Cisco ACI Tutorial – A Configuration Guide

Posted on 2015/09/21 by RedNectar Chris Welsh

Cisco ACI Tutorial – A Configuration Guide

Cisco ACI Tutorial – Part 1

Note:RedPoint This is the first of a series of four blog posts that I plan to publish over the coming weeks. Make sure you follow my blog so you don’t miss out on the continuing story.

If you are new to Cisco Application Centric Infrastructure (ACI) then you may well be daunted at this new method of configuring switches.  In this multi-part tutorial, I hope to take some of the configuration pain out of your headache.

I will take you through some of the underlying concepts, but do not attempt to explain the theory of ACI, such as VXLAN overlays and the like.

Objective

This is a configuration tutorial. It takes you through the steps needed to configure a sample ACI fabric.  The journey will give you important foundations in naming conventions that will help you understand your configuration in the future, and establish some best practices and conventions that will guide you long into the future.

At the completion of the tutorial, you will have a fully configured ACI fabric ready for testing.  You are responsible for making sure that all systems are production ready before deployment in a live network.

Prerequisite

To get the most out of this tutorial, you will need some basic understanding of Cisco ACI and the role of the Application Policy Infrastructure Controller (APIC).  Ideally, you will have access to an APIC and an ACI fabric, or the ACI Simulator.  Cisco partners/customers with sufficient rights to their CCO login, will be able to get access to an ACI simulator for a few hours at a time by logging on to Cisco dcloud.  See this post for a dcloud tutorial.

If you are not comfortable with terms like Leaf, Spine, Clos topology, End Point Groups and Application Profiles, then you will do well to do some research before you begin.  I’d recommend the following:

Let’s Begin

Assumption

To get the ball rolling, I will assume that:

  • Your ACI devices are racked and stacked, and cabled according to the Topology below
  • You have completed the assigned Out of Band (OOB) Management IP addresses to your APIC(s) and assigned addresses to the TEP pool as described in the “Setting up the APIC” section of the APIC Getting Started Guide.
  • You have a management station logged into the APIC GUI ready to begin configuring your ACI fabric.
TIP:RedPoint2 If you have real lab equipment (rather than using a simulator), then you will also be able to physically test your configuration if you have:

  • at least two devices that can act as Bare Metal Servers (ie servers that do NOT run a hypervisor), ideally with two NICs (and a 3rd NIC for RDP or VNC access would also be useful in the lab environment)
  • at least one ESXi server, and
    • VMware vCenter v5.5 installed with a NIC on the OOB Management Network.  For my test network I had an ESXi with three NICs and ran the vCenter as a VM on the ESXi server

Structure

This tutorial has seven parts, including this one.

  1. Let’s Begin
    • That’s this first tutorial where I cover the topology I will use, the Lab setup and conventions.
  2. Goodbye to VLANs. Well… not quite
    • Tenants, Private Networks, Bridge Domains and Subnets
  3. Sing a new song for sorting server groups and policy
    • Application Profiles, End Point Groups and Contracts
  4. TheAccess Policy Chain – a new “interface range” command
    • Access Port Profiles and Interface Profiles
    • And all that goes with it (Interface Policies, Policy Groups…)

The Topology

You probably know that an ACI Topology consists of Leaf and Spine switches.  For this tutorial, I will use two of each, although in truth the spine switches will not feature much at all in the configuration.  What will be more important is the equipment that is connected to the leaf switches.

ACI Topology

Note that there are two leaves.  To make life simple, I am going to use the following ports on each leaf switch for the following purposes:

 

Port range Use
1/1-2 External L3 Routers
1/3-4 External L2 Switches
1/5-10
1/5-7 10Gb/s
1/8-10 1Gb/s		  Single Attached Bare Metal Hosts
1/11-14 VPCs to ESXi  Hosts
1/15-20
1/15-17 10Gb/s
1/18-20 1Gb/s		 Single Attached ESXi  Hosts
1/21-24 VPCs to UCS B Series
1/25-28 VPCs to Bare Metal Hosts
1/29-32 Port Channels to Bare Metal Hosts
1/33-40 FEX connections
1/41 SPAN Port
1/42-44 APIC attachments

I will refer back to this table in  Tutorial #4 All about Access Policies – the  new “interface range” command.

