APIC EM playbook v2 1
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (41.87 MB, 504 trang )
Cisco APIC-EM – Go to Deployment Playbook
dCloud: The Cisco Demo Cloud
Last Updated: 15-APRIL-2017
Created in partnership with Aricent’s “Cisco DNA Acceleration Team”.
About This Solution
The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is our software-defined networking (SDN)
controller for enterprise networks (in the campus or branch and the WAN). It delivers an elastic platform for policy-based
automation that simplifies and abstracts the network. It can enable transformation of business intent to network control. The
platform is built to host multiple, easy-to-use SDN applications that use open, northbound representational state transfer (REST)
APIs and drive core network automation solutions. The platform also supports a number of southbound protocols that enable it to
communicate with the breadth of network devices customers already have in place, and extend SDN benefits to both Greenfield
and Brownfield environments, immediately from the start. The goal of the APIC-EM platform is to power next-generation SDN
applications that will dramatically lower operational expenditures and increase network agility to align with business needs.
The APIC-EM platform supports both wired and wireless enterprise networks across the WAN, and access and wireless
infrastructures. It offers superior investment protection, and works with both existing and new infrastructure.
The APIC-EM platform delivers many significant benefits. For example, it:
•
Creates an intelligent, open, programmable network with open APIs
•
Can help customers save time, resources, and costs through advanced automation services
•
Can transform business-intent policies into dynamic network configuration
•
Provides a single point for network-wide automation and control
About This Playbook
This Playbook is aimed at Cisco Channel Partners and serves as a go to deployment guide when deploying the Cisco APIC-EM. It
attempts to cover several real-life use cases in addition to the standard deployment designs. The playbook also covers standard
and custom configurations of all the in-built Applications and Services within the APIC-EM. Finally, the playbook will also
encompass how to comprehend and utilize the North-Bound API interface of the APIC-EM controller. The following points
summarize what you will take away from the guide:
•
What are Software Defined Networks (SDN) and how does the Cisco APIC-EM play a role in SDN
•
Deploying the Cisco APIC-EM in Single Host Mode and in a Cluster
•
Discovering network devices and adding them to the controller’s Device Inventory
•
Using the four in-built Applications: PnP, IWAN, Easy QoS and Network Path Visualization
•
Customized use cases showcasing multiple dimensions of the in-built applications
•
Learning how to integrate the Cisco Identity Service Engine and the Cisco Prime Infrastructure with the APIC-EM
controller
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 504
•
Learning in detail about the Northbound Application Interfaces of the APIC-EM controller and how to leverage it in order to
create automation scripts using Python
dCloud: The Cisco Demo Cloud
After reviewing this guide, you will meet the following objectives:
•
Understand how to Deploy the Cisco APIC-EM controller in Single Mode setup as well as a Cluster
•
Understand how the APIC-EM controller Discovers and Tags Network Devices
•
Understand how to use the in-built four applications with the APIC-EM controller
•
Learn how to utilize the in-built applications in different real life use cases
•
Understand how to integrate the Cisco ISE and the Cisco PI with the APIC-EM controller
•
Comprehend the API structure of the APIC-EM controller and learn how to leverage it using automation scripts based in
Python
Guide Profile and Contact Link
Guide Profile – How to use the Playbook
This guide/playbook is classified into five modules. Each module will serve a purpose in assisting Cisco Partners with the different
aspects of the Cisco APIC-EM controller.
•
Module-1 SDN and APIC-EM Introduction: In this module, the guide will attempt to expand upon the user’s current
understanding of Software Defined Networks and how the Cisco APIC-EM fills the role of a central SDN controller in
Cisco Enterprise-Networking.
•
Module-2 APIC-EM Design and Deployment: The guide will explain the different ways to deploy the APIC-EM controller in
your environment followed by step-by-step instruction of setting up an APIC-EM cluster. The module will also guide the
user through discovering network devices deployed in an environment using the APIC-EM controller and show-casing
them in a Topology diagram.
