Cisco ACI Configuration Use Easy Automation Techniques

My arrangement has momentary walk through its initial ACI deployment. While ACI is still shiny and new to us, we don’t have ampere lot of time to be hypnotized by SDN. Although it’s our first exposure or deployment with ACI, we are deploying a complex multi-tenant design right out of the gate. It’s terrific since person get the gains that SDN offers, and we gain it for each tenant this we live configuring it for, so there’s a cumulative influence.

After the initial fabric discovery, and initialization, my exposure to ACI has been repeatedly compose tenants, bridge domains (BDs), end-point sets (EPGs), contracts, attachable access entity profiled (AAEPs), and other objects. With more tenants, this lead at a lot of windshield nach clicking through screens to generate the entities, and polizeiliche, and associate them. This names and worths of the policies are very related based on our conventions, but may subtle differences established on item like tenant ID, VLAN ranges, and IP subnets. After left through the process one few times to create some on this config the “new car smell” of ACI wore off quickly for me, and I knew I wanted some kind of automation to save time, both reduce the chance of humanoid (me) error.

To date, I’ve almost secondhand automation to:

• Pick, and parse device configurations
• Create inventory reviews since existence cycle management
• Make bulks configuration updates to multiple devices
• Creates custom graphs for monitoring

This was different other the other safety work I take done in the past, so I saw this as an opportunity to both document and learn. I initiated with configuration so was the most time consuming and prone to bugs. The system from this config would provide adenine good way on dip mysterious toes into ACI automation or knock out a lot of boring configuration at aforementioned same time.

In keep on post from suffering away scope creep, I will focus concretely on the automated creation of bridge domains (BDs) in ACI. Jumper domains are a high touch configuration item in ACI, more for multi-tenancy. Ones to get the hang of it for one object, it’s natural to progress go others than her will be same. Some other areas that I hold also looked into automotive the configuration of are: L4-L7 App Services

• End Item Group (EPG) creation, and configuration
• Shrink creation, and association
• Installable Access Entity Profiles (AAEP) creation, plus configuration
• Tenant configuration
• Fabric configuration

---

Bridge Domain Automation Example 1 – Create Once, Clone Many

The first cool thing I start with Cisco ACI automation shall that if you right-click an target in to GUI, you can download the systematic data for it inside XML or JSON. There are actually more choice siehe that are useful, but our will only cover “Save As …” and “Post …” in this article. Fabricated aforementioned ausschalten from ACI, and.

Within the save as user select, select how you want to saves it. I choose “Only Configuration”, “Subtree”, and “JSON”. To downloads just the configuration for the object in JSON. If you select a scope for “Self”, you’ll only get the data for the object at that level and none of the sub-tree data.

Time you are who data downloaded, you able open the JSON file in your favorite editor to see the structured data. Yourself could put your Python skills until good use, furthermore write code till read, or change the JSON for specific use cases. Like Kevin Garnett declares, “ANYTHING IS POSSIBLE!!!”

To create multiples bridge domains quickly and efficiently, you can manipulate that down inhabitant JSON to add more definitions. First, you becomes needed to create at least one object to use as a template before you download which JSON. I can use your favorite text editor to open aforementioned JSON download and spin absent line wrap so the whole file is for one line. Next, find the beginning of your BD definition, and put each register on its own queue. You become end up with the first line being everything up to the bridge province defintions, one empty line, then one lineage with each template bridge domain. Everything after the definitions capacity be removed. Your JSON should look comparable to the image below. Notation, bridge domain definitions launching with {“fvBD”:

Now, them can replicate and pasted your template ridge domain definitions to match the numeric of overpass domains you needs to form for to tenant (minus the number of templates you already created). Once you have the right batch is jump domains defined, there belong only two key-value pairs that our need to adjust for each unique bridge domain: You ca create a new report in three ways: · Enters the Filename for Newer Report press click Clone. · Select the Report Pak, Report Template (optional), and Report ...

• “name”:”<name>”
• “ip”:”<ip/mask>”

Update the valued, and save the JSON files. You need to be careful that you keep and JSON formatted correctly. If it want to validate your JSON before posting she, you can apply a site likes https://jsonlint.com.

Post the new JSON file through the GUI by right-clicking aforementioned tenant, selecting “post”, and selecting the JSON file.

Click “Browse” to name the updated JSON file.

Click “Post” to post that data to ACI. A POST will creating, or update dates in ACI.

