Simplifying VLAN Auto Provisioning for vCenter


vCenter Connection Service (VCCS) provides a distributed processing logic used for adding metadata to vPorts and provisioning VLANs. Fabric configured with VCCS learns switch port mapping from the LLDP protocol and provisions VLANs on respective physical switches. However, ports not host-facing require VLAN provisioning as well, including cluster ports, uplinks, spine cluster ports, and vxlan-loopback-ports.

Auto-provisioning allows you to provide a range of VLANs that other administrators, for example, server administrators, can use to associate a VLAN with a port.

PortGroups used in vCenter are applied to Virtual Machines(VMs).

For auto-provisioning  VLANs, the vcenter-connection-create command is extended to include a vlans  keyword to allow one VLAN or a list of VLANs associated with the service.

If VLANs are not provided as part of starting the service, then vCenter does not auto provision VLANs.

You can overlap VLANs across connection  service  instances. VMs connect to portGroups on a ESXi server, and the PortGroups include definition of VLAN or VLAN range used.

In order to provision the port Group VLAN or VLAN range in the fabric, it must be part of the range specified in the vcenter-connection-create command. The VLANs are created with the scope local and no ports added.  For Layer 2 underlay, the VLANs are created with scope fabric.

Ports connected to Esxi hosts are added to the VLANs if the VLANs already exist. To auto-provision VLANs and add this type of port, use the following workflows:

VCCS on a Leaf Switch Connected to a Host

VLANs before VCCS provisioning:
 
CLI (network-admin@Leaf1) > vlan-show

id

----

range

-----

type

-----

scope

-----

description

-----------

active

------

state

-----

ports

------------

untagged-ports

---------------

1

1

public

local

default-1

yes

yes

1-72, 128,254

1-72, 128,254

1

1

public

local

default-1

yes

yes

0-72, 128,254

0-72, 128

1

1

public

local

default-1

yes

yes

1-72, 128,254

1-72, 128,254

1

1

public

local

default-1

yes

yes

0-72, 128,254

0-72, 128

4093

4093

local

local

vlan-4093

yes

yes

253

253

1

1

public

local

vlan-4093

yes

yes

253

253

1

1

public

local

vlan-4093

yes

yes

253

253

1

1

public

local

vlan-4093

yes

yes

253

253


 
Create the VCCS connection:
 
(CLI network-admin@Leaf1) > vcenter-connection-create name VCCS1 host 10.11.36.206 user admin@lab.test vlans 2515,2417-2418 network-provisioning l2-underlay


vCenter user password:
vCenter connection service VCCS1 started
 


New VLANs for VCCS can be added (to existing VLANs) for provisioning while VCCS service is already running by modifying VCCS VLANs along with enable option. For example, use the following commands


CLI (network-admin@leaf1) > vcenter-connection-show


name   host          user                     enable state    connected-time                   vlans  network-provisioning

---- ------------ -------------------------- ------ ----- --------------------------------     -----  --------------------

VCCS vcenter-colo administrator@lab.pluribus   yes    ok    connected at 2019-04-11 23:37:23   10-15        none                



CLI (network-admin@leaf1) > vcenter-connection-modify name VCCS vlans 16-18 enable 


CLI (network-admin@leaf1) > vcenter-connection-show


name   host         user                       enable state connected-time                   vlans  network-provisioning

---- ------------ --------------------------  ------ ----- --------------------------------  ----- --------------------

VCCS vcenter-colo administrator@lab.pluribus   yes    ok    connected at 2019-04-11 23:37:23  10-18   none                


If VCCS service is stopped and started again with modified VLANs and enable option, old LANs are deleted and new VLANs are provisioned. For example,


CLI (network-admin@leaf1) > vcenter-connection-show


name  host         user                       enable state vlans network-provisioning

---- ------------ -------------------------- ------ ----- ----- --------------------

VCCS vcenter-colo administrator@lab.pluribus   no    init  10-15   none                


CLI (network-admin@leaf1) > vcenter-connection-modify name VCCS vlans 16-18 enable

vCenter connection service VCCS started.


CLI (network-admin@leaf1) > vcenter-connection-show


name   host         user                       enable state connected-time                   vlans network-provisioning

 ---- ------------ -------------------------- ------ ----- -------------------------------- ----- --------------------

VCCS vcenter-colo administrator@lab.pluribus   yes    ok    connected at 2019-04-11 23:42:04 16-18   none                 



If VCCS service is disabled, service is stopped but switch configs are not deleted unless service is deleted from switch.

VLANs after provisioning:


CLI (network-admin@Leaf1) > vlan-show
 

id

----

range

------

type

-----

scope

-----

description

-------------

active

------

stats

------

ports

-----------

untagged-ports

-----------

1

1

public

local

default-1

yes

yes

0-72,128

0-72,128

1

1

public

local

default-1

yes

yes

0-72,128

0-72,128

2415

2415

public

local

vCenter vlan2415

yes

yes

0,6,12,16,42,44,56,128

none

2415

2415

public

local

vCenter vlan2415

yes

yes

0,6,12,16,49,128

none

2417

2417

public

local

vCenter vlan2417

yes

yes

0,6,12,16,42,44,56,128

none

2417

2417

public

local

vCenter vlan2417

yes

yes

0,6,12,16,49,128

none

2418

2418

public

local

vCenter vlan2418

yes

yes

0,6,12,16,42,44,56,128

none

2418

2418

public

local

vCenter vlan2418

yes

yes

0,6,12,16,49,128

none

4093

4093

public

local

vlan-4093

yes

yes

253

253

4093

4093

public

local

vlan-4093

yes

yes

253

253

4094

4094

public

local

leaf-cls

yes

yes

0,6,12,16,128

none

4094

4094

public

local

leaf-cls

yes

yes

0,6,12,16,128

none



 

Note the following port designations:

 

  • Host-facing ports — 42,44,56
  • Cluster ports — 12,16,128
  • Spine1 port 6 added to VLANs 2415, 2417, 2418