•
Module-3 APIC-EM Apps: The third module will take the user through the four in-built applications within the controller.
From explaining their use to a step-by-step instruction (with screenshots) on how to execute their functions. This will
include the Plug-and-Play App, the IWAN App, the Easy QoS App and the Network Path Visualization App.
•
Module-4 APIC-EM Use-Cases: Since the aim of the guide is to help partners explore a plethora of practical applications
using the APIC-EM controller, Module 4 will systematically display the configuration of several practical use-cases. For
this purpose, the guide will also defer from the base topology. In addition to the use cases, this module will explain how to
integrate the Cisco Identity Services Engine and the Cisco Prime Infrastructure with the APIC-EM controller.
•
Module-5 APIC-EM Northbound APIs: The Cisco APIC-EM controller hosts a huge collection of northbound APIs, which
allow users and network administrators to push configuration remotely. The APIs can also be leveraged to achieve
automation tasks using an automation script. The module will explain the controller’s Northbound API structure and how
to write basic automation scripts in Python to leverage the API structure.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 504
The guide will follow a standard topology when showcasing most configuration examples. However, the guide also aims to cover a
variety of practical applications of the controller’s features. As a result, the topology will change from time to time and the user will
be updated with these changes at the start of the exercise.
dCloud: The Cisco Demo Cloud
Contact Links
As of the writing of this document, the current relevant documentation could be found on the Cisco Website at the following links:
•
Cisco APIC-EM Installation and Deployment: />
•
Cisco APIC-EM Configuration Guide: />
•
Cisco APIC-EM on DevNet: />
•
Solution Guide for Network Plug and Play: />
•
Cisco IWAN Application on APIC-EM: />
•
Cisco Prime Infrastructure: />
This guide was constructed using the following software and hardware in the configuration examples:
•
Cisco 2911 - This is a Cisco ISR-G2 model running version 15.6 in the demo topology being used in the guide.
•
Cisco 3750 - This is a Cisco switch through which all devices at the HQ site will be connected.
•
Cisco CSR – This is the Cisco Cloud Services Router running on an ESXi host.
•
Cisco Wireless Access Point – A Cisco AP is connected to the switch at the HQ site in the demo topology and is
controlled by a Cisco Wireless LAN Controller. The model is a AIR-LAP1142N.
•
Cisco Wireless LAN Controller – A Cisco Wireless LAN Controller is used to control the Cisco AP connected in the
demo topology. It will be integrated into the Cisco APIC-EM controller. The model is a Cisco 2500 series WLC.
•
Cisco APIC-EM – The version of the Cisco APIC-EM controller running in the demo topology is 1.3.3.126. There are 3
instances of the controller installed. An upgrade of the APIC-EM controller has been showcased (upgraded to 1.4.0.1959)
•
Microsoft Active Directory/DNS/DHCP - A Microsoft Windows server has been configured to act as the AD, DNS and
the DHCP server.
•
Windows Wired Client – A windows PC connected through the Cisco switch at the HQ site in the demo topology.
•
Windows Wireless Client – A windows PC connected to the network at HQ in the demo topology through the Cisco
Wireless Access Point.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 504
Table of Contents
About This Solution ............................................................................................................................... 1
dCloud: The Cisco Demo Cloud
About This Playbook .............................................................................................................................. 1
Guide Profile and Contact Link ............................................................................................................... 2
Guide Profile – How to use the Playbook ......................................................................................................... 2
Contact Links .................................................................................................................................................. 3
Requirements ........................................................................................................................................ 5
Recommended Prerequisite Knowledge ................................................................................................................. 5
Disclaimer ............................................................................................................................................. 6
Topology ............................................................................................................................................... 7
Module 1.
Software Defined Networks and the Cisco APIC-EM ......................................................... 9
A Definition of Software Defined Networks ............................................................................................................ 9
Why is SDN needed – Limitations of Static Networking .......................................................................................... 9
Cisco’s Perspective on SDN ....................................................................................................................................11
Module 2.
