Cisco APIC 40 With VMware Admin v1 PDF

Cisco dCloud
Cisco Application Policy Infrastructure Controller 4.0 with

VMware – VMware Admin v1
Last Updated: 06-NOVEMBER-2018
About This Demonstration

This preconfigured demonstration includes:
• Requirements
• About This Solution
• Topology
• Get Started
• Scenario 1: APIC Operations & Troubleshooting
• Scenario 2: Deploy Application: Using the VC Plugin
• Scenario 3: Add L4-L7 Services
• Scenario 4: Add L3 External Connectivity
To review the Network Administration Demo Guide, click here.
Limitations
APIC Simulator Limitations
Certain features of Cisco APIC 4.0 are outside the scope of this demonstration, because the demonstration uses a simulated fabric
rather than a physical fabric:
• All configuration will be lost after a reboot of the APIC simulator
• No traffic will pass between devices connected to the simulated fabric
• Screen refresh may take slightly longer than expected
Customizations
To demonstrate Fabric Discovery to the customer instead of using the discovered Fabric in the demo, reset the APIC Simulator
(see Appendix A) and then see Appendix B to discover the Fabric.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. Page 1 of 40
Cisco dCloud
Requirements
The table below outlines the requirements for this preconfigured demonstration.
Table 1. Demonstration Requirements
Required Optional
● Laptop ● Cisco AnyConnect
About This Solution

The Cisco Application Policy Infrastructure Controller (Cisco APIC™) is the unifying point of automation and management for
the Cisco Application Centric Infrastructure (Cisco ACI™) fabric. The Cisco APIC provides centralized access to all fabric
information, optimizes the application lifecycle for scale and performance, supporting flexible application provisioning across
physical and virtual resources.
For additional information, visit www.cisco.com/go/apic.
VMware Admin
The Cisco ACI vCenter Plugin is a user interface that allows virtualization administrators to define network connectivity of shared
infrastructure independent of the networking team. The plugin allows virtualization administrators to manage the ACI fabric from
within the vSphere Web client. This allows the VMware vSphere Web Client to become a single pane of glass to configure both
VMware vCenter and the ACI fabric.
No configuration of "in-depth" networking is done through the Cisco ACI vCenter Plugin. Only the elements that are relevant to
virtualization administrators are exposed.
The Cisco ACI vCenter Plugin adds a new view to the GUI called Cisco ACI Fabric. The plug-in does not change existing
integration of ACI with vCenter, it allows you to configure an EPG, uSeg EPG, contract, tenant, VRF, and bridge domain from the
VMware vSphere Web Client. The plug-in is stateless, fetches everything from Application Policy Infrastructure Controller (APIC)
and does not store any information.
The VMware Admin script shows administrative tasks performed via the vCenter ACI Plugin.
Network Admin
The APIC GUI is a browser-based graphical interface to the APIC that communicates internally with the APIC engine by
exchanging REST API messages.
The Network Administration script shows tasks performed in the APIC GUI, as well as configuration via Python scripting and the
NX-OS interface.
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 40
Cisco dCloud
Topology
This demonstration contains preconfigured users and components to illustrate the scripted scenarios and features of this solution.
All information needed to access the demonstration components, is located in the Topology and Servers menus of your active
demonstration.
• Topology Menu. Click on any server in the topology and a popup window will appear with available server options.
• Servers Menu. Click on or next to any server name to display the available server options and credentials.
Figure 1 shows the virtual demonstration topology, which consists of the following virtual machines:
• VMware Virtual Center Server 6.7 Appliance
• APIC Simulator version 4.0(1h) – includes Spine 1 and Spine 2, Leaf 1 and Leaf 2, APIC1, APIC2 and APIC3
• VMware ESXi 6.7.0 (x2)
• EMC vVNXe Storage Appliance