The setup

AS I mentioned above, I’ll assume you have completed the assigned Out of Band Management IP addresses to your APIC(s) and assigned addresses to the TEP pool as described in the “Setting up the APIC” section of the APIC Getting Started Guide and can now log into your APIC’s GUI.

Already your fabric has begun the discovery process using LLDP, but before you can continue, you will have to register each leaf and spine switch in the APIC.  At the completion of this process, the APIC controllers will discover each other and form an APIC Cluster to become a single management unit.

Conventions

I will refer to menu items in the APIC in the following manner:

FABRIC > INVENTORY > Pod 1> Leaf 1

means that you should select the main menu item FABRIC, the sub-menu item INVENTORY then expand the POD 1 branch of the Navigation pane, and select the item Leaf 1.  Leaf 1 is in bold print because Leaf 1 is a user assigned name – in your case you may have decided to call it L-101 or something different – so you will have to be on the lookout when menu paths have bolded items, if you don’t follow my names exactly, you may have differences.

Menu Bar, Submenu Bar, Navigation Pane and Work Pane

Sometimes, you will need to click in the Work Pane to perform some tasks, and in this case you may find that the work pane has tabs across the top, and possibly another row of tabs under that or even more tabs under that. When you need to click on a tab, the tab name will appear in square brackets after a vertical bar after the item you need to select in the navigation pane, like FABRIC > INVENTORY > Pod 1 | [OPERATIONAL] | [SWITCHES] | [LEAVES], which says, “After you have selected FABRIC > INVENTORY > Pod 1 in the navigation pane, select the OPERATIONAL tab in the Work Pane, then select the tab under that called SWITCHES, and the tab under that called LEAVES.

NavigationPath

Configuration Steps

Step 1: Identify the fabric nodes

Note:RedPoint If you are using Cisco dcloud, you may find that this step has already been completed.

FABRIC > INVENTORY > Fabric Membership

You should see one item in the list with a NODE ID of 0 and no Node Name.  This device is the Leaf switch that your APIC is connected to.

Double-click on this entry and change the following:

  • NODE ID: 101
  • NODE NAME: Leaf1
Note:RedPoint Any text you have to enter will be shown in bold italics. Items that you have to select from a list or click on will be shown in bold only.

You will have to click on UPDATE to complete the change, but from now on you will have to assume that when I reach the end of a configuration item, you may need to click items like NEXT, FINISH, UPDATE and SUBMIT to complete the configuration.

After some time, the spine switches will be discovered via LLDP.  Pretty soon your screen should look something like this:

FabricMembershipProgress

As each Spine switch is discovered, double-click on the entry and change the following:

  • NODE ID: 201
  • NODE NAME: Spine1
  • NODE ID: 202
  • NODE NAME: Spine2

And finally the second leaf will be discovered. Update to

  • NODE ID: 102
  • NODE NAME: Leaf2

Step 2: Verify your config

Verify your configuration by selecting FABRIC > INVENTORY > Pod 1 | [OPERATIONAL] |[SWITCHES] | [LEAVES] and FABRIC > INVENTORY > Pod 1 | [OPERATIONAL] |[SWITCHES] | [SPINES].

You should see that each switch has been given an INFRASTRUCTURE IP that has come from the range of TEP addresses you gave the APIC in the initial setup, and that the STATUS shows in-serviceVerify Leaves

Assuming all is well, it is time to get ready to say Goodbye to VLANs. Well… not quite

Next…

RedNectar

Note:RedPoint If you would like the author or one of my colleagues to assist with the setup of your ACI installation, contact acimentor@housley.com.au and refer to this article. Housley works mainly around APJC, but are not restricted to this area.
Advertisement

About RedNectar Chris Welsh

Professional IT Instructor. All things TCP/IP, Cisco or Data Centre
This entry was posted in ACI, ACI configuration, ACI Configuration Tutorial Series#1, ACI Tutorial, Cisco, configuration tutorial, Data Center, Data Centre, Nexus, Nexus 9000, SDN, Software Defined Networking, tutorial and tagged , , , , , , , , , , , , . Bookmark the permalink.