In this video we explore a very popular topic in Microsegmentation. To summarize, Microsegmentation inside of ACI is taking devices inside of an EPG, and placing them inside of their own “sub-EPG”. This new EPG behaves exactly like normal EPGs from a connectivity perspective; we still need contracts to talk to other EPGs (including our base-EPG), we also still need to associate the uSeg EPG to a bridge domain.
Inside of ACI, we implement Microsegmentation in the following manner:
- Create a Base EPG (this is a normal EPG). From the base EPG, all of your devices in the same EPG are identified (as normal) with a dot1q tag.
- Our your VMM domain attached to the base EPG, click the “allow micro-segmentation” clickbox.
- Create a uSeg EPG. There are several ways of classifying the uSeg EPG:
- DNS name
- IP address
- Mac Address
- VM Attributes (VM name, vSphere DC, etc)