Cisco APIC-EM Design and Deployment...........................................................................12
Installing APIC-EM: Bare-Metal and Hypervisor ....................................................................................................13
System Requirements for Installing APIC-EM – Bare Metal Server and Virtual Machine .....................................14
APIC-EM Deployment options ...............................................................................................................................15
APIC-EM Single Host Deployment..........................................................................................................................17
APIC-EM HOME Page Exploration ..........................................................................................................................47
Network Discovery Using the Discovery App.........................................................................................................50
Understanding the discovery results .....................................................................................................................57
The Device and Host Inventory – Device Inventory...............................................................................................62
Device Tagging .......................................................................................................................................................71
The Device and Host Inventory – Host Inventory ..................................................................................................80
Topology Visualization using the Topology App ....................................................................................................81
Module 3.
APIC-EM Apps ................................................................................................................99
PNP APP – Plug N Play.................................................................................................................................. 101
Adding a device to APIC-EM via PnP ....................................................................................................................110
Provisioning an Unclaimed Device .......................................................................................................................124
EasyQoS App ............................................................................................................................................... 146
EasyQoS – Applying a static QoS policy ...............................................................................................................149
The IWAN Application .................................................................................................................................. 160
IWAN Design Models ...........................................................................................................................................162
In this Guide .........................................................................................................................................................165
Hub Site provisioning configuration ....................................................................................................................167
Branch site provisioning configuration ................................................................................................................186
The Path Trace Application........................................................................................................................... 196
Module 4.
APIC-EM Use-Cases....................................................................................................... 215
EasyQoS Use Cases ...................................................................................................................................... 217
Adding custom applications and advanced policy configuration ........................................................................219
Dynamic EasyQoS configuration ..........................................................................................................................252
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 504
ISE and PI – Integration with APIC-EM .......................................................................................................... 287
APIC-EM External User Authentication with Cisco Identity Service Engine: .......................................................287
Cisco Prime Infrastructure integration with APIC-EM .........................................................................................311
dCloud: The Cisco Demo Cloud
IWAN Use Case ............................................................................................................................................
319
Added Components in IWAN Use Case................................................................................................................319
Performance Router Policy with TRANSIT HUB Configured ................................................................................319
Simulating an example scenario ..........................................................................................................................320
Configuring the Transit HUB Site .........................................................................................................................322
Provisioning BRANCH2 Site ..................................................................................................................................336
Plug and Play Application Use Cases ............................................................................................................. 346
Using variables and templates in the PnP App ....................................................................................................347
Bulk Import option available in APIC-EM .............................................................................................................361
Module 5.
APIC-EM API Integrations ............................................................................................. 369
Understanding North/South Bound APIs .............................................................................................................370
APIC-EM API using Swagger .................................................................................................................................377
API Topology ........................................................................................................................................................377
APIC-EM API using Postman ................................................................................................................................393
Automation with APIC-EM API using Python .......................................................................................................403
Appendix A. Initial Setup of an APIC-EM Appliance ........................................................................... 451
Installing the Cisco APIC-EM Series Appliance .....................................................................................................451
Appendix B. Adding an APIC-EM host to a cluster ............................................................................. 459
Appendix C Upgrading APIC-EM through the GUI................................................................................ 464
Verify the Upgrade ............................................................................................................................. 468
Appendix D - Installation of the IWAN App on APIC-EM....................................................................... 471
Appendix E – Scripts for Module 5....................................................................................................... 479
Appendix F – The Settings Menu (Backup and Restore) in APIC-EM ..................................................... 485
Appendix G – The Command Runner App ............................................................................................ 495
Requirements
The table below outlines the requirements for this preconfigured demonstration.
Table 1.