• Cisco Unified Computing System Platform Emulator 3.1.(2e)
• Cisco UCS Director 6.6.1.0
• Linux Tools Repository (RHEL 7)
• Active Directory 2012 R2 (Domain Controller)
• Windows 10 Workstation
Figure 1. Demonstration Topology
Cisco dCloud
Get Started
BEFORE DEMONSTRATING
We strongly recommend that you go through this process at least once, before presenting in front of a live audience. This will
allow you to become familiar with the structure of the document and the demonstration.
It may be necessary to schedule a new session after following this guide in order to reset the environment to its original
configuration or reset the APIC Simulator (see Appendix A) and then see Appendix B to discover the Fabric.
PREPARATION IS KEY TO A SUCCESSFUL PRESENTATION.
Follow the steps to schedule a session of the content and configure your presentation environment.
1. Initiate your dCloud session. [Show Me How]
NOTE: It may take up to 10 minutes for your session to become active.
2. Connect to the workstation with one of the following two methods:
• Cisco AnyConnect VPN [Show Me How] and the local RDP client on your laptop [Show Me How]
• Workstation 1: 198.18.133.36, (DCLOUD\demouser/C1sco12345
• Cisco dCloud Remote Desktop Client [Show Me How]
3. The fabric discovery is automatically started at demo setup. Double-click the APIC Login icon and log in
(admin/C1sco12345). Review the What’s New pop-up, select Do not show me this again at logon and click Close.
Cisco dCloud
4. Select Fabric from the top menu.
5. Select Inventory from the top sub-menu.
6. In the left menu, click Fabric Membership and check that four devices are populated. (IP addresses may vary.) If only TEP-1-
101 is present, see Appendix B to discover the Fabric.
NOTE: The fabric discovery can take up to 15 minutes to complete. If you log in before 15 minutes have passed, all devices may
not be discovered. The following error message may display:
Cisco dCloud
Scenario 1. APIC Operations & Troubleshooting

The purpose of this scenario is to gain familiarity with using the Cisco ACI Plugin for VMware vCenter to perform APIC operations
and troubleshooting.
Steps
1. Login to APIC (admin/C1sco12345) if it is not already open.
2. Click Tenants.
3. On the desktop, double-click the vSphere Web Client shortcut to open the vSphere Web Client. Click Use Windows
login credentials and click Login.
4. Click Cisco ACI Fabric.
NOTE: If the vSphere landing page doesn’t look like the one below, click the Home icon and select Cisco ACI Fabric from
the dropdown menu)
5. Click ACI Fabric in the side menu.
6. Click Yes to register an ACI Fabric.
Cisco dCloud
7. In the Register a New APIC Node dialog box, enter C1sco12345 in the Password field and click OK.
8. Click OK in the success notification pop-up, also acknowledging that the associated APIC Controllers have also been
registered.
9. Verify that the APIC node, with three controllers, is populated in vCenter.
Cisco dCloud
10. Click the Tenants tab to view the tenants associated with this Fabric. Each tenant has a list of faults associated with it.
11. Click any severity indicator that is colored in (indicating the presence of a fault of that severity) to drill into more detail.
12. Review the fault detail. Select or deselect fault severities to review other faults.
13. Close the Fault Detail window.
14. From the sidebar, select Application Profile.
15. From the Tenant drop down, select the TSW_Tenant0 tenant. Review the Application profile. The following steps will
troubleshoot communications between two endpoints.
Cisco dCloud
16. Click Troubleshooting in the side menu to start a troubleshooting session.
17. Enter tsw in the Session Name field.
18. Click Select source.
19. Choose Select Endpoint from the resulting menu.
Cisco dCloud
20. In the Select an Endpoint window, click the endpoint with the IP address 10.193.101.14. Click OK.
NOTE: The IP address may have a different position in the list then shown in the image.
21. Click Select destination.
22. Choose Select Endpoint from the resulting menu.
Cisco dCloud
23. In the Select an Endpoint window, click the endpoint with the IP address 10.193.102.17. Click OK.
NOTE: The IP address may have a different position in the list then shown in the image.
24. Click each Session IP drop-down in turn, selecting the IP address of the endpoint in the drop-down.
25. Click the Start Troubleshooting Session bar.
NOTE: Wait approximately ten seconds for the troubleshooting session to start.
Cisco dCloud
26. Review the graphical representation of the troubleshooting session – identify the source and destination by their MAC
addresses to determine which node is connected to each EPG.
27. Click the Fault icon next to the ACI Fabric icon to display a table of faults that have been recorded.
Cisco dCloud
28. Review the descriptions of some of the faults, if desired.
29. Close the Faults window.
30. Click Contracts in the side menu.
31. Click the Contract name.
7. Review the details of the contract.
32. Close the Edit Contract Settings window without making any changes.
Cisco dCloud
33. Click Events and Audits in the left menu, then click the Events icon next to the ACI Fabric or either EPG.
34. On the Audit tab in the resulting window, review the actions that have been performed by the user on that EPG or the fabric.
The audit log provides objects that are records of user-initiated events such as logins and logouts (aaa:SessionLR) or
configuration changes (aaa:ModLR) that are required to be auditable.
Cisco dCloud
35. Click the Events tab, which provides records of other system-generated events (event:Record) such as link state transitions.
There may be no events in the list – below is a sample of an Events list.
NOTE: To see actual events, click the Events icon next to the ACI Fabric.
36. Close the Audits and Events window.
37. Click Drop Stats in the side menu, then click the Drop Stats icon next to the ACI Fabric or either EPG.
Cisco dCloud
38. Click through the tabs in the Drop Stats window, reviewing the Drop Stats, Contract Drops, and Traffic Stats.
NOTE: The Contract Drops window will probably be empty.
39. If desired, change the time frame on the Sampling drop-down, but since the fabric for each session is created at the start of
the session, there will not be data from before the session was created.
40. Close the Drop Stats window.
41. Click Traceroute in the side menu.
42. Select icmp from the drop-down and click the Play icon.
NOTE: As the ACI Simulator cannot pass traffic, the ICMP traceroute will not be successful.
Cisco dCloud
43. A Success notification would show that traffic is flowing from the source IP to the destination IP.
44. Close the Traceroute window and the Troubleshooting Session window.
Cisco dCloud
Scenario 2. Deploy an Application Using the VC Plugin

