cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1953
Views
0
Helpful
6
Replies

Methods to compare configuration between two APIC controllers

zulfikhar_a
Level 1
Level 1

Hi,

 

Has anybody tried comparing the configuration between two different APIC controllers.

Example. I just need to compare the policy config (say AEP policy) between two controllers & say if that is following the standards ?

Is there a suggestion/ideas on how this can be performed ?

 

Thanks

Zulfi

6 Replies 6

no idea about that. you can loging to both APICs and compare manually. i
think thats the only way you can do that. please correct me if i am wrong.

joezersk
Cisco Employee
Cisco Employee

Hi Zulfi.  Please allow me to share a little trick that is going to make this easy for you.  I am not sure it is widely known, but APIC actually has a nice graphical diff function you can use for this. 

A little bit of easy setup first.  You will need to configure a common Remote Location for the APICs in both fabrics. You do that in the UI under "Admin > Import/Export > Remote Locations"  Choose FTP, SCP, of SFTP (and of course you need a server running these protocols to receive the file).Screenshot 2019-12-05 at 14.01.07.png

 

Next, you will need to take a snapshot of whatever you have configured on APIC in fabric 1.  You can do this in the UI, under "Admin > Config Rollbacks".  Make sure the pulldown says "Fabric" and not "Tenant".  Just save this snapshot locally on the APIC.  On the OTHER APIC in the 2nd fabric, take a snapshot but instead save it to your Remote Location.Screenshot 2019-12-05 at 14.04.36.png

 

Next, back on the APIC in the first fabric, select to import a configuration from the remote location and paste in the file name of the configuration you saved from the 2nd Fabric (looks something like:  ce2_defaultOneTime-2019-12-05T13-44-44_1.tar.gz). 

 

Screenshot 2019-12-05 at 14.08.52.png

 

Upon successful import in APIC from Fabric 1, you will now see your local snapshot and the snapshot imported from the other fabric. 

Now, all you have to do is select the entry for the imported config, and then in the pane to the right, select your earlier local snapshot and compare.

 

Screenshot 2019-12-05 at 14.11.33.png

 

  The output is very nicely done because you will only see what differs.  Green means something was added to the later config and red means something was deleted. 

 

 

Screenshot 2019-12-05 at 14.15.11.png

Hope this helps!

Thanks @joezersk

This is exactly I am doing with python starting from adding a Remote Location on APIC-1 --> Get all snapshot from APIC-2 --> Filter the latest snapshot --> Import the snapshot to APIC-1 --> Run the diff between both the snapshots…I created each functions for this… Let me wait a couple of days to see if anybody else had this use case…else will continue what I have been doing….

Claudia de Luna
Spotlight
Spotlight

Hi @zulfikhar_a ,

 

You can go to your AEP object in each of your controllers and download it. Example below. I like to download to JSON.  You can then compare the two objects.  You can download either the All Properties or Configuration only (options when you select Save As..).  Sample of Only Configuration output is below.

Once you have the output from both controllers you can do a text "diff" with your favorite comparison program.

If you do this all the time you can grab the config via REST and compare.

! Only Configuration | Subtree | JSON
{
  "totalCount": "1",
  "imdata": [
    {
      "infraAttEntityP": {
        "attributes": {
          "annotation": "",
          "descr": "",
          "dn": "uni/infra/attentp-SnV_corporate_external",
          "name": "SnV_corporate_external",
          "nameAlias": "",
          "ownerKey": "",
          "ownerTag": ""
        },
        "children": [
          {
            "infraRsDomP": {
              "attributes": {
                "annotation": "",
                "tDn": "uni/phys-SnV_phys"
              }
            }
          },
          {
            "infraRsDomP": {
              "attributes": {
                "annotation": "",
                "tDn": "uni/l3dom-SnV_external_corporate"
              }
            }
          }
        ]
      }
    }
  ]
}



Save-as-2019-12-05_05-03-13.png

 

 

save-as-2019-12-05_05-03-42.png

Thanks @Claudia de Luna

What I did using python was I will check for specific ‘key’: ‘value’ on a GET response for each profile & validate.

What I was looking for is that:

? Does cisco has a standard doc for which we can compare the configs.


FYI…as we created multiple ACI POD which had grown considerably we just need a mechanism to identify if all that we have is based on a standard format….This will help us when we scale up.

Hi @zulfikhar_a,

 

I completely misunderstood.  You are looking for something like a Cisco Validated Design for ACI to compare your builds against, if I understand correctly now. 

 

I've not seen anything like that.

The Cisco Application Centric Infrastructure Design Guide White Paper is good and has a Best Practices summary section at the end which you have probably already seen.

 

Apart from that you can check out the Data Center Design guides to see if one is aligned with your design but a "validated design" that can be consumed by automation...I've yet to see such a thing but I'm hopeful. I wrote this earlier this year lamenting the lack of structure in our design data!

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License