Requirements
Required
Reason
● Laptop
● To review the guide
Recommended Prerequisite Knowledge
•
Good hands on understanding of the Cisco Enterprise Networks including Routing and Switching Protocols
ã
A basic understanding of WAN and QoS
â 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 504
•
Elementary concepts of APIs and Python would be preferred but not required.
Disclaimer
dCloud: The Cisco Demo Cloud
This current iteration of the playbook is to demonstrate one way to deploy the Cisco APIC-EM and configure it various features.
The objective behind this playbook is so that Cisco System Engineers, Field Engineers and Partners can reference the real-life use
cases documented in this guide. However, the reader must perform compatibility and customer network reviews before
implementing the topics covered in this guide. Also, please ensure that you consult all current official Cisco documentation before
proceeding with a design or installation. This playbook is primarily intended to be a learning tool, and may not necessarily follow
best practice recommendations at all times, in order to convey specific information. This guide is not intended to be a deployment
guide. It is intended for learning purposes only.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 504
Topology
Figure 1.
Demo Base Topology
dCloud: The Cisco Demo Cloud
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7 of 504
Table 2.
Preconfigured Information
Device Name
HQ-SW.demo.local
IP Address
Telnet/SSH
Username
10.10.201.254
admin
Telnet/SSH
Password
cisco
SNMP String
public
HQ-MC.demo.local
10.10.201.5
admin
cisco
public
HQ-BR-MPLS.demo.local
10.10.201.1
admin
cisco
public
HQ-BR-INET.demo.local
10.10.201.2
admin
cisco
public
BRNCH-SRDL.demo.local
10.10.202.1
admin
cisco
public
Wireless LAN Controller
10.10.201.111
wlc_admin
Cisco@123
public
APIC-EM-AP
10.10.201.101(DHCP)
NA
NA
NA
Wired Host
10.10.201.100(DHCP)
NA
NA
NA
Wireless Host
10.10.201.102(DHCP)
NA
NA
NA
Table 3.
dCloud: The Cisco Demo Cloud
APIC-EM Cluster Information
Server Name
APIC1.demo.local
IP Address
10.10.10.101
APIC2.demo.local
10.10.10.102
APIC3.demo.local
10.10.10.103
Cluster Virtual IP
10.10.10.100
Figure 1 displays the base topology, which will be used for the configuration demonstrations in the guide.
The APIC-EM Cluster is built on two ESXi 5.1 Hosts:
Table 4.
ESXi Host Information
Server Name
ESXi-1
ESXi-2
IP Address
192.168.1.11
192.168.1.61
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 8 of 504
Module 1.
Software Defined Networks and the Cisco APIC-EM
In this module, the guide will look to explain the need of Software Defined Networks, their advantages and their virtues. The
segment will then talk about how the Cisco APIC-EM controller expands and enhances these virtues in Cisco
Enterprise
dCloud:
The Cisco Demo Cloud
Networking, both at the access and the WAN level.
A Definition of Software Defined Networks
According to the Open Networking Foundation (ONF), software defined networking (SDN) is a network architecture that decouples
the control and data planes, moving the control plane (network intelligence and policy making) to an application called a controller.
SDN is currently being rolled out in a variety of networking devices and software, delivering substantial benefits to both enterprises
and carriers, including:
•
Centralized management and control of networking devices from multiple vendors;
•
Improved automation and management by using common APIs to abstract the underlying networking details from the
orchestration and provisioning systems and applications;
•
Rapid innovation through the ability to deliver new network capabilities and services without the need to configure
individual devices or wait for vendor releases;
•
Programmability by operators, enterprises, independent software vendors, and users (not just equipment manufacturers)
using common programming environments, which gives all parties new opportunities to drive revenue and differentiation;
•
Increased network reliability and security as a result of centralized and automated management of network devices,
uniform policy enforcement, and fewer configuration errors;
•
More granular network control with the ability to apply comprehensive and wide-ranging policies at the session, user,
device, and application levels; and
•
Better end-user experience as applications exploit centralized network state information to seamlessly adapt network
behavior to user needs.