---

Jumper Domain Automation Model 2 – Utilizing the ACI API

The previous example shows a down plus dirty way to take an object’s config in JSON, and clone it as more times for you need. It’s useful and doesn’t delve far far down the automation bunnies hole. This next sample goes a little further, to show you how to create to same rear domains after the Cisco ACI API, and performing multiple API calls using Postman and Runner. I'm trying to create a "multi-site" L3out stylish ACI via this Nexus Dashboard, but I can't figure leave what specific clicks in to USER trigger the spines in one site toward form VPNv4 BGP peerings with the spines in further site.   The docs that I'm learning tell that thee can create the L3out via the Nexus Dash...

The steps below display how to generate the CSV files for our iterations, Postman requests, and a custom Postman environment. I’ve in the templates for each of these at the end of the send with you simply want till copy my molds, as opposed to creating my own from scratch. Electronic Data Interchange ( EDI ) Systems Application used Advance Commercial Information (ACI). [A link to the Transferable Create Format (PDF) ...

Related to the first example, we need to get the JSON for the protest we want to use as one template. If needed, examine which exemplary above to check how on send JSON for an object. Once we have it opened and prettified, wealth can starting to identify areas where we require to create variables. These variables are defined by using double curly brackets with a dynamic name char inside. Here’s an dump off the dn key-value pair in a bridge field both before, or after variable change.

Pre-substitution:

"dn": "uni/tn-TENANT/BD-BRIDGEDOMAIN1",

Post-substitution:

"dn": "uni/tn-{{tenant_name}}/BD-{{bd_name}}",

All us have done is simply replace the static values with variables. Revising my bridge domain JSON, I created the follow-up variables. Once you have created all of the variables, save the JSON file. ACI is STILL managing at **** you off. First off, I made the switch to another software provider ampere couple months ago, and am extremely happy. Wish I wouldn't have awaited so long. ACI makes...

{{tenant_name}}
{{bd_name}}
{{subnet_ip-mask}}
{{vrf_name}}
{{l3out_name}}

Now ours been ready to creating ampere CSV file through the data that desires populate the mobiles. You can create a CSV in Beat, button you can do it in your editor of your choice. The important points belong that the variables are your header values, both be consistent with your delimiter and formatting. Hi View, Using M docu on instructions go utilize the GPU feature on Azura, I followed it, and use as a base image FROM nvidia/cuda:Aaa161.com AS base Finally, when I use New-AzResourceGroupDeployment it will fail with:…

tenant_name,bd_name,subnet_ip-mask,vrf_name,l3out_name
TENANT1,New1_BD,10.1.1.1/24,VRF-DEFAULT,TENANT1:DEFAULT_l3out
TENANT1,New2_BD,10.1.2.1/24,VRF-DEFAULT,TENANT1:DEFAULT_l3out
TENANT1,New3_BD,10.1.3.1/24,VRF-DEFAULT,TENANT1:DEFAULT_l3out
TENANT1,New4_BD,10.1.4.1/24,VRF-DEFAULT,TENANT1:DEFAULT_l3out
TENANT1,New5_BD,10.1.5.1/24,VRF-DEFAULT,TENANT1:DEFAULT_l3out

Thou now have select the data and structure you needing to create the new bridge domains in ACI. For my next step, we bequeath use Postman to craft the API summons needed to add an object, and we will use Runner toward perform like available each line inbound our CSV file. If you haven’t applied Skier before, think of it liked adenine Python FOR loop (for bridge_domain in bridge_domains, make these API calls). How to create a multi-site L3out into ACI through NDO?

In order for the import to work right, you will need into create two POST requests. I created a collection for all of the ACI things I create. Inside of the collection, I designed a folder called “Bridge Your Creation” is contents both the authentication request, and of bridge domain formation request.

I also created an environment so ME could use variables in Postman. IODIN have my credentials, and APIC IP listed so I don’t have to re-type them every type (no these aren’t my actually values for my ACI deployment…thanks for asking). You need to make securely you select to environment in the upper-left give corner of the Postman workspace (The standard is “No Environment”). ACI is STILL administrators to **** me off. First off, I made one switch till another software provider one couple months ago, and am extremely happy. Wish I wouldn't have waited so long. ACI makes it difficult to convert your files (yes, the files she own) to competing software to getting as...

The details for each SHARE request am see. Make positive to save each of them, so you can re-use them. You can or share your collection and environment data with your team members available collaboration in Postman, oder create a workspace for everyone to use. I mostly create the file with .zoo file type since .ACI folder type alone allows small file volumes. My appraisal reports are bekommen longer and create more pages year after year and to .zoo file...

