Cisco ACI Cookbook

Cisco ACI Cookbook

By : Stuart Fordham

Buy this Book

Cisco ACI Cookbook

By: Stuart Fordham

Buy this Book

Overview of this book

Cisco Application Centric Infrastructure (ACI) is a tough architecture that automates IT tasks and accelerates data-center application deployments. This book focuses on practical recipes to help you quickly build, manage, and customize hybrid environment for your organization using Cisco ACI. You will begin by understanding the Cisco ACI architecture and its major components. You will then configure Cisco ACI policies and tenants. Next you will connect to hypervisors and other third-party devices. Moving on, you will configure routing to external networks and within ACI tenants and also learn to secure ACI through RBAC. Furthermore, you will understand how to set up quality of service and network programming with REST, XML, Python and so on. Finally you will learn to monitor and troubleshoot ACI in the event of any issues that arise. By the end of the book, you will gain have mastered automating your IT tasks and accelerating the deployment of your applications.

Title Page

Credits

About the Author

About the Reviewers

www.PacktPub.com

Customer Feedback

Preface

Free Chapter

Understanding Components and the ACI Fabric

Introduction

Understanding ACI and the APIC

An overview of the ACI fabric

Converting Cisco from Nexus NX-OS mode to ACI mode

ACI fabric overlay

An introduction to the GUI

Configuring Policies and Tenants

Introduction

Creating fabric policies

Creating access policies

Creating tenants

Configuring bridge domains

Configuring contexts

Creating application network profiles

Creating endpoint groups

Using contracts between tenants

Creating filters

Creating contracts within tenants

Creating management contracts

Hypervisor Integration (and Other Third Parties)

Introduction

Installing device packages

Creating VMM domains and integrating VMWare

Associating vCenter domains with a tenant

Deploying the AVS

Discovering VMWare endpoints

Adding virtual machines to a tenant

Tracking ACI endpoints

Integrating with A10

Deploying the ASAv

Integrating with OpenStack

Integrating with F5

Integrating with Citrix NetScaler

Routing in ACI

Introduction

Creating a DHCP relay

Utilizing DNS

Routing with BGP

Configuring a layer-3 outside interface for tenant networks

Associating a bridge domain with an external network

Using route reflectors

Routing with OSPF

Routing with EIGRP

Using IPv6 within ACI

Setting up multicast for ACI tenants

Configuring multicast on the bridge domain and interfaces

ACI transit routing and route peering

ACI Security

Introduction

Creating local users

Creating security domains

Limiting users to tenants

Connecting to a RADIUS server

Connecting to an LDAP server

Connecting to a TACACS+ server

Implementing Quality of Service in ACI

Introduction

Preserving existing CoS settings

Configuring user-defined classes

Creating a basic QoS configuration

Verifying QoS

Network Programmability with ACI

Introduction

Browsing the object store using the Object Store Browser

Programming the ACI through REST

Authenticating through REST and XML

Creating a tenant using REST and XML

Deleting a tenant using REST and XML

Creating an APN and an EPG using REST and XML

Creating an application profile and EPG using REST

Authenticating through REST and JSON

Creating a tenant using REST and JSON

Using the Python SDK

Logging into the APIC using Cobra

Creating a tenant using the SDK

Monitoring ACI

Introduction

Finding faults

Viewing events

Navigating the audit logs

Troubleshooting ACI

Layer 2 troubleshooting

Upgrading the ACI software

VMM troubleshooting

Routing verifications

Troubleshooting external connectivity

Multicast troubleshooting

QoS troubleshooting

An End-to-End Example Using the NX-OS CLI

Introduction

Setting up in-band and out-of-band access to the nodes

Creating the security domain

Creating the VLAN domain

Creating the VMWare domain

Creating the tenant

Creating the VRF

Creating the bridge domains

Creating the applications and EPGs

Creating the contract

Creating an L4-L7 device

Creating service templates

Setting up the client VMs

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Creating an L4-L7 device

When creating an L4-L7 device, the GUI is most useful.

The ASA device package, like other packages, has some required entries, and the NX-OS cannot be re-written to account for all the required fields from all the different vendors. So, while scripting may be quicker, the GUI wins here.

How to do it...

First of all, we need to set up the ASA's management interface for DHCP and allow HTTPS access:

      ASAv# sh run int management 0/0
      !
      interface Management0/0
        management-only
        nameif management
        security-level 0
        ip address dhcp 
      ASAv# sh run | i http
      http server enable
      http 0.0.0.0 0.0.0.0 management
      ASAv#

You will also need an administrative account for the APIC to be able to connect to and manage the firewall.

While we do not have to do this next step, it's useful as it highlights the control over the VMWare environment that the APIC can have. So, assign the ASA interfaces to the Finance and Marketing port...

Cisco ACI Cookbook

By : Stuart Fordham

Cisco ACI Cookbook

By: Stuart Fordham

Overview of this book

Related Content you might be interested in

Current Title:

Cisco ACI Cookbook

Building Modern Networks

Implementing Cisco UCS Solutions

Learning VMware NSX

Creating an L4-L7 device

How to do it...