SDN is a dynamic and flexible network architecture that protects existing investments while future-proofing the network. With SDN,
today’s static network can evolve into an extensible service delivery platform capable of responding rapidly to changing business,
end-user, and market needs.
Why is SDN needed – Limitations of Static Networking
Meeting current market requirements is virtually impossible with traditional network architectures. Faced with flat or reduced
budgets, enterprise IT departments are trying to squeeze the most from their networks using device-level management tools and
manual processes. Carriers face similar challenges as demand for mobility and bandwidth explodes; profits are being eroded by
escalating capital equipment costs and flat or declining revenue. Existing network architectures were not designed to meet the
requirements of today’s users, enterprises, and carriers; rather network designers are constrained by the limitations of current
networks, which include:
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 9 of 504
Complexity that leads to stasis: Networking technology to date has consisted largely of discrete sets of protocols designed to
connect hosts reliably over arbitrary distances, link speeds, and topologies. To meet business and technical
needs
over
lastCloud
dCloud:
The
Ciscothe
Demo
few decades, the industry has evolved networking protocols to deliver higher performance and reliability, broader connectivity, and
more stringent security.
Protocols tend to be defined in isolation, however, with each solving a specific problem and without the benefit of any fundamental
abstractions. This has resulted in one of the primary limitations of today’s networks: complexity. For example, to add or move any
device, IT must touch multiple switches, routers, firewalls, Web authentication portals, etc. and update ACLs, VLANs, quality of
services (QoS), and other protocol-based mechanisms using device-level management tools. In addition, network topology, vendor
switch model, and software version all must be taken into account. Due to this complexity, today’s networks are relatively static as
IT seeks to minimize the risk of service disruption. The static nature of networks is in stark contrast to the dynamic nature of
today’s server environment, where server virtualization has greatly increased the number of hosts requiring network connectivity
and fundamentally altered assumptions about the physical location of hosts.
Prior to virtualization, applications resided on a single server and primarily exchanged traffic with select clients. Today, applications
are distributed across multiple virtual machines (VMs), which exchange traffic flows with each other. VMs migrate to optimize and
rebalance server workloads, causing the physical end points of existing flows to change (sometimes rapidly) over time. VM
migration challenges many aspects of traditional networking, from addressing schemes and namespaces to the basic notion of a
segmented, routing-based design.
In addition to adopting virtualization technologies, many enterprises today operate an IP converged network for voice, data, and
video traffic. While existing networks can provide differentiated QoS levels for different applications, the provisioning of those
resources is highly manual. IT must configure each vendor’s equipment separately, and adjust parameters such as network
bandwidth and QoS on a per-session, per-application basis. Because of its static nature, the network cannot dynamically adapt to
changing traffic, application, and user demands.
Inconsistent policies: To implement a network-wide policy, IT may have to configure thousands of devices and mechanisms. For
example, every time a new virtual machine is brought up, it can take hours, in some cases days, for IT to reconfigure ACLs across
the entire network. The complexity of today’s networks makes it very difficult for IT to apply a consistent set of access, security,
QoS, and other policies to increasingly mobile users, which leaves the enterprise vulnerable to security breaches, noncompliance
with regulations, and other negative consequences.
