Wassim

Using username "admin". Application Policy Infrastructure Controller admin@10.10.20.42's password: Last login: 2020-06-07T14:19:13.000+00:00 UTC apic1# After connecting to the CLI, press the tab key to list all possible commands: apic1# attach-ave configure export-config logit show attach-avs debug fabric passwd terminal bash end firmware reload trigger callhome eraseconfig import-config replace-controller where clear exit lastlogin apic1# apic1# show endpoints Legends: (P):Primary VLAN (S):Secondary VLAN Total Dynamic Endpoints: 0 Total Static Endpoints: 0 apic1# apic1# There is also the variation “show endpoint mac {MAC_ADDR}”. And the MAC address can be typed in one of the four possible formats: apic1# show endpoint mac ? E.E.E MAC address (Option 1) EE-EE-EE-EE-EE-EE MAC address (Option 2) EE:EE:EE:EE:EE:EE MAC address (Option 3) EEEE.EEEE.EEEE ...

ACI includes a RESTful API in its implementation, which has the following characteristics: the REST API uses HTTP or HTTPS as a transport protocol it uses GET&POST HTTP verbs an API Call includes in its body XML or JSON it does not use HTTP authentication mechanism, but rather an API call with an authentication request in the body. Once authenticated, an authentication token is generated. There are two good ways to learn the ACI API: with API Inspector, with Visore: which is a case-sensitive HTML page on the APIC. ACI Python SDK: is the Python SDK for ACI which is downloadable offline from the APIC. We find it in the literature also under the name Cobra. ACI Debug feature is activated from the GUI. It displays a bar with debugging information such as Managed Object names (MO), class names, etc. The information we get from the ACI Debug tool can be entered as input in Visore, which will analyze them and display the output for you. Arya is a Python code generator. It takes as input ...

ALE: the leaf ports that connect to the spine If we connect a 40G FEX to a 10G leaf, we need to use Breakout cables, which are cables with a QSFP on a one side and 04 10G SFP on the other side. And it is a Cisco cable. A FEX connects only to leafs. There is no dual-homed FEXes; only normal port channels to a parent switch. Between the FEXes we can configure a vPC and apply the same VPC Interface Policy Group to both FEXes. On the FEX user-facing ports, we can attach a server through vPC: Connectivity between FEX and Leaf © Cisco.com We must distinguish the FEX Switch Profile from the normal Switch Profiles. To indicate in a Leaf that we are connecting a FEX, we activate the checkbox “connected to a FEX” under the Access Port Selector of the parent switch (i.e. the leaf). When attaching and booting FEXs to ACI fabric, it downloads its code from APIC. It can take some time to appear with the following command: Leaf# show fex For the FEX we must create: a dedicated AAEP, a VLA...

Below are my study notes about the integration of Openstack with ACI. I begin with defining some concepts. Then I describe NAT feature within Openstack and I finish with discussing networking plugins. Openstack is a group of technologies that provide enterprise cloud computing capabilities. has the following minimal components or node types: a compute node (aka Nova), it runs the nova-compute service, a controller node which comprises many services. These services can be distributed over dedicated servers such as: storage nodes (aka Swift) and network nodes (aka Quantum or later as Neutron). A compute node hosts one or more instances (the equivalent of virtual machines). Each instance is referenced with its Instance ID. Each Openstack Compute node has a virtual bridge interface named br-int. Each Compute instance is connected to br-int through a tap virtual interface, then through a virtual switch, then to the br-int bridge. Neutron provides VLAN, VXLAN and NVGRE encapsulation possibi...

ACI VLAN Pools: Definitions A VLAN Pool defines one or more groups (one or more blocks) of VLAN IDs. A single VLAN Pool can be associated to many or all domains configured in the APIC. A VLAN Pool is used internally by the fabric to map endpoints to EPGs. Remember that the concept of VLAN has in ACI a local significance: a VLAN in ACI is just telling the leaf port which encapsulation it should put on the frame travelling southbound from APIC. A VLAN Pool has a VLAN allocation type. It means how the VLANs from this VLAN Pool will be allocated. VLAN allocation can be Static Allocation or Dynamic Allocation . We will learn the difference between the two in a moment. ACI VLAN Pool: Encap Blocks In VLAN Pool, we need to define one or more ranges of VLAN IDs, called Encap Blocks or VLAN Ranges : Encap Blocks or VLAN Ranges in a VLAN Pool A VLAN Pool Encap Block is simply a range of VLAN IDs: Encap Block in a VLAN Pool The Encap Block have two possible allocation types: a static allocation ...

Here are the steps to configure OSPF routing between ACI fabric and an external router. The part on the external router is not mentioned in this blog post, since I focus here only on ACI. If our network design involves BGP Route Reflectors , then we need to have a BGP Route Reflector Policy set before configuring external OSPF routed network. We also need to have the same MTU size on both ends of the OSPF segment, either by setting it to 1500 Bytes on the border leaf, or by setting it to 9000 Bytes on the external router. Our network design here dictates that the tenant has its own L3out block. Configure OSPF Interface Policy and OSPF Interface Timer Policy When we decide to configure the L3 Out on a particular tenant, then OSPF must be configured under that tenant. Go to the tenant –> Policies –> Protocol –> OSPF –> OSPF Interface –> Create OSPF Interface Policy This is the new configuration path. In older ACI versions, it was Tenant -> ...