Cisco Live 2018 Bareclona

Automating ACI

Steve Sharman – Technical Solutions Architect

Russ Whitear – Consulting Systems Engineer

BRKACI-2770

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKACI-2770


Abstract

Automating ACI explores the use of popular automation tools running configuration tasks against an ACI network.

Technologies discussed will include APIC, Visore, Postman, Ansible, Python (WebArya, Cobra), and UCS Director.

The focus will be on providing structured methodologies that can be used to satisfy the requirements and desires of both infrastructure admins and application developers alike.

BRKACI-2770 4


Session objectives

This session will provide attendees with an understanding of the ACI policy model and will provide them with the basic skills required in order to automate an ACI fabric and achieve business outcomes.

BRKACI-2770 5


Before we start, let’s get to know each other …

BRKACI-2770 6

• Why Automate?

• ACI Primer

• Application Centric or Network Centric

• Automation use cases

• ACI Policy Model

• Postman

• Ansible

• Python

• UCS Director

Agenda

Let’s start with an obvious question…


Why are customers looking to automate in their Data Centers?

BRKACI-2770 9


There are actually many different reasons:

• Cost reduction

• Simplicity

• Consistent configuration (Policy conformance, elimination of human error)

• Reduction in maintenance windows

• Structured changes during the business day

• Service Catalogue for IT services

BRKACI-2770 10


Automation means different things to different people !

BRKACI-2770 11


Network centric, Server centric, Application centric

• Switch Interfaces

• Tenants

• VRFs

• Bridge Domains (L2)

• VLAN Extension

• Bridge Domains (L3)

• External L3

• Application Network Profiles

• Endpoint Groups

• Contracts

• VMware Portgroups

• Firewall Configuration

• SLB Configuration

• Multi server deployment

• Application containers

• Virtual Machine Deployment

• Load balancers

• Databases

• Storage LUNs

• Storage zoning

• Server Configuration (BIOS etc)

• Bare Metal Deployments

• Operating System

• Virtual Machine Deployment

BRKACI-2770 12

ACI Primer


Physically Building the ACI Network

APIC

APIC

APIC

Management options:• GUI (basic/advanced)

