Book Image

Cisco ACI Cookbook

By : Stuart Fordham
Book Image

Cisco ACI Cookbook

By: Stuart Fordham

Overview of this book

Cisco Application Centric Infrastructure (ACI) is a tough architecture that automates IT tasks and accelerates data-center application deployments. This book focuses on practical recipes to help you quickly build, manage, and customize hybrid environment for your organization using Cisco ACI. You will begin by understanding the Cisco ACI architecture and its major components. You will then configure Cisco ACI policies and tenants. Next you will connect to hypervisors and other third-party devices. Moving on, you will configure routing to external networks and within ACI tenants and also learn to secure ACI through RBAC. Furthermore, you will understand how to set up quality of service and network programming with REST, XML, Python and so on. Finally you will learn to monitor and troubleshoot ACI in the event of any issues that arise. By the end of the book, you will gain have mastered automating your IT tasks and accelerating the deployment of your applications.

Related Content you might be interested in

Current Title:

Small book image
Cisco ACI Cookbook
Stuart Fordham
May, 2017 | 424 pages
Small book image
Building Modern Networks
Steven Noble
Jul, 2017 | 324 pages
Small book image
Implementing Cisco UCS Solutions
Anuj Modi | Prasenjit Sarkar
Apr, 2017 | 482 pages
Small book image
Learning VMware NSX
Ranjit Singh Thakurratan
Aug, 2017 | 254 pages
Table of Contents (17 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Understanding Components and the ACI Fabric
Understanding Components and the ACI Fabric
Introduction
Understanding ACI and the APIC
An overview of the ACI fabric
Converting Cisco from Nexus NX-OS mode to ACI mode
ACI fabric overlay
An introduction to the GUI
2
Configuring Policies and Tenants
Configuring Policies and Tenants
Introduction
Creating fabric policies
Creating access policies
Creating tenants
Configuring bridge domains
Configuring contexts
Creating application network profiles
Creating endpoint groups
Using contracts between tenants
Creating filters
Creating contracts within tenants
Creating management contracts
3
Hypervisor Integration (and Other Third Parties)
Hypervisor Integration (and Other Third Parties)
Introduction
Installing device packages
Creating VMM domains and integrating VMWare
Associating vCenter domains with a tenant
Deploying the AVS
Discovering VMWare endpoints
Adding virtual machines to a tenant
Tracking ACI endpoints
Integrating with A10
Deploying the ASAv
Integrating with OpenStack
Integrating with F5
Integrating with Citrix NetScaler
4
Routing in ACI
Routing in ACI
Introduction
Creating a DHCP relay
Utilizing DNS
Routing with BGP
Configuring a layer-3 outside interface for tenant networks
Associating a bridge domain with an external network
Using route reflectors
Routing with OSPF
Routing with EIGRP
Using IPv6 within ACI
Setting up multicast for ACI tenants
Configuring multicast on the bridge domain and interfaces
ACI transit routing and route peering
5
ACI Security
ACI Security
Introduction
Creating local users
Creating security domains
Limiting users to tenants
Connecting to a RADIUS server
Connecting to an LDAP server
Connecting to a TACACS+ server
6
Implementing Quality of Service in ACI
Implementing Quality of Service in ACI
Introduction
Preserving existing CoS settings
Configuring user-defined classes
Creating a basic QoS configuration
Verifying QoS
7
Network Programmability with ACI
Network Programmability with ACI
Introduction
Browsing the object store using the Object Store Browser
Programming the ACI through REST
Authenticating through REST and XML
Creating a tenant using REST and XML
Deleting a tenant using REST and XML
Creating an APN and an EPG using REST and XML
Creating an application profile and EPG using REST
Authenticating through REST and JSON
Creating a tenant using REST and JSON
Using the Python SDK
Logging into the APIC using Cobra
Creating a tenant using the SDK
8
Monitoring ACI
Monitoring ACI
Introduction
Finding faults
Viewing events
Navigating the audit logs
Setting up Call Home
Configuring SNMP
Configuring Syslog
Configuring NetFlow
9
Troubleshooting ACI
Troubleshooting ACI
Introduction
Layer 2 troubleshooting
FEX troubleshooting
SSL troubleshooting
Switch diagnostics
APIC troubleshooting
Upgrading the ACI software
VMM troubleshooting
Routing verifications
Troubleshooting external connectivity
Multicast troubleshooting
QoS troubleshooting
10
An End-to-End Example Using the NX-OS CLI
An End-to-End Example Using the NX-OS CLI
Introduction
Setting up in-band and out-of-band access to the nodes
Creating the security domain
Creating the VLAN domain
Creating the VMWare domain
Creating the tenant
Creating the VRF
Creating the bridge domains
Creating the applications and EPGs
Creating the contract
Creating an L4-L7 device
Creating service templates
Setting up the client VMs

Setting up the client VMs

I am using the Tiny Linux distro here, because of the small footprint. They are both running on the same host as the ASAv and therefore have access to the same EPGs as the ASA does.

How to do it...

  1. You can download the same VM from here: https://communities.vmware.com/docs/DOC-21621.
  2. The OVA file should be imported into vCenter and named Finance-VM. Set the network interface to use the ACME-ASAvctxACME-VRFFinance-BD port group.
  1. Repeat the process for the second VM, calling it Marketing-VM and making sure that it is connected to the Marketing EPG.
  1. Following the topology diagram at the start of this chapter, the Finance VM has an IP address of 172.16.1.10/24, and the Marketing VM has an IP address of 172.16.2.10/24. Both have their default gateways set to the ASAv's respective interface, and both can ping their default gateways. Here is the Finance VM pinging the ASA: 
  1. Here we can see the Marketing VM pinging the ASA:
  1. Because we permitted IP traffic through the firewalls...
Previous Section
End of Chapter 10
Next Chapter