09/08/2018
[DC] ACI and APIC
ACI > Contructs
| Tenant | VDC |
| Context | VRF |
| Bridge domain | Subnet / SVI |
| EPG | Broadcast domain / VLAN |
| Contract | ACL |
| L2 External EPG | 802.1Q trunk |
| L3 External EPG | L3 Routed link |
Fundamentals:
- Open and Secure
- Apps and Infrastructure
- Physical and Virtual
- On-Site and Cloud
Bringing up the Fabric:
- Physical requirements
- Power
- Cabling + mgmt0
- Rack and Stack
- Power on/Connect to APICs
- How many APICs
- Fabric Name
- Admin Password
- Setup Fabric Network ( IP & VLAN)
- Log into the APIC (HTTP out of band)
- NTP
- Route Reflectors
- MGMT IP Fabric
- Leaf and Spine Name/#
Fabric Discovery
- Zero touch fabric, the controller does everything
- APIC uses LLDP to get information about the leaf switches it’s connected to
- First the leaf is dicovered and will be named (101)
- Then the Spine is connected and named (201)
- Then the leafs are discovered (103,104)
ACI > Contracts
- Contracts functions as ACL
- Contracts control how one group can interact with another group within the ACI fabric
- Contracts can be between EPG’s, or between L3out and EPG’s.
- Contracts control who can see what routes between VRF’s
ACI > Contexts and Bridge domains
- The Bridge Domain is a layer 2 domain built with VXLAN overlays
- The Bridge Domain is always associated with a VRF even if it’s not doing any routing
- The Bridge Domain is carved in Endpoint Groups to which physical servers and virtual machines attach
Adding switches via the APIC
APIC > Firmware Upgrade
- Download firmware from Cisco
- Controller software
- Switch image
- Check firmware repository
- Controller firmware upgrade
- Firmware group
- Maintenance group
- Best practice to create a maintenance group so you don’t upgrade all switches at once
- maintenancegroup: 0dd switches
- maintenancegroup: even switches
APIC > System settings
- NTP
- Route Reflectors
- MGMT IP Fabric
- Leaf and Spine Name/#
APIC > Admin > Config rollbacks
- Make snapshots
- Backup the fabric
- Backup tenant
- Schedule snapshots
APIC > Policy model
APIC > Network Centric Mode
- Create a Tenant
- Create a VRF for the tenant
- Create a VLAN 10 (bridge domain 10)
- Create a Group 10 EPG
- Put the servers in the Group
- Create a Group 10 EPG
- Create a VLAN 20 (bridge domain 20)
- Create a Group 20 EPG
- Put the servers in the Group
- Create a Group 20 EPG
- Create a VLAN 10 (bridge domain 10)
- Create a VRF for the tenant
APIC > Application Centric Mode
About The Author