The purpose of this scenario is to use the vcPlugin on Vmware vSphere Web Client to create a tenant and deploy a three-tier
application.
Steps
1. Open the vSphere Web Client if it is not already open, and click ACI Fabric.
2. Click ACI Fabric in the side menu.
3. Click the Tenants tab.
4. Click Create a new Tenant.
5. In the Create a Tenant window, enter dCloud in the Name field.
6. Enter Created by VC Plug-in in the Description field.
7. Click OK.
Cisco dCloud
8. Click Application Profile in the side menu.
9. Select dCloud from the Tenant drop-down. Note that a new Application Profile has been created along with the tenant –
dCloud_default. The application profile is empty – it contains no EPGs, contracts, L2 or L3 external networks. It is created
with just a VRF and a Bridge Domain.
10. Click Networking on the side panel and show that a VRF and a bridge domain were created with the new tenant.
Cisco dCloud
11. Click Application Profile in the side menu again and add the Web EPG for the application as follows:
a. Click the Endpoint Group icon and drag it into the work window.
b. In the resulting window, enter Web in the Name field.
c. Click the Edit icon to identify the Bridge Domain.
d. Expand Tenant dCloud > VRF dCloud_default and select Bridge Domain dCloud_default. Click OK.
e. Click OK again to create the Web EPG.
Cisco dCloud
12. Repeat Steps a-e to create the App EPG.
13. Repeat Steps a-e to create the DB EPG.
14. Create the ApptoDB contract, which connects the App tier to the DB tier as follows:
NOTE: The DB tier will be the provider, and the App tier will be the consumer of this contract.
a. Drag the Contract icon to the work window and drop it on the App EPG, then hover the mouse over the DB EPG.
b. In the resulting window, enter ApptoDB in the Name field.
c. Click + to add a filter.
Cisco dCloud
d. In the resulting window, expand the dCloud tenant, which is empty. Click the tenant.
e. Click the Create a new filter icon.
f. Enter sql in the Name field and click the Add Entry icon.
g. Enter sql in the Name field.
h. Enter 1433 in the Port field.
i. If desired, check the Advanced mode checkbox to see the options offered, but uncheck the Advanced mode
checkbox before clicking OK.
j. Click OK.
k. Click OK to add the Filter.
Cisco dCloud
l. The sql filter is now visible in the dCloud tenant. Click it and drag it from the Available objects column to the
Objects to add column.
m. Click OK.
n. Click OK to complete the creation of the ApptoDB contract.
15. Create the WebtoApp contract, which connects the App tier to the Web tier as follows:
NOTE: The App tier will be the provider, and the Web tier will be the consumer of this contract.
a. Drag the Contract icon to the work window. Drop it on the Web tier and then hover over the App tier and click.
b. In the resulting window, enter WebtoApp in the Name field and click OK.
Cisco dCloud
16. Review the application topology in the work window. The direction of the arrows indicates the direction of the traffic between
each tier.
17. Click the Switch to Consumer/Provider view link to get a different view of the topology.
Cisco dCloud
18. Examine the Consumer/Provider view, which shows that the App tier is the consumer of the ApptoDB, and the Web tier is the
consumer of the WebtoApp. Drag and drop the elements as necessary.
19. Return to the APIC window, or open it and log in if it is not already open (admin/C1sco12345).
20. Click Tenants in the top menu.
21. Click ALL TENANTS to display the list, then double-click dCloud.
Cisco dCloud
22. Expand Tenant dCloud > Application Profiles > dCloud_default and click Topology to show the newly created three-tier
app in the APIC window.
NOTE: Drag the contracts if necessary to present the topology in the most understandable way.
23. Return to the vSphere Web Client.
24. Click the Home icon and select the Networking from the menu.
Cisco dCloud
25. Expand vc1.dcloud.cisco.com > dCloud-DC > My-vCenter > My-vCenter and show the new port groups associated with
the three tiers of the newly created Application Profile.
Cisco dCloud
Scenario 3. Add L4-L7 Services

