Skip to content

VMware VMM Domain

Location in GUI: Virtual Networking » VMware

Diagram
NameTypeConstraintMandatoryDefault Value
vmware_vmm_domainsList[vmware_vmm_domains]No

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
access_modeChoiceread-only, read-writeNoread-write
delimiterStringRegex: ^[|~!@^+=]$No
tag_collectionBooleantrue, falseNofalse
vlan_poolStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
allocationChoicedynamic, staticNodynamic
security_domainsListString[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]No
vswitchClass[vswitch]No
credential_policiesList[credential_policies]No
vcentersList[vcenters]No
uplinksList[uplinks]No

vswitch (apic.fabric_policies.vmware_vmm_domains)

Section titled “vswitch (apic.fabric_policies.vmware_vmm_domains)”
NameTypeConstraintMandatoryDefault Value
cdp_policyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
lldp_policyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
port_channel_policyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
enhanced_lagsList[enhanced_lags]No
mtu_policyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
netflow_exporter_policyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No

credential_policies (apic.fabric_policies.vmware_vmm_domains)

Section titled “credential_policies (apic.fabric_policies.vmware_vmm_domains)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
usernameStringRegex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$Yes
passwordStringYes

vcenters (apic.fabric_policies.vmware_vmm_domains)

Section titled “vcenters (apic.fabric_policies.vmware_vmm_domains)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
hostname_ipAnyString[Regex: ^[a-zA-Z0-9:][a-zA-Z0-9.:-]{0,254}$] or IPYes
datacenterStringmin: 1, max: 512Yes
dvs_versionChoiceunmanaged, 5.1, 5.5, 6.0, 6.5, 6.6, 7.0Nounmanaged
statisticsBooleantrue, falseNofalse
credential_policyStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
mgmt_epgChoiceinb, oobNoinb

Section titled “uplinks (apic.fabric_policies.vmware_vmm_domains)”
NameTypeConstraintMandatoryDefault Value
idIntegermin: 1, max: 32Yes
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes

enhanced_lags (apic.fabric_policies.vmware_vmm_domains.vswitch)

Section titled “enhanced_lags (apic.fabric_policies.vmware_vmm_domains.vswitch)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,16}$Yes
modeChoiceactive, passiveNoactive
lb_modeChoicedst-ip, dst-ip-l4port, dst-ip-vlan, dst-ip-l4port-vlan, dst-mac, dst-l4port, src-ip, src-ip-l4port, src-ip-vlan, src-ip-l4port-vlan, src-mac, src-l4port, src-dst-ip, src-dst-ip-l4port, src-dst-ip-vlan, src-dst-ip-l4port-vlan, src-dst-mac, src-dst-l4port, src-port-id, vlanNosrc-dst-ip
num_linksIntegermin: 2, max: 8No2

Example-1: this is a simple VMM domain named VMM_DOM with the most basic required data. The VMM domain is associated with a dynamic VLAN pool VMM_VLP, and is configured with the integration credentials under the VCENTER_CREDS credentials policy, specifying the vSphere username and password. These credentials are used to authenticate against the vCenters defined under the vcenters list, named PROD_VCENTER, which defines the vCenter hostname/IP of 10.10.10.10, datacenter name on the vSphere side (DC1 in this example), and the associated credentials policy. A new VDS with the name of the VMM domain will be created on the vCenter upon successful integration.

apic:
fabric_policies:
vmware_vmm_domains:
- name: VMM_DOM
vlan_pool: VMM_VLP
credential_policies:
- name: VCENTER_CREDS
username: admin
password: password
vcenters:
- name: PROD_VCENTER
hostname_ip: 10.10.10.10
datacenter: DC1
credential_policy: VCENTER_CREDS

Example-2: this VMM domain VMM_DOM defines specific configuration for the vSwitch policies, such as the CDP, LLDP and port-channel policies for the VDS. If left unspecified, the APIC will create custom CDP and LLDP policies for the VDS, so the system policies are used to achieve the required intent. CDP is enabled as it is used by default on the VDS using the ACI system policy of system-cdp-enabled, and LLDP is disabled using the equivalent system-lldp-disabled policy. The port-channel policy is set to system-mac-pinning to enable load sharing across the uplinks without using LACP, following the recommendation from VMware. This VMM domain defines the uplinks as well to be used by the ESXi hosts to be attached to the VDS, in this case defining UPLINK1 and UPLINK2 with their respective IDs of 1 and 2. This should only be defined when the uplink count is well-known and uniform across all hosts attached to the VDS, otherwise it should be left undefined for the VMware admin to define as needed.

apic:
fabric_policies:
vmware_vmm_domains:
- name: VMM_DOM
vlan_pool: VMM_VLP
credential_policies:
- name: VCENTER_CREDS
username: admin
password: password
vcenters:
- name: PROD_VCENTER
hostname_ip: 10.10.10.10
datacenter: DC1
credential_policy: VCENTER_CREDS
vswitch:
cdp_policy: system_cdp_pol_enabled
lldp_policy: system_lldp_pol_disabled
port_channel_policy: system_mac_pinning
uplinks:
- id: 1
name: UPLINK_1
- id: 2
name: UPLINK_2

Example-3: full example- of VMM domain with all properties configured

apic:
fabric_policies:
vmware_vmm_domains:
- name: VMM1
access_mode: read-write
delimiter: '|'
tag_collection: true
vlan_pool: VMM1
allocation: dynamic
vswitch:
cdp_policy: CDP-ENABLED
lldp_policy: LLDP-ENABLED
port_channel_policy: LACP-ACTIVE
netflow_exporter_policy: VMM-EXPORTER1
enhanced_lags:
- name: ELAGCUSTOM
mode: active
lb_mode: src-dst-l4port
num_links: 3
credential_policies:
- name: CRED1
username: Administrator
password: C1sco123
vcenters:
- name: VC
hostname_ip: 10.10.10.10
datacenter: DC1
dvs_version: unmanaged
statistics: true
credential_policy: CRED1
uplinks:
- id: 1
name: UPLINK1
- id: 2
name: UPLINK2