Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3745
Views
0
Helpful
3
Replies

ACI Microseg - Cisco AVS vs. DVS

Go to solution
scott.livingston
Level 1
Level 1

‎05-02-2017 07:17 AM

With respect to ACI and microsegmentation in a VMware environment, other than the OpFlex capability, what are the differences b/t using the AVS vs. DVS?

Can we get the same level of granularity w/ both AVS and DVS, e.g. OS, hostnames etc.?

Thanks,

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎07-07-2017 10:39 AM

When dealing specifically with uSeg differences, they implement uSeg slightly differently.  vDS uses PVLANs, whereas AVS uses mac based EPGs for segmentation.   The differences are mainly under the hood.  The same level of granularity are available to both in terms of uSeg attributes.

Robert

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎07-07-2017 10:39 AM

When dealing specifically with uSeg differences, they implement uSeg slightly differently.  vDS uses PVLANs, whereas AVS uses mac based EPGs for segmentation.   The differences are mainly under the hood.  The same level of granularity are available to both in terms of uSeg attributes.

Robert

0 Helpful

Go to solution
amccullough@dstsystems.com
Level 4
Level 4

‎08-15-2017 08:42 AM

There is a scenario where the two differ greatly.  If you have a non-ACI leaf switch in the path between the ACI fabric and the VM Hosts then the AVS switch will be able to "tunnel" through that non-leaf node switch and still provide a end-to-end fabric experience (i.e. application-centric mode).  I've seen this when a data center has an existing VBlock implementation with N5Ks top of rack and is not able/willing to upgrade them to N9Ks.  By deploying AVS in the VM environment, ACI is able to maintain an end-to-end fabric view of the VM endpoints.  If you go with DVS for that scenario then the VBlock VM environment will need to be left in network-centric mode (along with every subnet/vlan that lives in that VM space).

0 Helpful

Go to solution
nvermand
Cisco Employee
Cisco Employee
In response to amccullough@dstsystems.com

‎08-25-2017 06:20 AM

Well it's not entirely correct. You can still segment a subnet in multiple EPGs if you have an intermediate L2 switching device between the fabric and the hosts. EPGs are identified by VLAN and subnet is completely abstracted. This means that you can have the same subnet carved up into multiple EPGs, therefore multiple VLAN. The extra step is just to configure these VLANs on the intermediate switch. If micro-segmentation is required, then this becomes cumbersome since you need to find a way to automate (preferably) the PVLAN configuration. There's no such thing as network-centric vs application-centric mode in ACI, only design choices against requirements.

Regards,

Nicolas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License