Simplifying VLAN Auto-Provisioning for vCenter
vCenter Connection Service (VCCS) provides a distributed processing logic used for adding metadata to vPorts and provisioning VLANs. Fabric configured with VCCS learns switch port mapping from the LLDP protocol and provisions VLANs on respective physical switches. However, ports not host-facing require VLAN provisioning as well, including cluster ports, uplinks, spine cluster ports and vxlan-loopback-ports.
Auto-provisioning allows you to provide a range of VLANs that other administrators, for example, server administrators, can use to associate a VLAN with a port.
PortGroups used in vCenter are applied to Virtual Machines(VMs).
For auto-provisioning VLANs, the vcenter-connection-create command is extended to include a vlans keyword to allow one VLAN or a list of VLANs associated with the service.
If VLANs are not provided as part of starting the service, then vCenter does not auto provision VLANs.
You can overlap VLANs across connection service instances. VMs connect to portGroups on a ESXi server, and the PortGroups include definition of VLAN or VLAN range used.
In order to provision the port Group VLAN or VLAN range in the fabric, it must be part of the range specified in the vcenter-connection-create command. The VLANs are created with the scope local and no ports added. For Layer 2 underlay, the VLANs are created with scope fabric.
Ports connected to Esxi hosts are added to the VLANs if the VLANs already exist. To auto-provision VLANs and add this type of port, use the following workflows:
VCCS on a Leaf Switch Connected to a Host
VLANs before VCCS provisioning:
 
CLI network-admin@Leaf1>vlan-show
 
switch
---------
id
----
range
------
type
-----
scope
-----
description
-------------
active
-------
state
------
ports
------------
untagged-ports
-----------------
Spine1
1
1
public
local
default-1
yes
yes
1-72, 128,254
1-72, 128,254
Leaf1
1
1
public
local
default-1
yes
yes
0-72, 128,254
0-72, 128
Spine2
1
1
public
local
default-1
yes
yes
1-72, 128,254
1-72, 128,254
Leaf2
1
1
public
local
default-1
yes
yes
0-72, 128,254
0-72, 128
Leaf2
4093
4093
local
local
vlan-4093
yes
yes
253
253
Spine2
1
1
public
local
vlan-4093
yes
yes
253
253
Spine1
1
1
public
local
vlan-4093
yes
yes
253
253
Leaf1
1
1
public
local
vlan-4093
yes
yes
253
253
...
 
active-edge-ports
--------------------
20,43,69,128
0,6,128
20,43,69,128
0,6,128
none
none
none
none
2. Create the VCCS connection:
 
CLI network-admin@Leaf1>vcenter-connection-create name VCCS1 host 10.11.36.206 user admin@lab.test vlans 2515,2417-2418 network-provisioning l2-underlay
vCenter user password:
vCenter connection service VCCS1 started
 
CLI network-admin@switch > vcenter-connection-show
 
name    host          user           enable  state  connected-time vlans network-provisioning
-----  --------      --------------  ------  ----- ---------------------------- -------------- -------------------
VCCS1   10.9.34.206  admin@lab.test   yes     ok connected at 01-03-19:22:223 2515,2417-2418 l2-underlay
 
 
VLANs after provisioning:
CLI network-admin@Leaf1>vlan-show
 
switch
---------
id
----
range
------
type
-----
scope
-----
description
-------------
active
-------
stats
------
ports
------------
untagged-ports
-----------------
Leaf2
1
1
public
local
default-1
yes
yes
0-72,128
0-72,128
Leaf1
1
1
public
local
default-1
yes
yes
0-72,128
0-72,128
Leaf2
2415
2415
public
local
vCenter vlan2415
yes
yes
0,6,12,16,42,44,56,128
none
Leaf1
2415
2415
public
local
vCenter vlan2415
yes
yes
0,6,12,16,49,128
none
Leaf2
2417
2417
public
local
vCenter vlan2417
yes
yes
0,6,12,16,42,44,56,128
none
Leaf1
2417
2417
public
local
vCenter vlan2417
yes
yes
0,6,12,16,49,128
none
Leaf2
2418
2418
public
local
vCenter vlan2418
yes
yes
0,6,12,16,42,44,56,128
none
Leaf2
2418
2418
public
local
vCenter vlan2418
yes
yes
0,6,12,16,49,128
none
Leaf1
4093
4093
public
local
vlan-4093
yes
yes
253
253
Leaf2
4093
4093
public
local
vlan-4093
yes
yes
253
253
Leaf1
4094
4094
public
local
leaf-cls
yes
yes
0,6,12,16,128
none
Leaf2
4094
4094
public
local
leaf-cls
yes
yes
0,6,12,16,128
none
 
 
active-edge-ports
--------------------
0,128
0,6,128
none
none
none
none
none
none
none
none
none
none
 
Note the following port designations:
Host-facing ports — 42,44,56
Cluster ports — 12,16,128
Spine1 port 6 added to VLANs 2415, 2417, 2418
 
You can add new VLANs for provisioning the VCCS services as below:
l New vlans for VCCS can be added to existing vlans for provisioning, while VCCS service is already running, by modifying the VCCS vlans along with enable option. For example,
CLI network-admin@switch > vcenter-connection-show
switch name host user enable state connected-time vlans network-provisioning
------- ---- ------ ------------------------ ------ ----- ------------------------------ ----- -----------
leaf1 VCCS vcenter1 admin@lab.pluribus yes ok connected at 2019-04-11 23:37:23 10-15 none
 
 
CLI network-admin@switch > vcenter-connection-modify name VCCS vlans 16-18 enable
CLI network-admin@switch > vcenter-connection-show
switch name host user enable state connected-time vlans network-provisioning
------ ----- ----- ---------------- ------ ----- --------------------------------- ------ ----------------------
leaf1 VCCS vcenter1 admin@lab.pluribus yes ok connected at 2019-04-11 23:37:23 10-18 none
 
l If VCCS service is stopped and started again with modified vlans and enable option, the old vlans gets deleted and new vlans are provisioned. For example,
CLI network-admin@switch > vcenter-connection-show
switch name host user enable state vlans network-provisioning
------ ----- ----- ---------------- ------- ------ ------ -----------------------
leaf2 VCCS vcenter1 admin@lab.pluribus no init 10-15 none
 
CLI network-admin@switch > vcenter-connection-modify name VCCS vlans 16-18 enable
vCenter connection service VCCS started.
CLI network-admin@switch > vcenter-connection-show
switch name host user enable state connected-time vlans network-provisioning
------- ---- ----- -------------- ------- ------ --------------------------------- ------ ------------------
leaf2 VCCS vcenter1 admin@lab.pluribus yes ok connected at 2019-04-11 23:42:04 16-18 none
 
 
l If VCCS service is disabled, the service is stopped but the switch configuration is not deleted unless service is deleted from switch.