Вы находитесь на странице: 1из 48

2.

2 Implement ACI Network Policies

You have been tasked to setup a new Tenant called "Database" for our database cluster. This cluster will use
Microsoft Cluster service and be available on a single VIP to multiple VM's (Please note that each
manufacturer implements a VIP in a specific way, make sure you cover most known scenarios). Please create
the respective VRF (name: Database), BD (name: Database), AP (name: Database) and EPG (name: Database)
with the correct settings. Use as an address for the GW 192.168.42.254/24. Make sure the newly created GW
supports both inter-VRF routing between different tenants and external connectivity, and make sure a
contract called Database is already pre-created with the default filter to support inter-VRF service providing.

As a final point make sure in the BD database we can only learn IP addresses from the IP range
192.168.42.0/24.

1
Create Tenant and VRF

2
Create BD and assign VRF Database. To permit Microsoft Cluster Service, we need to allow ARP Flooding, and
EP Move Detection Mode (GARP Detection Mode)

3
Enable ARP Flooding and GARP based detection

4
Create AP

5
6
Create EPG and assign BD Database

7
Add Subnet. Select Advertise Externally, and Shared between VRFs options.

8
9
Create Database contract of global scope for inter-vrf communication

10
Add Contract subject with default filter

11
12
Enable enforce subnet check for IP learning under the BD to ensure we can only learn IP addresses from the IP
range 192.168.42.0/24

13
4.1 As part of a Devops and automation initiative, management at the client ABC has decided to automate client
development within ACI enabled data center. The ability for ACI to instrument contract and policy implementation
between selective groups is paramount to the success of client ABC.

The engineer produced a python script called createTenantTemplate.py that is used in conjunction with the intended
data model saved in newTenantTemplate.jason.

Your task is to make the necessary changes within the data model newTenantTemplate.json.

Current Static Binding New Static Binding


paths paths-101 protpaths-101-102
pathep eth1/1 policyGrpforNexus7kVPC

Notes: The necessary python script and jason data file is located in the desktop src1 directory. Your solution must not
impact existing setup for non-student tenants.

1
Edit the json file. Use find & replace option (Ctrl-h) to modify the path value. Save the file.

2
3
Run the script and verify static binding assigned to the new tenant template.

4
5
6
4.2 Overall fabric management plays a critical role in any successful data center operations strategy. Considering the
rapidly changing data centers workload mobility, overall visibility into network health as related to application deployed
within the data center is mandatory.

Your task is to review the current python script queryTenanthealth.py and make necessary changes to accomplish the
task.

Note: The necessary script and data are in the desktop src1 directory. Your sol should not impact existing configuration.

1
5.1 Disable reoccuring fault. The customer need a quick fix and make sure the access policy fault F1070
(fltVmmRsDefaultLldpIfPolResolveFail) does not appear in his syslog. Your assignment is to permanently fix the
error.

1
The fault f1070 indicates a missing default lddp policy object, which could have occurred when a faulty script
pushed the changes to aci. The description of the faults can be found here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-
x/syslog/guide/b_ACI_System_Messages_Guide/b_ACI_System_Messages_Guide_chapter_011.html

We can re-create a similar fault f2014 by removing any configured lldp policy. For example, if vmware was set
to use lldp policy "test", and we remove the policy, vmware will end with the fault.
Solution: assign an existing LLDP policy or create a new policy with the settings required by vmware - lldp
enabled.

2
3
4
5.5- Prepare the fabric/Access Policies
We will soon be adding some new racks and would like to pre-provision the leaves in them.
Please do the following:
 Add the following leaves to the fabric. These leaves are based on 10G ports, use Switch Policy Future.

Serial Node ID Node Name


SAL0000001 111 leaf-11
SAL0000002 112 leaf-12
SAL0000003 113 leaf-13
SAL0000004 114 leaf-14
SAL0000005 115 leaf-15
SAL0000006 116 leaf-16

 Create VPC pairs: 111 and 112, 113 and 114, 115 and 116
 Represent all the new leafs with 1 switch selector called "Future"
 Preprovision on all switches port 1-24 as 1Gbit ports
 Preprovision on all switches port 25-48 as 10Gbit ports
 Ports 1-24 should permit vlan's VLAN_FutureA and use interface selector Future_selectA
 Ports 25-48 should permit vlan's VLAN_FutureB and use interface selector Future_selectB
 Make sure we can later on connect HyperV servers with ACI SCVMM integration on the 10G Ports

1
Add leaves to the fabric

2
Create VPC pairs

3
Create switch profile with switch selector Future

4
5
Verify is link level policy for speed 1G and 10G already exist; if not create it.

6
7
Create Policy Group for 1G and 10G interface

8
Create interface profile with 2 interface selectors

9
10
Add interface selector profile to new switches

11
Create VLAN pools VLAN_FutureA and VLAN_FutureB

12
13
Create domain for vlan's VLAN_FutureA and VLAN_FutureB

14
15
Create AEP for VLAN_FutureA and VLAN_FutureB. Don't select any interfaces.

16
17
Assign AEP to policy groups

18
If Microsoft domain doesn't exist, create it with AEP FutureB; that will apply Microsoft domain to 10G
interfaces.

19
5.6 Common syslog policy that applies to the entire system if configured. You are required to apply syslog
policy to tenant web that will override the common policy. We don't want to see the config change logs in the
syslog. The policy should use severity "information" and exclude Events collection. Use existing destination
profile.

1
The common syslog policy is located under Fabric Policies. Inspect the policy and its destination group.

2
Create monitoring policy under tenant web

3
Select syslog and add policy options

4
5