• CLI

• XML/JSON

• Scripting

• Open API

• Automation

Benefits:• Distributed, Centralised Management

• Full traffic visibility*

• Self documenting

• Integrated virtual and physical network

• Integrated L4-7 device management

• Policy defined network

* Excludes pre encapsulated/encrypted traffic

BRKACI-2770 14


ACI Consumption Model

Interface Configuration

Fabric | Access Policies

• VLANs

• Domains

• AAEP

• Interface Policies

• Leaf Policy Groups

• Leaf Profiles

• Switch Profiles

Interface Consumption

Tenants

• Tenants

• VRFs

• Route Leaking

• L2/L3out

• Bridge Domains

• EPGs

• Contracts

BRKACI-2770 15


Fabric | Access Policies

BRKACI-2770 16


PoolsList of VLANs, VXLANs etc

DomainsWhere VLANs, VXLANs etc

are consumed

AAEPCollection of allowed

VLANs, VXLANs etc

Leaf Policy

GroupsInterface type and settings

Interface PoliciesInterface settings

Interface Policies

Leaf ProfilesCollection of interface IDs

Switch Policies

Leaf ProfilesCollection of switches

Interface

SelectorsInterface IDs

Concrete Model

Logical Model

TenantsVRFs, subnets, security

rules etc

BRKACI-2770 17


PoolsList of VLANs, VXLANs etc

DomainsWhere VLANs, VXLANs etc

are consumed

AAEPCollection of allowed

VLANs, VXLANs etc

Leaf Policy

GroupsInterface type and settings

Interface PoliciesInterface settings

Interface Policies

Leaf ProfilesCollection of interface IDs

Switch Policies

Leaf ProfilesCollection of switches

Interface

SelectorsInterface IDs

Concrete Model

Logical Model

Security DomainsRestricts VLANs, Switches,

Interfaces, Tenants

TenantsVRFs, subnets, security

rules etc

BRKACI-2770 18


Let’s consider a practical example…

BRKACI-2770 19


Rack Layout

APIC

APIC

APIC

Leaf 101

Leaf 102

Rack 01

Leaf 103

Leaf 104

Rack 02

Leaf 105

Leaf 106

Rack 03

c3850

Rack 04

n7706

Rack 05

n9504

Rack 06

ACI Leaf Racks External Equipment Racks

Rack / Leaf Interface Rack / Device Interface

R01_Leaf_101 1/1 R04_c3850 1/1

R01_Leaf_101 1/2 R05_n7706 1/1

R01_Leaf_101 1/3 R06_n9504 1/1

R01_Leaf_102 1/1 R04_c3850 1/2

R01_Leaf_102 1/2 R05_n7706 1/2

R01_Leaf_102 1/3 R06_n9504 1/2

BRKACI-2770 20


Poolsshared_vlan_pool

Domainscommon:vrf-01

AAEPall_L3_domains

Leaf Policy

GroupsL3_to_c3850

Interface Policiescdp-enabled

Interface Policies

Leaf ProfilesR01_to_R04_c3850

Switch Policies

Leaf ProfilesLeafs_101_and_102

Interface

Selectors1/1


R01_Leaf_101 1/1 R04_c3850 1/1

R01_Leaf_101 1/2 R05_n7706 1/1

R01_Leaf_101 1/3 R06_n9504 1/1

R01_Leaf_102 1/1 R04_c3850 1/2

R01_Leaf_102 1/2 R05_n7706 1/2

R01_Leaf_102 1/3 R06_n9504 1/2

BRKACI-2770 21




AAEPall_L3_domains

Leaf Policy

GroupsL3_to_n7706


Interface Policies

Leaf ProfilesR01_to_R05_n7706

Switch Policies


Interface

Selectors1/2


R01_Leaf_101 1/1 R04_c3850 1/1

R01_Leaf_101 1/2 R05_n7706 1/1

R01_Leaf_101 1/3 R06_n9504 1/1

R01_Leaf_102 1/1 R04_c3850 1/2

R01_Leaf_102 1/2 R05_n7706 1/2

R01_Leaf_102 1/3 R06_n9504 1/2

BRKACI-2770 22




AAEPall_L3_domains

Leaf Policy

GroupsL3_to_n9504


Interface Policies


Switch Policies


Interface

Selectors1/3


R01_Leaf_101 1/1 R04_c3850 1/1

R01_Leaf_101 1/2 R05_n7706 1/1

R01_Leaf_101 1/3 R06_n9504 1/1

R01_Leaf_102 1/1 R04_c3850 1/2

R01_Leaf_102 1/2 R05_n7706 1/2

R01_Leaf_102 1/3 R06_n9504 1/2

BRKACI-2770 23




AAEPall_L3_domains

Leaf Policy

GroupsL3_to_n7706


Interface Policies


Switch Policies


Interface

Selectors1/2

Leaf Policy

GroupsL3_to_c3850

Interface Policies


Switch Policies


Interface

Selectors1/1

Leaf Policy

GroupsL3_to_n9504

Interface Policies


Switch Policies


Interface

Selectors1/3

BRKACI-2770 24

Couldn’t we reduce the number of Interface Policy Groups?




AAEPall_L3_domains

Leaf Policy

GroupsL3_to_n7706


Interface Policies


Switch Policies


Interface

Selectors1/2

Leaf Policy

GroupsL3_to_c3850

Interface Policies


Switch Policies


Interface

Selectors1/1

Leaf Policy

GroupsL3_to_n9504

Interface Policies


Switch Policies


Interface

Selectors1/3

Leaf Policy

GroupsL3_to_ext_L3_switch

BRKACI-2770 26

Couldn’t we reduce the number of Leaf Profiles?




AAEPall_L3_domains

Leaf Policy

GroupsL3_to_ext_L3_switch


Interface Policies


Switch Policies


Interface

Selectors1/2

Interface Policies


Switch Policies


Interface

Selectors1/1

Interface Policies


Switch Policies


Interface

Selectors1/3

Interface Policies

Leaf ProfilesR01_to_ext_L3_switch

Switch Policies


Interface

Selectors1/1, 1/2,1/3

BRKACI-2770 28

How should we use Leaf Profiles?


Poolsall_vlans

AAEPall_vlans

Leaf Policy

GroupsESX_Hosts


Interface Policies

Leaf ProfilesESX_Hosts

Switch Policies


Interface

Selectors1/1, 1/2, 1/3….

DomainsCiscolive-vds-01

Configure additional Leaf

switches with selected Leaf

ProfileLeaf Profile mapped to

switches

Leaf Profiles aligned to

attached device i.e.

