Solved: APIC Initial setup

ksherwood · ‎04-24-2016

Hello all,

can someone please answer some simple questions for me so that I can get an understanding from the beginning.

So I have an APIC out of the box and I want to do the initial configuration:

Qu. 1 How do I initially connect to it, HTTP via default IP address ?

If I want to use out of band management with an existing spare public address subnet for the APICs and Spines and Leaves:

Qu. 2 Would the TEP address pool be that subnet and would a class 'C' sufficient for a few spines, leaves and APICs?

Thanks in advance.

Tomas de Leon · ‎04-24-2016

The APIC OOB or In-Band management addresses are different then the TEP Address Pool (infra-band)

You can configure and address from your brownfield network of 130.10.0.0. Simply give the OOB address of the APIC an address from an available subnet which you want to be your OOB management network. Repeat the process for your Leaf & Spines. So, you take address from your existing network pool and use a network for your address management network.

The TEP address is "Unique" and is not accessible from your public network. Only the ACI devices talk to each for fabric communication on this network. That is why 10.0.0.0/16 can be used for your TEP address pool in a green or brownfield network.

View solution in original post

Tomas de Leon · ‎04-24-2016

The initial setup of the APIC will be performed either console connection attached to hardware itself or via CIMC KVM. Setting up the CIMC is a best practice and will assist later if troubleshooting is necessary.

Once you setup CIMC and provide an IP, you can access the CIMC & initiate the KVM to perform the initial setup. The IP address for the CIMC and the OOB management network can use addresses from the same subnet. These addresses will be used for OOB management for Leaf, Spines, and APIC(s).

The TEP address pool is a unique set of addresses. The default address range used for TEP addresses is 10.0.0.0/16. The IP address range chosen should be unique within the environment and should accommodate the number of addresses required.

If you change the address pool a /23 is the smallest size for allocation but will limit you to future growth of adding ACI managed devices. If a change is necessary to this address schema, you will need to run the setup script again which is not desired after you have an existing configuration. For that reason the default range of 10.0.0.0/16 is good to use.

From the Documentation:

10.0.0.0/16

This value is for the infrastructure virtual routing and forwarding (VRF) only.

This subnet should not overlap with any other routed subnets in your network. If this subnet does overlap with another subnet, change this subnet to a different /16 subnet. The minimum supported subnet for a 3 APIC cluster is a /23.

ksherwood · ‎04-24-2016

Tomas, I'm sorry for sounding rude but you haven't really answered my questions but merely copied and pasted information I have already read online.

I am a network engineer so I need to approach this like installing a new switch or router.

So, if I connect to the APIC via console cable and run through the setup dialog, then I can give the APIC a 130.10.1.2 255.255.255.0 address ? If my brownfield network is 130.10.0.0, what TEP address pool would suffice (and what is this actually used for if eventually I will be migrating the brownfields networks over to the ACI) ?

Tomas de Leon · ‎04-24-2016

The APIC OOB or In-Band management addresses are different then the TEP Address Pool (infra-band)

You can configure and address from your brownfield network of 130.10.0.0. Simply give the OOB address of the APIC an address from an available subnet which you want to be your OOB management network. Repeat the process for your Leaf & Spines. So, you take address from your existing network pool and use a network for your address management network.

The TEP address is "Unique" and is not accessible from your public network. Only the ACI devices talk to each for fabric communication on this network. That is why 10.0.0.0/16 can be used for your TEP address pool in a green or brownfield network.

Tomas de Leon · ‎04-24-2016

Once the TEP Address pool is assigned (i.e.. 10.0.0.0/16) . The APIC will assign the Leaf, Spine, and any other managed "Fabric" device and address via DHCP from the TEP pool. Once you add a Leaf or Spine and they are learned thru Fabric discovery, you will see the TEP address assigned to each leaf & spine. I used set addresses for the example but they are randomly assigned when they join the fabric.

The OOB addresses are assigned statically or randomly thru an address pool that you configure in the Tenat Management Node address configuration.

ksherwood · ‎04-26-2016

Hi Tomas, could you email me the original diagram you constructed of the APICs.

Hopefully in visio ?

Thanks. Kevin.

Tomas de Leon · ‎04-26-2016

Not visio but keep checking here for official ACI icons\visio

Network Topology Icons - Doing Business With Cisco
http://www.cisco.com/c/en/us/about/brand-center/network-topology-icons.html
http://www.cisco.com/c/en/us/products/visio-stencil-listing.html

I have included my unofficial icons and Stencil for OmniGraffle

Tomas de Leon · ‎04-24-2016

Here is other resources that explains the fabric bring:

Cisco Application Centric Infrastructure Fundamentals
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/b_ACI-Fundamentals.pdf

Cisco ACI - Setting Up Your First APIC
http://www.virtualizationadmin.com/articles-tutorials/general-virtualization-articles/cisco-aci-setting-your-first-apic.html

Learning ACI – Part 2: Bringing Up A Fabric
https://adamraffe.com/2014/12/03/learning-aci-part-2-bringing-up-a-fabric/

ksherwood · ‎04-26-2016

Excellent, thanks Tomas.

You would wonder why they even give you the TEP addressing option if it was only to build up the fabric ! I guess you may already be using this private network.

tigephillips · ‎11-07-2017

A bit of clarification. Those TEP addresses and the network they are on stay in the pod forever. They are not just there for setup. Those TEP addresses are the /32 addresses on the VXLAN switches (leafs) and are used to forward frames/packets between the Leafs. It's essentially the management network inside the fabric.

It is also possible to extend that network outside of the fabric (which is why it should not overlap any existing addresses in your network). This is most common with either newer techniques for routing from the spine (GOLF) or extending into the Cisco AVS switch on an ESX server.