ACI Virtual Edge Switch
ACI Virtual Edge Switch
Basically, if you are familiar with ACI network and ACI switches, you have probably heard of something called AVS which was Cisco’s third-party switch that could be installed into the ESXi. Cisco Application Virtual Switch leveraged all of the features that that ACI brought to the network, though recently VMware made a public announcement that they would be closing off their kernel to all third party switches and therefore, in that particular case after a certain version, AVS would no longer work. Although, that’s no longer a problem due to Cisco’s new solution called Cisco AVE, to resolve this situation.
AVE stand for ACI virtual edge and it is just simply an evolution of the capabilities and feature sets of AVS, but it is no longer tied to the ESXi kernel. In addition, we can do all the same kinds of things and customers do not have to worry about what decisions a VMware might make about there.
Within the Cisco AVE technology, there’s a couple of things that you should be aware about in terms of versions and dependencies. You should be aware of the following terms in order to deploy ACI features using Cisco AVE:
- Supports ACI 3.1 release and later
- Supports ESXi 6.x release and later
- Can co-exist with Distributed Virtual Switch (DVS) and AVS on the same host
- Easy migration wizard from AVS available ACI
- Works with Multipod
Moreover, Cisco AVE supports robust features like full ACI policy model, VXLAN or VLAN encapsulation, L2 and L3 forwarding (local or via leaf switches), complete micro segmentation, distributed stateful firewall and SPAN or ERSPAN.
Cisco AVE Architecture
Cisco AVE is actually a virtual machine like entity that’s actually running in in user space. For AVE deployment, a couple of things is required. AVE got a leg in two different situations. The first leg is actually connected to a set of isolated PVLAN and port groups which will automatically show up if a standard ACI switch integration have been done into the vCenter. Then, those port groups will automatically show up when you build an EPG in ACI. The other leg of the AVE is actually a trunk that connects through the physical VM NICs of the ESXi host and into the ACI fabric.
Generally, AVE has three interfaces: inside, outside and management. On the inside leg which is a promiscuous trunk, all of the EPGs, that have been deployed in ACI, will show up there. In addition, all of that traffic will then lead to the AVE which provides the ability to apply different policies and all the features for customers. Moreover, the outside interface can be used you want to go beyond local switching, using ACI switch, and internet is needed. Finally, the management interface that can be connected to an existing management port group your environment and this allows you to SSH into the AVE to run all kinds of troubleshooting commands, see the logs and look at the look at information in the AVE.
Cisco AVE Deployment
Customers should follow the below steps in order to deploy AVE within their environment:
- Download the AVE software from Cisco.com
- Create and upload AVE to vCenter Content Library
- Create or modify VLAN pool in APIC for use with AVE
- Create new AVE VMM domain in APIC
- I opt for VXLAN encapsulation
- Results in a new standard DVS in vCenter
- Attach ESXi hosts to the DVS for AVE
- Deploy AVE through available methods e.g. ACI plugin, Powercli, Python and manual options
To be noted, customers should also consider the following recommendations for ACI fabric and ACI switches
- Pre-Install ACI Plugin for vCenter Web Client
- Install only one AVE per ESXi host
- Install AVE in ESXi local data store
- Do not vMotion AVE itself
- Don not remove and re-add the same AVE. (Can delete and redeploy instead)
- Read the Release Notes and Config Guides on Cisco.com