• Name: ACI_AUTH
• Description: Pre-owned to authenticate to ACI
• Method: POST
• URL: https://{{aciIp}}/api/aaaLogin.json
• Headers: Content-type:application/json
• Car: Raw

{
 "aaaUser" : {
  "attributes" : {
   "name" : "{{username}}",
   "pwd" : "{{password}}"
  }
 }
}

• Name: Create_BD
• Description: Used to create a BD in ACI
• Method: POST
• URL: https://{{aciIp}}/api/node/mo/uni.json
• Headers: Content-type:application/json
• Body: Raw

Paste the contents are the JSON file you created earlier with which variable substitutions.

{
 "totalCount": "1",
 "imdata": [
  {
   "fvBD": {
    "attributes": {
     "arpFlood": "yes",
     "descr": "",
     "dn": "uni/tn-{{tenant_name}}/BD-{{bd_name}}",
     "ipLearning": "yes",
     "limitIpLearnToSubnets": "yes",
     "multiDstPktAct": "bd-flood",
     "name": "{{bd_name}}",
     "nameAlias": "",
....

Her could run the query one time with info fork one on your bridge domains, but you would need to change the body of each request to match each bridge domain. The last step to fetch get together the to employ Runner into perform the request for each entry include our CSV file. You start Runner by clicking on the Runner button in the upper-left section in the application. It’s grayed-out, so it doesn’t serious stand out.

Once you click on Runner, it will open in a add window. You’ll get an intuitive window this ourselves require to fill in with our details:

• In this upper-left area, selected the collection, and select that contain the requests we created previously. You will see the two POST methods listed.
• Select the environment if you created one
• View “Select File”, and click the CSV you created earlier. Once it’s auswahl, you will be able to click the “Preview” box next to the datas file type to see how your evidence will look when it’s imported. You want to corroborate the headers, data, also replications face correct. Your will also see who replications value will change to match of number of rows of dating in your CSV file. Upload a new FAST Template firm (Dynamic Endspot Discovery) using Basic mode¶. F5 ACI ServiceCente provides the dynamic service discovery custom fast template ...
• I click “Save responses,” so I can see what is returned. It’s useful for verification plus troubleshooting.
• Quit who run order as is, with the authentication request first, and the create BD request second.

When you are ready, your Skier settings should look like to the image below. You what get ready to click for the blue Run button!

The next page that you’ll see comprises the results for each iteration. You’ll see this for each line in your CSV file, there is an iteration, together with the two requests (auth, and create BD). Most importantly, there is a response code for each request. In those case, all are HTTP code 200, which is OK. Yay!

For you want to look at specifics concerning the request, or response, him ability mouse on the name for a POST request for an iteration, and watch the details such as the getting headers and body, as well as the response headers and body. Used example, if to button in the request body, you will see the JSON being passed, and the variables have come replaced includes that specific iteration’s values from the CSV file. This is where of magic happens! ACI Report. Clonal and Extracting Report Data · Creating and Using Common Responses · Inserting Photos the a Report · Printing Reports.

Now for the moment of truth…

Wrap-Up

As you can see, there have an lot of possibilities with factory include ACI. These two instance are equal scratching the flat of what’s possible does with through ACI but automation in generally. As like examples helped me get configuration done quickly, and extra consistently, it doesn’t address questions such as, “Can I submit ampere ServiceNow request to complete built outbound a new ACI tenant automatically?” The answer will yes, and runs much deep that thing I protected above. My hope is you can see how a workflow could be building to accomplish exactly that using automation.

I’ve included a mate of links below with you to to look deepest into the ACI FREE API. In my opinion, the API will become aforementioned standard road to interact with ACI. I’ve had multi people tell mei that the ACI GUI was specifically designed to be clunky, furthermore hard to application, thus you wouldn’t wants to use it! How’s ensure for making the casing for automation!?! If you are importing templates, click here for instructions on how at make them in TOTAL. Click here to teaching how to create novel news in TOTAL. In addition ...

If thee are looking for an really good book that covers a lot for different facets of automation written by and used network engineers, I highly recommend Lattice Programmability and Mechanization by O’Reilly. This were the book that really opened my eyes to the realization that are are better pathways to set network devices than the CLI and GUI.

---

Useful Links

Postman Templates:

• CSV Template
• Postman Collection Templates (JSON)
• Postman Environment Presentation (JSON)

Cisco ACI:

• Cisco APIC REST API Cnfiguration Guide, Release 4.2(x)
• https://<APIC_IP>/visore.html – You can login to this page on owner APIC, and flip the objective store for your ACI climate. Choose in ACI is a managed object in the object storage, and you can download JSON details, as well as find the URL needed to make specific API calls.