ESX_Hosts

Switch Policies


Switch Policies


BRKACI-2770 30


Poolsall_vlans

Domainsphysical_servers

AAEPall_vlans

Leaf Policy

GroupsLinux_Hosts


Interface Policies


Switch Policies


Interface

Selectors1/11, 1/12, 1/13….

Leaf Policy

GroupsESX_Hosts

Interface

Selectors1/1, 1/2, 1/3….

Leaf Policy

GroupsWindows_Hosts

Interface

Selectors1/21, 1/22, 1/23….


Configure additional interfaces

on Leaf switches

Leaf Profile mapped to

switches


switches

Switch Policies


Switch Policies


Interface Policies


Interface Policies


BRKACI-2770 31

Adding VRFs (Contexts) and Bridge Domains (L2 segments and/or subnets)


Isolated Tenant Networking

APIC

APIC

APIC

Tenant: Ciscolive

VRF: vrf-01

Tenant: common

VRF: vrf-01

Tenant: infra

VRF: vrf-01

Tenant: mgmt

VRF: vrf-01

BD: 192.168.10.x_24

GW:192.168.10.1/24

Advertise Externally: Yes

BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


BRKACI-2770 33

Application Centric mode or

Network Centric mode?


vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App

Application Profile: MyApp

Option 1: Single EPG on a Single BD with a Single Subnet –“standard networking”

EPG: Web

vDS: Ciscolive-vds-01

VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB

Path: 101/1/1-2

VLAN: 12

BD: 192.168.10.x_24

GW:192.168.10.1/24


BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

BRKACI-2770 36


vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App


Option 2: Multiple EPGs on a Single BD with a Single Subnet – µSegmentation in IP space

EPG: Web


VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB

Path: 101/1/1-2

VLAN: 12

BD: 192.168.10.x_24

GW:192.168.10.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

BRKACI-2770 37


Servers in either 192.168.10.x

or 192.168.11.x subnets

Servers in either 192.168.10.x

or 192.168.11.x subnets

Option 3: Multiple EPGs on a Single BD with Multiple Subnets – IP secondary

vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App


EPG: Web


VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB

Path: 101/1/1-2

VLAN: 12

BD: multiple_subnets

GW:192.168.10.1/24

GW:192.168.11.1/24Advertise Externally: Yes

Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

BRKACI-2770 38


Options 1, 2, and 3 – µSegmentation within an EPG/Port Group (no East/West traffic flows)

vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App


EPG: Web


VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB

Path: 101/1/1-2

VLAN: 12

BD: 192.168.10.x_24

GW:192.168.10.1/24


BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

Communication blocked

Communication blocked Communication blocked

BRKACI-2770 39


Options 1, 2, and 3 – µSegmentation within an EPG/Port Group based on machine attribute

vDS

Portgoup: Ciscolive:MyApp:Web


EPG: Web


VLAN: dynamic

BD: 192.168.10.x_24

GW:192.168.10.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM VM VM VM

Dynamic EPG:

Name=WebSrvsApp1

Dynamic EPG:

Name=WebSrvsApp2

Dynamic EPG:

Name=WebSrvsApp3

VMs mapped to dynamic EPG

based on attributeBRKACI-2770 40

Automation use cases


ACI allows for a “build and consume” model of network configuration

• The network team configures VRFs, subnets, and routing

• The network team configures L2 extension out of the fabric (VLANs and Interfaces)

• The server team configures switch interfaces

• The application team configures EPGs/Portgroups

• The application team configures security rules to allow access to applications

BRKACI-2770 42


Our automation use cases

• Postman – Configuring Bridge Domains (subnets)

• Ansible – Configuring switch interfaces

• Python – Extending ACI with L2 to legacy networks

• UCSD – Adding EPGs to Bridge Domains (subnets) and providing connectivity

BRKACI-2770 43


1. Postman – Configuring Bridge Domains (subnets)

BD: 192.168.100.x_24

GW:192.168.100.1/24


BD: 192.168.101.x_24

GW:192.168.101.1/24


BD: 192.168.102.x_24

GW:192.168.102.1/24


Tenant: Ciscolive

VRF: vrf-01

Tenant: Common

VRF: vrf-01

Route Leak 0.0.0.0/0

Ext Switch: 6ka

VRF: global

Ext Switch: 6kb

VRF: global

Sub-interfaces running OSPF

BD: 192.168.103.x_24

GW:192.168.103.1/24


BD: 192.168.104.x_24

GW:192.168.104.1/24


BRKACI-2770 44


2. Ansible – Configure additional switch interfaces

APIC

APIC

APIC

BRKACI-2770 45


Poolsall_vlans

AAEPall_vlans

Leaf Policy

GroupsESX_Hosts


Interface Policies

Leaf ProfilesESX_Hosts

Switch Policies


Interface

Selectors1/1, 1/2, 1/3….