Inability to scale: As demands on the data center rapidly grow, so too must the network grow. However, the network becomes
vastly more complex with the addition of hundreds or thousands of network devices that must be configured and managed. IT has
also relied on link oversubscription to scale the network, based on predictable traffic patterns; however, in today’s virtualized data
centers, traffic patterns are incredibly dynamic and therefore unpredictable. Mega-operators, such as Google, Yahoo!, and
Facebook, face even more daunting scalability challenges. These service providers employ largescale parallel processing
algorithms and associated datasets across their entire computing pool. As the scope of end-user applications increases (for
example, crawling and indexing the entire world wide web to instantly return search results to users), the number of computing
elements explodes and data-set exchanges among compute nodes can reach petabytes. These companies need so-called
hyperscale networks that can provide high-performance, low-cost connectivity among hundreds of thousands—potentially
millions—of physical servers. Such scaling cannot be done with manual configuration.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 10 of 504
To stay competitive, carriers must deliver ever-higher value, better differentiated services to customers. Multi-tenancy further
complicates their task, as the network must serve groups of users with different applications and different performance needs. Key
operations that appear relatively straightforward, such as steering a customer’s traffic flows to provide customized performance
dCloud: The Cisco Demo Cloud
control or on-demand delivery, are very complex to implement with existing networks, especially at carrier scale. They require
specialized devices at the network edge, thus increasing capital and operational expenditure as well as time-to-market to introduce
new services.
Vendor dependence: Carriers and enterprises seek to deploy new capabilities and services in rapid response to changing
business needs or user demands. However, their ability to respond is hindered by vendors’ equipment product cycles, which can
range to three years or more. Lack of standard, open interfaces limits the ability of network operators to tailor the network to their
individual environments. This mismatch between market requirements and network capabilities has brought the industry to a
tipping point. In response, the industry has created the Software-Defined Networking (SDN) architecture and is developing
associated standards.
Cisco’s Perspective on SDN
This concludes this exercise.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 11 of 504
Module 2.
Cisco APIC-EM Design and Deployment
In this module, we will look at the design and deployment options that are available for Cisco’s APIC-EM. The segment will talk
about the various deployment models along with installation options and will give a run-down of the installation
procedure.
We will
dCloud:
The Cisco Demo
Cloud
then wrap up this module with a vivid description and lab on some of the fundamental functionality of APIC-EM.
This module will cover:
•
•
•
•
•
Installing APIC-EM
o
Installation options and System Requirements
o
Deployment models for Cisco APIC-EM
o
Prerequisites for installation Cisco APIC-EM
Performing a Single/Clustered Host Deployment
o
VM creation and configuration
o
Initiating the APIC-EM Installation – Single Host
o
Completing the Single Host installation and options during installation
o
Adding a Host to a cluster and setting up Virtual IPs (check Appendix B)
Exploring the APIC-EM Home Page and Using Network Discovery
o
Viewing the System Health and System Info
o
Using the Network Discovery App
o
Defining Global SNMP and CLI parameters
o
Starting a discovery job and understanding the results
Exploring the Device and Host Inventory
o
Inventory layout options
o
Device overviews
o
Viewing Device configuration and modifying roles
o
Location and Policy Tagging
o
Filtering and Viewing the host inventory
Exploring the Topology App
o
Launching the App
o
Understanding the Topology App layout
o
Disaggregation and Aggregation of Devices
o
Customizing and Saving Topology layouts
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 12 of 504
Installing APIC-EM: Bare-Metal and Hypervisor
You can deploy the Cisco APIC-EM on either a server (bare-metal hardware) or within a virtual machine in a VMware vSphere
The Cisco
Demo
environment. You can also deploy the Cisco APIC-EM as either a single host or in a multi-host environmentdCloud:
(discussed
later
in Cloud
this
module). Additionally, APIC-EM is available as an appliance model which essentially means that you get a pre-installed image of
APIC-EM on a UCS-C220 M4 chassis.
Figure 2.
APIC-EM Options
Thus, APIC-EM is available in 2 form factors – a physical appliance which can be purchased through resellers or directly from
Cisco and a virtual appliance which can be downloaded free of charge from Cisco Software Central or Cisco’s DevNet community
service.
While we plan on getting our hands dirty as soon as possible, it will be prudent to go through the system requirements for APIC-EM
installation and a description of the deployment models.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 13 of 504
System Requirements for Installing APIC-EM – Bare Metal Server and Virtual Machine
The APIC-EM controller has some specific requirements depending on whether it is being installed on a bare metal server or as a
Demo Cloud
VM. The system requirements given below are specific to version 1.3.x of APIC-EM and it is a good idea todCloud:
checkThe
theCisco
release
notes of the version of APIC-EM being deployed since these might change as newer versions are released.