The purpose of this scenario is to use the vcPlugin to add L4-L7 services that exist in the common tenant to the recently created
dCloud tenant.
Steps
1. On the VMware vSphere Web Client, click the Home button, or log in (admin/C1sco12345) if the application is not already
running.
2. Select Cisco ACI Fabric.
3. Click Application Profile in the left menu. Make sure that dCloud is displayed in the Tenant drop-down.
4. Use the desktop shortcut to log in to APIC 4.0 (admin/C1sco12345) if it is not already open.
5. In the APIC window, click Tenants > dCloud > Application Profiles and click dCloud_default to display the topology of the
three-tier application.
Cisco dCloud
6. Double-click the Cisco ASDM-IDM shortcut on the desktop. Log in(admin/C1sco12345). Select Continue if
prompted that the website is untrusted.
7. Observe the Management IP address.
8. Click Configuration.
9. Click Interface Settings > Interfaces to show that the only interfaces currently configured are those on the base device.
Cisco dCloud
10. Return to the vSphere Web Client. In the work window, right-click the Web2App contact and click Edit Settings on the
resulting menu.
11. In the Edit Settings window, click the Configure L4-7 Service checkbox and click Next (Configure L4-7).
12. Click Select a Service.
Cisco dCloud
13. In the resulting window, expand the common tenant and select the CISCO-ASA-1.3 Firewall.
14. Click OK.
15. Wait for the configuration to load and click OK without making any modifications.
Cisco dCloud
16. Return to the ASDM window, where a Configuration Out Of Sync dialog box has popped up.
17. Click Refresh Now.
18. Observe the internal and external interfaces that are now displayed in the Interface Status window.
19. Click the Configuration tab, and observe that the two new interfaces are also displayed on the device.
20. Click the Firewall tab in the side menu to show the internal and external interfaces on the Cisco ASA 1.3 firewall.
Cisco dCloud
21. Return to the APIC 4.0 window and refresh.
22. Click once on the WebtoApp contract to show that the ASA_Srv_Graph has been added to the contract.
Cisco dCloud
Scenario 4. Add L3 External Connectivity

The purpose of this scenario is to use the VMware vcPlugin to add L3 services to the VC_Plugin_Tenant tenant, allowing the Web
EPG of the application to connect to the Internet.
Steps
1. Open the VMware vSphere Web Client if it is not already open (Use Windows session credentials), and click Cisco ACI
Fabric.
2. Click Application Profile in the left menu. Make sure that dCloud is displayed in the Tenant drop-down.
3. Click External Connectivity in the side menu.
4. On the L3 External Networks tab, select common from the Tenant drop-down, to display the parameters of the L3
connectivity of the common tenant.
Cisco dCloud
5. In the side menu, click Security. Review the contracts – The External_Outbound contract uses the L3_Out in the common
tenant.
6. Click the External_Outbound contract.
7. When the + becomes live, click it and select Add Endpoint Groups from the resulting menu.
8. Expand dCloud > dCloud_default and drag the Web EPG from the Available objects list to the Objects to add list.
9. Click OK.
Cisco dCloud
10. The External_Outbound contract is updated with dCloud/Web EPG as a consumer.
11. Click Application Profile in the left menu. Make sure that dCloud is selected in the Tenant drop-down.
12. Note that the topology now includes the L3 connectivity. Drag the elements around to best present the topology.
Cisco dCloud
Optional – Before Running APIC 4.0 Network Admin Script
To proceed with the second script for this demo, Cisco Application Policy Infrastructure Controller 3.0 with VMware – Network
Admin, perform the following procedure first to delete the ASA_Firewall device from the common tenant.
1. In the APIC window, click Tenants in the top menu.
2. Navigate to Tenant common > Services > L4-L7 > Devices and right-click ASA_Firewall.
3. Select Delete from the menu.
4. Click Yes to confirm the deletion.
Cisco dCloud
5. Remove the Port-Profiles from the ASA VM, as follows:
a. From the demonstration workstation Task Bar, launch Windows Explorer.
b. Navigate to the C drive and double-click Remove_DVS_vNiCs to run the script.
6. The removal script runs, posting the results in the shell window. When the script has completed, the shell window closes.
Cisco dCloud
Appendix A. Reset APIC Simulator

