Hello community,
This is NOT a post to complain about bugs or missing features, but an attempt to document as many NAMING inconsistencies as practical in the Cisco ACI APIC UI (NOT the MSO UI).
But I'd be happy for as many people as possible could contribute,
This post has come about in response to Robert Burns in an earlier thread, so I'll start with the UI inconsistency I mentioned in that thread, but first, some...
Ground Rules
- Actual object name:
I'm defining the object name as the name that is used when a user creates an object - even though I realise that objects can often be created in different ways and be given different names depending where the object is created.- In some cases it might be worth referring to the actual class name of the object as well
- Screen Dumps:
Please add screen dumps where possible - preferably pasted into the text (please DON'T use that stupid Drag and Drop thing - just click the Camera icon above and click in the grey area, then it Ctrl+v (or Cmd+v) to paste.
Leaf Interface Profile (infraAccPortP)
Created in Fabric>Access Policies>Interfaces>Leaf Interfaces>Profiles>+Create Leaf Interface Profile
This object is WRONGLY referred to as an Interface Selector Profile in the following places:
- When viewing a Leaf Profiles: Fabric>Access Policies>Switches>Leaf Switches>Profiles>LeafProfileName
- When creating a Leaf Profile: Fabric>Access Policies>Switches>Leaf Switches>Profiles>+Create Leaf Profile
Note: More on Access Module Profiles later...
Spine Interface Profile (infraSpAccPortP)
Created in Fabric>Access Policies>Interfaces>Spine Interfaces>Profiles>+Create Spine Interface Profile
This object is WRONGLY referred to as an Interface Selector Profile in the following places:
- When viewing a Spine Profiles: Fabric>Access Policies>Switches>Spine Switches>Profiles>SpineProfileName
- When creating a Spine Profile: Fabric>Access Policies>Switches>Spine Switches>Profiles>+Create Spine Profile
Inconsistency between Spine Profiles and Leaf Profiles
I actually find the fact that I can select an Access Module Profile when creating a LEAF Profile but NOT when creating a SPINE profile quite amusing - given that Modular Switches CAN'T BE USED as Leaf switches, only SPINE switches. Perhaps Cisco got these dialogues the wrong way around?
In fact, the whole menu structure that only gives me a choice of Leaf Modules (when AFAIK NO such SKU exists - try dong a google search for buy cisco aci "Leaf Module" and see how many are for sale!!!!!)
Rinse and Repeat
The points noted above are repeated in the equivalent Fabric Policies ...
Fabric>Fabric Policies>Switches>Leaf Switches>Profiles>LeafSwitchProfileName
Fabric>Fabric Policies>Switches>Leaf Switches>Profiles>+Create Leaf Switch Profile
Fabric>Fabric Policies>Switches>Spine Switches>Profiles>SpineSwitchProfileName
Fabric>Fabric Policies>Switches>Spine Switches>Profiles>+Create Spine Switch Profile
...but with a completely new set of inconsistencies! Now we see Switch Associations replacing Leaf Selectors (why?) and Interface Associations replacing Interface Selector Profiles (possibly less confusing, but not accurate) and similarly Module Associations replacing Module Selector Profiles
That's enough to begin with. Already I've spent too much time on this. Cisco has had 5 years to get this right, and I only have so much time I'm prepared to give for free. I'll probably add more later, but over to the community for now
KEEP READING - THERE ARE MANY MORE BELOW THIS
Not so much an inconsistency as an annoyance.
When you right-click on an object in the APIC GUI and choose Save As... the default options for saving are:
Scope: Self
Export Format: xml
Now, for most purposes, these defaults are USELESS - all you get it the base object with timestamps - and there's no way you can post the default format back.
The Default options SHOULD be:
Scope: Subtree
Export Format: xml or json (I prefer JSON, and anyone who is going to write python code would also probably prefer JSON)
If these become the defaults, then it will be MUCH easier to download configs and post them back - except for one more little annoyance that comes when you right-click on an object in the APIC GUI and choose Post
The Annoying part about this is that the default Parent DN is based on where the right-click was pressed - which almost NEVER where you want it to be pasted.
Is ARP flooding a L2 or L3 property?
Yet another call for consistency.
When I create a Bridge Domain (using the right-click method), the ARP Flooding option appears as part of my L3 configuration during the creation process.