Figure 3.
System Requirements
Things to note: Here are some gotchas with respect to APIC-EM installation that you might run into as a result of system
requirements that are not met:
Low RAM – Installation will not proceed since a RAM check is done during installation
Low Disk I/O Speed: During installation, a prompt will be displayed indicating a low disk I/O speed (if applicable). While this can be
ignored and the installation will proceed, operations might take longer than usual to complete. Not recommended in a production
environment.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 14 of 504
APIC-EM Deployment options
dCloud: The Cisco Demo Cloud
APIC-EM supports a single host, dual host or 3 host cluster model. An APIC-EM cluster with more than three hosts while possible
is NOT supported.
RECOMMENDATION: Cisco recommends that APIC-EM is deployed in a multi-host environment for enhanced scalability and
redundancy. APIC-EM deployments with 2 hosts do not have hardware redundancy (software failures are covered) but
deployments with 3 hosts have single node hardware failure redundancy along with software failure redundancy.
SINGLE HOST DEPLOYMENT
In a single host deployment of APIC-EM, we don’t have hardware or software high availability. When referring to a software failure,
we are essentially talking about services failing on the APIC-EM controller. If a service fails, then it is restarted and respun in an
attempt to bring the service back up.
Things to note:
1. A single host deployment is usually used in a lab environment. It is not recommended for a production deployment
2. Hardware and software resiliency is not available
3. The APIC-EM controller uses GrapeVine (which is the overlaying OS built on the underlying Linux Kernel). There is a single
instance of GrapeVine running
DUAL HOST DEPLOYMENT (MULTIHOST)
In a dual host deployment of APIC-EM, we once again don’t have hardware or software high availability. If a service fails on one
host in the cluster, it is respun on the other host. The hosts function in active-active mode.
Things to note:
1. A dual host deployment can be used in a production deployment but isn’t recommended.
2. Hardware resiliency is not available, but software resiliency is.
3. The GrapeVine OS of the hosts communicate with each other and maintain state. The Cassandra service on the hosts is
responsible for cluster formation.
4. A virtual IP is needed (apart from the IPs assigned to the individual hosts). All communication happens via the virtual IP.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 15 of 504
TRIPLE HOST DEPLOYMENT (MULTIHOST)
dCloud:
Cisco
Demo Cloud
In a triple host deployment of APIC-EM, we have hardware and software high availability. If a service fails on
oneThe
host
in the
cluster, it is respun on another host. Given below is a diagram of the triple host APIC-EM deployment model which functions in an
active-active-active mode.
Figure 4.
Multihost Deployment
Things to note:
1. A triple host deployment can be used in a production deployment and is the recommended deployment type.
2. Hardware resiliency is available for a single node along with software resiliency
3. The GrapeVine OS of the hosts communicate with each other and maintain state. The Cassandra service on the hosts is
responsible for cluster formation.
4. A virtual IP is needed just like in the dual host deployment model. All communication happens via the virtual IP.
Now that we have got the fundamentals in place, it’s time to start off with the installation of APIC-EM. We will begin with a single
host and then add a couple of hosts to our cluster. Keep in mind that the pre-requisites for a single host deployment and multi host
deployments vary slightly over and above the system requirements listed before:
PREREQUISITES FOR APIC-EM DEPLOYMENTS
✓
The APIC-EM controller should have access to an NTP server (Single and Multi-Host)
✓
The APIC-EM controllers should be part of the same subnet (Multi-Host only)
✓
The APIC-EM controllers must be configured with a Virtual IP over and above their individual IPs (Multi-Host only). The
Virtual IP should be on the same subnet as the other hosts.