APIC Fabric Members are created by default, so that the demonstration can begin with the creation of the APIC objects.
If you want to demonstrate the fabric discovery, reboot the ACI Simulator (apic-fcs-301k) via Guest OS Control as follows:
1. In Cisco dCloud, click My Hub > Sessions and then click View against the running demo.
2. Select Servers from the menu bar, then select Enable Status Polling.
3. Expand the menu against apic-fcs-401h and select Reset. This will perform a hard reboot of the simulator. As it is does not
retain its configuration after a reboot, a clean reboot is unnecessary.
NOTE: It will take up to 5 minutes before you can login and rebuild the Fabric using one of the Fabric Discovery methods in
Appendix B.
Cisco dCloud
Appendix B. Fix My Demo

Occasionally things go wrong in your session. The Fix My Demo script enables common issues to be resolved. The following
process can be used to manually resolve the following issues:
• Apply configuration to UCS Manager
• Discover the ACI Fabric and apply the demo configuration to the ACI Simulator
• Update the licenses applied to VMware vCenter and ESXi hosts.
• Reboot UCS Director.
NOTE: The ACI full fabric discovery can take up to 15 minutes. The apic3 controller will be discovered after all the devices are
discovered. You can monitor the progress by selecting Topology from the Inventory pane in the APIC GUI. While the discovery is
taking place, you can complete Scenario 1, which ends in the APIC Topology window showing the discovered elements.
Steps
1. From the demonstration workstation, click the Fix My Demo icon.
2. Select what you would like to fix. Do not close the command window, allow the task to fully complete.

Cisco APIC 40 With VMware Admin v1 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Cisco APIC 40 With VMware Admin v1 PDF

Загружено:

Авторское право:

Доступные форматы

Cisco dCloud

Cisco Application Policy Infrastructure Controller 4.0 with

About This Demonstration

• About This Solution

• Scenario 1: APIC Operations & Troubleshooting

• Scenario 2: Deploy Application: Using the VC Plugin

• Scenario 3: Add L4-L7 Services

• Scenario 4: Add L3 External Connectivity

To review the Network Administration Demo Guide, click here.

• All configuration will be lost after a reboot of the APIC simulator

• No traffic will pass between devices connected to the simulated fabric

• Screen refresh may take slightly longer than expected

Table 1. Demonstration Requirements

About This Solution

For additional information, visit www.cisco.com/go/apic.

• VMware Virtual Center Server 6.7 Appliance

• VMware ESXi 6.7.0 (x2)

• EMC vVNXe Storage Appliance

• Cisco UCS Director 6.6.1.0

• Linux Tools Repository (RHEL 7)

• Active Directory 2012 R2 (Domain Controller)

Figure 1. Demonstration Topology

PREPARATION IS KEY TO A SUCCESSFUL PRESENTATION.

1. Initiate your dCloud session. [Show Me How]

NOTE: It may take up to 10 minutes for your session to become active.

2. Connect to the workstation with one of the following two methods:

• Workstation 1: 198.18.133.36, (DCLOUD\demouser/C1sco12345

• Cisco dCloud Remote Desktop Client [Show Me How]

4. Select Fabric from the top menu.

5. Select Inventory from the top sub-menu.

Scenario 1. APIC Operations & Troubleshooting

4. Click Cisco ACI Fabric.

5. Click ACI Fabric in the side menu.

6. Click Yes to register an ACI Fabric.

13. Close the Fault Detail window.

14. From the sidebar, select Application Profile.

16. Click Troubleshooting in the side menu to start a troubleshooting session.

17. Enter tsw in the Session Name field.

18. Click Select source.

19. Choose Select Endpoint from the resulting menu.

21. Click Select destination.

22. Choose Select Endpoint from the resulting menu.

25. Click the Start Troubleshooting Session bar.

28. Review the descriptions of some of the faults, if desired.

29. Close the Faults window.

30. Click Contracts in the side menu.

31. Click the Contract name.

7. Review the details of the contract.

36. Close the Audits and Events window.

NOTE: The Contract Drops window will probably be empty.

40. Close the Drop Stats window.

41. Click Traceroute in the side menu.

Scenario 2. Deploy an Application Using the VC Plugin

2. Click ACI Fabric in the side menu.

3. Click the Tenants tab.

4. Click Create a new Tenant.

5. In the Create a Tenant window, enter dCloud in the Name field.

6. Enter Created by VC Plug-in in the Description field.

8. Click Application Profile in the side menu.

b. In the resulting window, enter Web in the Name field.

c. Click the Edit icon to identify the Bridge Domain.

e. Click OK again to create the Web EPG.

12. Repeat Steps a-e to create the App EPG.