Similarly, if I use the "Drag-and-drop" method to create a bridge domain, ARP Flooding is part of the L3 configuration (albeit with a DIFFERENT default value as mentioned previously)
But once configured, irrespective of the method used, ARP Flooding disappears from the L3 Configuration. IT'S GONE!
Oh hold on - it's back here under "General"
For goodness sake Cisco, give us consistency. I don't CARE if it is L2/General or L3 - I JUST WANT CONSISTENCY
This is somewhat cosmetic, but I'll add it to the list as "low priority"
It never looks good when a global business company starts using coloquial language in applications. This dialogue that appeared when I upgraded a lab fabric with one spine takes the cake!
I guess I can handle the "Watch out!" heading. But "Continue Anyways" - come on - was this page designed by a high-school work-experience student?
Not so much as an inconsistency, but a deviation from every other known normal system.
I'm talking about the default area type when creating a L3Out
SURELY the default area type SHOULD be Regular Area, NOT NSSA.
My gut feeling this is simply a hang-over from about 5 years ago when the ONLY type of OSPF are supported was NSSA. It's just that no-body has though "Oh, let's make this easier for users and change the default to something much more likely".
I'm suggesting that it's time someone had that thought!
Another inconsistency with every other thing that has been taught in routing until now is the use of the words Subnet when configuring L3Outs and even more out of line is the fact that you are asked to assign an IP address to this "Subnet" . (Objects of class l3extSubnet) Tenants>TenantName>Switches>Networking>L3Outs>L3OutName>External EPGs>ExternalEPGName>Subnets
Any networking engineer cringes whenever they see this rookie mis-use of the word "Subnet" and even more so at having to enter it under the heading "IP Address"
These objects are prefixes. I've spent 20 years teaching engineers the difference between a subnet, a route, and a prefix, and then I see this -HOW ON EARTH CAN I SERIOUSLY THINK CISCO UNDERSTANDS NETWORKING WHEN THIS SCREEN APPEARS?
And one more place here. Seeing 0.0.0.0/0 listed as a SUBNET is just so wrong it makes my skin crawl
I haven't added any for a while - so not sure if this tread is still alive. (For that matter, I have no idea if anyone who cares has even looked at it). But here's another suggestion.
Avoid confusion about Contract Subject by removing [x] Reverse Filter Ports option.
When I create a Subject for a Contract, I have two options regarding the way the filters are applied:
[x] Apply Both Directions
[x] Reverse Filter Ports
Now, these options are very confusing for most users, and to be fair, some of the confusion is removed by the fact the the UI will not let anyone select the [x] Reverse Filter Ports option if the [x] Apply Both Directions is not also set.
But I have no idea why it is possible to do this:
[x] Apply Both Directions
[ ] Reverse Filter Ports
Now please, someone tell me where this is useful? I mean USEFUL - not a weird corner-case scenario where you want to allow say two EPGs with AD servers to initiate connections in either direction (in which case you should tick both options, and then have the contract both provided AND consumed by both EPGs)
No takers?
No actual useful use for this combination?
Then my suggestion is that this scenario not be allowed via the GUI (like much of the other options that are controlled by the GUI, it would still be possible using the API).
And the way to remove the confusion, is to remove the Reverse Filter Ports option.
Here's how I see it working
By default, (as now) the [x] Apply Both Directions option is set, but with a note under stating:
Filter ports are reversed for return traffic from Provider to Consumer
If the option is unchecked, the message changes to:
Filters need to be defined in each direction separately
Confusion (at least some of it) removed!
Another inconsistency is in the area of External EPGs (L3EPGs)
When I right-click on a regular Application EPG, I get a long list of actions, similar to the what appears under the Actions menu icon in the Policy pane.
But when I right-click on an External EPG, I get very few options - in particular I don't see the option to add a COnsumed or Provided Contract, which is most annoying
In fact, the whole structure of the External EPG is totally different to Application EPGs
Consistency would be GREATLY appreciated
1. When installing an app, it gives you alternative to use "Download" feature, but this is not present in Admin tab; it's actually in Apps tab:
2. Sorry for my laziness, I know this is not the best place to write this, but I will write it anyway: could it be possible to add the possibility to clear an EP from GUI? It would be very helpful to have this feature since from time to time, during a tshoot, you need to clear an EP.
Sergiu