✓
Certificates should be issued to the virtual IP or the hostname resolvable to the virtual IP (Multi-Host only)
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 16 of 504
APIC-EM Single Host Deployment
As we saw in the last section, a single host APIC-EM controller can be deployed as a Virtual Machine and also as a Bare-Metal
dCloud: The
Demo Cloud
appliance on a UCS-C220M4. In our demo topology, we will deploy the APIC-EM controller as a virtual machine.
TheCisco
following
steps and screen shots will take you through the detailed steps. For more information on how to deploy the APIC-EM appliance
from scratch, please refer to Appendix A.
1.
Using the vSphere client, login to the ESXi vCenter or the ESXi Host you are working with at your end. As mentioned
versions 5.1, 5.5 and 6.0 are supported. The version being used in the demo is ESXi 5.1.
Figure 5.
2.
Login toESXi 1 using vSphere client
We need to deploy a new virtual machine. Therefore, select a new “Virtual Machine” from “File > New > Virtual Machine”.
Figure 6.
Select New Virtual Machine
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 17 of 504
3.
This will be a “Custom” built.
Figure 7.
Select Custom
dCloud: The Cisco Demo Cloud
4.
Assign a name to your virtual machine. The name being given to the VM here is “APIC-EM-1”. Then click on “Next”.
Figure 8.
Give the VM a name
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 18 of 504
5.
Next, you must select a Datastore where the VM files will be created.
Figure 9.
6.
Select Datastore
dCloud: The Cisco Demo Cloud
The next step is to select a Virtual Machine version. You will need to select this based on your version of the ESXi Host.
Figure 10.
Virtual Machine Version
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 19 of 504
7.
Next, the ESXi window will ask you to select a base Operating System. The Cisco APIC-EM will run on Linux, specifically,
Ubuntu Linux (64-bit).
Figure 11.
8.
dCloud: The Cisco Demo Cloud
Select OS
You need to now configure the CPU for this virtual machine. As we know 12 vCPUs are recommended. Therefore, in this
example 6 virtual sockets are selected with 2 cores per socket equaling 12 total cores.
Figure 12.
Select CPU Cores
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 20 of 504
9.
With the CPU configuration in place, the next step is to provide the controller with adequate memory. 32 GB is required but in
the demo, we will configure 64.
Figure 13.
dCloud: The Cisco Demo Cloud
Configure Memory
10. Next, we will configure the Virtual Network Interface for this virtual machine. In the demo, VLAN 10 is assigned to the APICEM cluster as seen in the screenshot below.
Figure 14.
Configure the Virtual Interface
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 21 of 504
11. Choose the SCSI controller type if using SCSI.
Figure 15.
Select SCSI Controller
dCloud: The Cisco Demo Cloud
12. Next, since this is a new virtual machine, we will create a new virtual disk for it as shown:
Figure 16.
Select New Virtual Disk
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 22 of 504
13. We must next define the size of this new virtual disk.
Figure 17.
dCloud: The Cisco Demo Cloud
Configure virtual disk size
14. Finally, review the configuration one last time and click on “Finish”.
Figure 18.
Finish the VM Config
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 23 of 504
15. In the “Recent Task” at the bottom of the vSphere client, you can confirm that the virtual machine was successfully created.
Figure 19.
Confirm VM deployment
dCloud: The Cisco Demo Cloud
16. We can now see the VM under the Host.
Figure 20.
VM seen under the Host
17. Now that the VM is successfully deployed, we must map the APIC-EM’s ISO file to it so that it can boot the controller. Right
click on the VM and select “Edit Settings”.
Figure 21.
Select Edit Settings
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 24 of 504
18. We need to connect the CD/DVD drive of the virtual machine to the APIC-EM ISO file which is placed on the Datastore.
Figure 22.
Connect the CD/DVD Drive
dCloud: The Cisco Demo Cloud
19. Search for the ISO which is uploaded to the datastore and map it to the CD/DVD drive of the virtual machine.
Figure 23.
Search and select the ISO
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 25 of 504