Configure additional Leaf

switches with selected Leaf

ProfileLeaf Profile mapped to

switches


attached device i.e.

ESX_Hosts

Switch Policies


Switch Policies


BRKACI-2770 46


Poolsall_vlans

Domainsphysical_servers

AAEPall_vlans

Leaf Policy

GroupsLinux_Hosts


Interface Policies


Switch Policies


Interface

Selectors1/11, 1/12, 1/13….

Leaf Policy

GroupsESX_Hosts

Interface

Selectors1/1, 1/2, 1/3….

Leaf Policy

GroupsWindows_Hosts

Interface

Selectors1/21, 1/22, 1/23….


Configure additional interfaces

on Leaf switchesLeaf Profile mapped to

switches


switches

BRKACI-2770 47


vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App

3. Python – Extending ACI with L2 to legacy networks

EPG: Web


VLAN: dynamic

Domain: outside

Path: vPC_to_outside

EPG: App


VLAN: dynamic

EPG: DB


VLAN: dynamic

BD: L2

GW:N/A

Advertise Externally: N/A

BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

Portgoup:

Ciscolive:MyApp:DB

VM VM VM

Communication allowed Communication allowed


BRKACI-2770 48


vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App


4. UCSD – Adding Application Profiles/EPGs and providing external connectivity

EPG: Web


VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB


VLAN: dynamic

BD: 192.168.10.x_24

GW:192.168.10.1/24


BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

Portgoup:

Ciscolive:MyApp:DB

VM VM VM

Tenant: Common

VRF: vrf-01


Ext Switch: 6ka

VRF: global

Ext Switch: 6kb

VRF: global Communication allowed Communication allowed


Sub-interfaces running OSPF

BRKACI-2770 49

How can I get started ….


First you need a basic understand of the ACI Policy Model

BRKACI-2770 51


What is the ACI Policy Model?

The ACI policy model enables the specification of application requirements policies. The APIC automatically renders policies in the fabric infrastructure.

When a user or process initiates an administrative change to an object in the fabric, the APIC first applies that change to the policy model. This policy model change then triggers a change to the actual managed endpoint.

This approach is called a model-driven framework.

BRKACI-2770 52


https://{{APIC}}/

BRKACI-2770 53


https://{{APIC}}/doc/html/

BRKACI-2770 54


Managed Objects

AAA, SecurityTenants – User,

Common …

Policy Universe

APIC Controllers

…

Layer 4-7

Services

Fabric, Access,

Inventory …VM Domains …

Tenant

FilterApplication

ProfileOutside Network ContractBridge Domain VRF

EPG

Subnet Subject

BRKACI-2770 55


https://{{APIC}}/visore.html

BRKACI-2770 56

Using Postman


Pros:

• No/little scripting experience required

• Both network and server operating systems can be managed

• It’s extremely easy to use

Cons

• Some knowledge of JSON/XML required

Why use Postman?

BRKACI-2770 59


vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App


Step 1: Build your required object(s) in the GUI

EPG: Web


VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB


VLAN: dynamic

BD: 192.168.10.x_24

GW:192.168.10.1/24


BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

Portgoup:

Ciscolive:MyApp:DB

VM VM VM

Tenant: Common

VRF: vrf-01


Ext Switch: 6ka

VRF: global

Ext Switch: 6kb

VRF: global

BRKACI-2770 60


vDS

Portgoup:

Ciscolive:MyApp:Web

Portgoup:

Ciscolive:MyApp:App


Step 2: Save your configuration

EPG: Web


VLAN: dynamic

EPG: App


VLAN: dynamic

EPG: DB


VLAN: dynamic

BD: 192.168.10.x_24

GW:192.168.10.1/24


BD: 192.168.11.x_24

GW:192.168.11.1/24


BD: 192.168.12.x_24

GW:192.168.12.1/24


Tenant: Ciscolive

VRF: vrf-01

VM VM VM VM VM VM

Portgoup:

Ciscolive:MyApp:DB

VM VM VM

Tenant: Common

VRF: vrf-01


Ext Switch: 6ka

VRF: global

Ext Switch: 6kb

VRF: global

BRKACI-2770 61


Step 3: Prettify your JSON

BRKACI-2770 62


Step 4: Understand the configuration code

Application Profile

“path” to the

Application Profile

Children of the

Application Profile

Endpoint Group

Endpoint Group name

Children of the

Endpoint Group

Provided Contract

Contract name

Domain

Domain name

(VMM)

Bridge Domain

Bridge Domain name

Application Profile

name

BRKACI-2770 63


Step 5: Select parameters to use as variables

Application Profile“path” to the Application

Profile (variable)

New “status”

object (variable)

Endpoint Group

Endpoint Group

name (variable)

Provided Contract

Contract name

(variable)

Domain

Domain name

(VMM) (variable)

Bridge Domain

Bridge Domain name

(variable)

Application Profile

name (variable)

New “status”

object (variable)

“path” to the Endpoint

Group (variable)

BRKACI-2770 64


Step 6: Create a variable file

Option: created

Option: created,modified

Option: deleted

Option: created

Option: created,modified

Option: deleted

BRKACI-2770 65


Step 7: Create Postman environment

BRKACI-2770 66


Step 8: Create a POST and Insert JSON with variables

BRKACI-2770 67


Step 9: Select file with input variables

BRKACI-2770 68


Step 10: Monitor output

BRKACI-2770 69


Bridge Domains – before Runner

BRKACI-2770 70


Bridge Domains – after Runner

BRKACI-2770 71

Using Ansible


Pros:

• No/little scripting experience required

• Both network and server operating systems can be managed

• Inbuilt modules for many devices to be managed (Not just ACI)

Cons

• Some knowledge of JSON/YAML required

Why use Ansible?

BRKACI-2770 75


Ansible Terminology

• Modules

• Roles

• Playbooks

• Hosts / Groups

• Adhoc Mode

• Ansible-Galaxy

BRKACI-2770 76


ACI Modules Built into Ansible

This module

enables ANY ACI

REST call to be

configured

BRKACI-2770 77


ACI Modules Built into Ansible Comprehensive Help Manual

Pages for Each Module

BRKACI-2770 78


How to create your own Roles

templates/defaults/ files/ handlers/ meta/ tests/ vars/tasks/

roles/

aci_create_leafprofile/

main.yml

BRKACI-2770 79


Using Ansible to configure switch interfaces

1. Create an Interface Policy | Leaf Profile

2. Modify a Switch Policy | Leaf Profile to reference the Interface Policy | Leaf Profile

BRKACI-2770 80


Step 1: Create new custom Roles for the REST calls with Ansible Galaxy

BRKACI-2770 81


Step 2: Create APIC Credentials Variables File

Individual Variable

Key/Value Pairs

BRKACI-2770 82


Step 3: Create Leaf and Switch Profiles Variables File

Variable List Name

Individual Variable

Key/Value Pairs

Variable List Name

BRKACI-2770 83


Variable List Name

Individual Variable

Step 4: Modify the main.yml in the Tasks Directory of the custom Role

Variable List IterationInsert JSON from

saved object

BRKACI-2770 84


Step 5: Create a Playbook to run multiple Roles

Invoke Roles in this

order

Roles will be invoked by the

local Ansible server

BRKACI-2770 85


Switch/Interface Policies (Leaf Profiles) – before running the Playbook

BRKACI-2770 86


Step 6: Load the Relevant Variables and Run the Playbook

BRKACI-2770 87


Interface Policies (Leaf Profiles) – after running Ansible Playbook

BRKACI-2770 88


Switch Policies (Leaf Profiles) – after running Ansible Playbook

BRKACI-2770 89

ACI Programmability with Python


Pros:

• Very Flexible

• SDKs available for many Cisco APIs including UCS, ACI and others

Cons

• Scripting/Programmatic Knowledge Required

• More Complex than Previous Examples

Why use Python?

BRKACI-2770 92


What is Cobra?

• ACI Cobra

• The acicobra package is the SDK and used for interacting with the controller. Here are a few modules and more commonly used classes inside of cobra.mit:

• Session: used to create sessions with the APIC using either the LoginSession or CertSession classes

• Access: used to login/logout of the APIC, and to submit query and configuration requests using the MoDirectory class.

