pane to display the lists of tasks in the work pane.

                What to Do Next

                Verify the Cisco AVS installation. See Verifying the Cisco AVS Installation in this guide for instructions.

                Verifying the Cisco AVS Installation

                The following sections describe how to verify that the Cisco Application Virtual Switch (AVS) has been installed on the VMware ESXi hypervisor.

                Verifying the Virtual Switch Status

                  Step 1   Log in to the VMware vSphere Client.
                  Step 2   Choose Networking.
                  Step 3   Open the folder for the data center and click the virtual switch.
                  Step 4   Click the Hosts tab.

                  The VDS Status and Status fields display the virtual switch status. The VDS status should be Up to indicate that OpFlex communication has been established.

                  Verifying the vNIC Status

                    Step 1   In VMware vSphere Client, click the Home tab.
                    Step 2   Choose Hosts and Clusters.
                    Step 3   Click the host.
                    Step 4   Click the Configuration tab.
                    Step 5   In the Hardware panel, choose Networking.
                    Step 6   In the View field, click the vSphere Distributed Switch button.
                    Step 7   Click Manage Virtual Adapters. The vmk1 displays as a virtual adapter and lists an IP address.
                    Step 8   Click the newly created vmk interface to display the vmknic status.
                    Note    Allow approximately 20 seconds for the vmk to receive an IP address through DHCP.

                    Post-Installation Configuration

                    After you install the Cisco AVS, you need to perform several configuration tasks.

                    You need to deploy an application profile, which includes creating a tenant, application profile, EPGs, filters, and contracts, and assigning port groups to VMs. You then need to verify the application profile.

                    See the Cisco AVS chapter in the Cisco ACI Virtualization Guide for instructions.

                    If you want to use Distributed Firewall available in Cisco AVS Release 5.2(1)SV3(1.5) and later releases, you need to enable it after installation. See the section "Enabling Distributed Firewall" in the Cisco ACI Virtualization Guide for instructions.

                    Uninstalling Cisco AVS

                    You might need to remove Cisco AVS for testing or if you need to remove all configuration from the Cisco ACI fabric, resetting the fabric to its initial state. Follow the high-level steps in this procedure to remove the Cisco AVS.

                      Step 1   Complete the following steps in the VMware vSphere Client:
                      1. Remove all VMs from EPG port groups.
                      2. Remove all Virtual Tunnel Endpoint (VTEP) VMware kernels (VMKs) from the Cisco AVS hosts.
                      3. Remove all hosts from the Cisco AVS.

                      See the VMware documentation for instructions.

                      Step 2   Complete the following steps in the Cisco APIC:
                      1. Remove all virtual machine management (VMM) domain associations to EPGs to delete port groups.

                        This step is optional if you are removing all configuration from the Cisco ACI fabric.

                      2. Remove the Cisco AVS VMM domain.
                      What to Do Next

                      If you are uninstalling the Cisco AVS but not removing all configuration from the Cisco ACI fabric, you can remove the VIB software from each host where it was installed. You can use the following vSphere CLI command to remove the VIB software from a host:

                      esxcli software vib remove -n installed_vem_version

                      Was this Document Helpful?

                      FeedbackFeedback

                      Contact Cisco

                      Related Support Community Discussions