• Request: used for building queries using the DnQuery and ClassQuery classes, and for building configuration requests using the ConfigRequest class.

• ACI Model: The acimodel package contains modules that model the MIT. Modules in this package are under cobra.model, and are too numerous list. Cobra is a 1-to-1 mapping of the object-model. Therefore, every class in the object-model is represented by a class in the acimodel package.

93BRKACI-2770


What is ARYA and WebArya?

• APIC REST to pYthon Adapter

• Simplifies the building of Python scripts by automatically generating a file that uses Cobra's classes and functions to build new configurations.

• These are the three main benefits of using Arya:

• Shortens the time it takes to build a configuration script

• Easier than reading through the API Documentation

• Teaches how to use the API by example

• What is WebArya:

• A Standalone Web frontend to ARYA

• Python code output utilises Cobra SDK

BRKACI-2770 94


Requirements for WebArya

• Python 2.7

• Pip

• Download Cobra SDK

• Install Cobra

95BRKACI-2770


Requirements for WebArya

• Download and Install WebArya

• Run the WebArya Web Service

WebArya Service

Started on Port 8888

BRKACI-2770 96


WebArya Example

There are four basic steps to using WebArya:

• Collect sample configuration data from the GUI

• Use the sample data as input into WebArya to build a script

• Make necessary edits to the WebArya's output

• Execute the resulting Python script

BRKACI-2770 97


Extending ACI with L2 to legacy networksStep 1: Save existing configuration

EPG: vlan-501

Domain: outside


EPG: vlan-502

Domain: outside


EPG: vlan-503

Domain: outside


BD: vlan-501

GW:N/A

Advertise Externally: N/A

BD: vlan-502

GW:N/A


BD: vlan-503

GW:N/A


Tenant: Ciscolive

VRF: vrf-01

BRKACI-2770 98


Step 2: Paste downloaded JSON response into WebArya

BRKACI-2770 99


Step 3: Copy resulting Python code into a text editor

BRKACI-2770 100


(Optional) Step 4: Create a credentials file

BRKACI-2770 101


Step 5: Modify text file

Remove this

RuntimeError

Add this line if

using credentials file

Credentials.py

BRKACI-2770 102


Step 5: Modify text fileModify these values

to the credentials file

variables

Create variables to

be used in the REST

call to APIC

BRKACI-2770 103



Replace static

objects with

variables created in

previous step

BRKACI-2770 104



Replace remaining

static objects with

variables created in

previous step

BRKACI-2770 105


Step 6: Save text file as Python file and execute

BRKACI-2770 106

ACI Automation with UCS Director


Pros:

• Off the shelf commercial product with full support

• Drag and Drop Workflow Orchestrator with Rollback

• ~250 ACI Tasks Out of the Box

• End User Portal for Catalogue Consumption

• Support for Cisco and non Cisco products – Compute, Network, Storage, VM Deployment etc.

• Extensive Northbound API

Cons

• Some Scripting (JavaScript) maybe required for Extensibility Beyond OOB Tasks

Why use UCSD?

BRKACI-2770 110


UCSD Example: Adding EPGs to Bridge Domains

BRKACI-2770 111


UCSD Example: Workflow End User Inputs

End Users will be

Prompted for these

Values

BRKACI-2770 112


UCSD Example: Using the Orchestrator

Individual

Workflow

tasks

BRKACI-2770 113


UCSD Example: Mapping Inputs to Tasks

Input Mapped to

Output of Previous

Task

Input Mapped to

End User Input

BRKACI-2770 114


UCSD Example: Running the Workflow

BRKACI-2770 115


UCSD Example: Email Notification (Optional)

BRKACI-2770 116


UCSD Example: Adding EPGs to Bridge Domains

BRKACI-2770 117


UCSD Example: Rollback

BRKACI-2770 118


UCSD Example: Rollback in Action

BRKACI-2770 119


Invoking UCSD’s Northbound API with Postman/Runner

BRKACI-2770 120


Invoking UCSD’s Northbound API with Postman/Runner

BRKACI-2770 121


APIC after Runner Operation

BRKACI-2770 122


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKACI-2770


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

126BRKACI-2770

Thank you

Documents

Cisco Live 2018 Bareclona