Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3700
Views
4
Helpful
7
Replies

How to create routing policy?

Go to solution
dgombovic
Level 1
Level 1

‎05-03-2016 01:59 AM - edited ‎03-01-2019 04:28 AM

Hello,

I would like to create routing policy that will route all IP phone traffic to one specific router. Every try in which I use categories or pathPreference results with error code "BadRequest" so I have few questions:

-is there any API documentation other than API Reference Guide in which all of the parameters are explained?

-can I use only category voice-and-video as filter for traffic? Here is my python code that won't work:

from apicem_config import * # APIC-EM IP is assigned in apicem_config.py

# Get ticket - function is in apicem_config.py

ticket = get_X_auth_token()

headers = {"content-type" : "application/json","X-Auth-Token": ticket}

########## Creating policy #############

### JSON object for POST /policy

policy_json = [{

    "policyName": "routing_ip_tel",

    "policyOwner": "admin",

    "policyPriority": 4095,

    "resource": {

        "categories": [

        {

          "id": "cb85d59b-673d-480b-918f-3dad8a0d658f",

          "name": "voice-and-video"

        }

      ]

    },

    "actions": [

        "SET_PROPERTY"

    ],

    "policyScope": "exit_routers", # I made this tag and associatied devices

    "actionProperty": {

        "relevanceLevel": "Business-Relevant",

        "pathPreference": "10.145.220.210" # Should this even be IP adress?

    }

}]

# POST policy url

post_url = "https://"+apicem_ip+"/api/"+version+"/policy"     # API base url

resp = requests.post(post_url, json.dumps(policy_json), headers=headers,verify=False)

status = resp.status_code

print("status: ",status)

print("Response:",json.dumps(resp.json(),indent=4))


Response:


{
  "response": {
  "progress": "Policy Creation Failed",
  "startTime": 1462271384535,
  "endTime": 1462271384545,
  "version": 1462271384535,
  "errorCode": "BadRequest",
  "failureReason": "Invalid Policy",
  "serviceType": "Policy Service",
  "isError": true,
  "operationIdList": [
   "97a2a02d-e2e0-4746-87ac-618811163d05"
  ],
  "rootId": "db920e43-cae9-4d9d-8119-9122b573b65e",
  "id": "db920e43-cae9-4d9d-8119-9122b573b65e"
  },
  "version": "1.0"
}


Even if I remove pathPreference parameter, filtering with category won't work (same code with applications instead of categories works). Despite that fact maybe I am also using pathPreference on the wrong way (as there are also primary, secondary and tertiary path preferences in definition).

Version of APIC-EM is 1.1.2.15.

All suggestions are welcomed and thank you in advance!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to dgombovic

‎05-03-2016 01:54 PM

Hi Dominik,

you are combining two aspects of the policy API here.   Today, policy can be used in two ways:

1) Easy QoS application

2) IWAN app.

The IWAN App supports pathPreference, but you need to have done an IWAN deployment in order to do this.  There is a blog post that talks about how this can be done Digitizing Retail with Cisco DevNet.  I have also done a little video that walks through changing the application category relevance IWAN TOD policy - YouTube.  I could have changed the pathPreference too.  For example: if I do a PUT of /api/v1/policy  with the following payload, you can see how I set the primary and secondary path.  NOTE:  This is only for wan traffic.

[{

    "instanceUuid": "9080bc13-6ca8-46ba-a1bb-debbd296d15f",

    "policyName": "email",

    "state": "Active",

    "taskId": "2b8ee36d-40cb-4565-9fb8-f95496fa854c",

    "id": "9080bc13-6ca8-46ba-a1bb-debbd296d15f",

    "resource": {

      "categories": [

        {

          "id": "d0ddd0e0-3268-4a94-99d1-3d0509deccf0",

          "name": "email"

        }

      ]

    },

    "actions": [ "SET_PROPERTY" ],

    "policyScope": "IWAN",

    "actionProperty": {

      "relevanceLevel": "Default",

      "pathControlFlag": true,

      "pathPreferenceFlag": true,

      "PrimaryPathPref": ["interne"],

      "SecondaryPathPref": [ "mpls"]

    }

  }]

let me know if you have more questions. 

View solution in original post

7 Replies 7

Go to solution
Geevarghese Cheria
Cisco Employee
Cisco Employee

‎05-03-2016 05:44 AM

Hi Dominik,

   Are you using apicem_config.py from the learning lab. Can you share the python script . You need to pass the token as the header. What I understand is you were not able to generate the token.

Regarding documentation did you had chance to see the API reference in  this url - https://developer.cisco.com/site/apic-em/

Thanks and Regards,

Geevarghese

0 Helpful

Go to solution
dgombovic
Level 1
Level 1
In response to Geevarghese Cheria

‎05-03-2016 07:18 AM

Hi,

thank You for fast reply. Sorry for maybe providing misleading information - that response I posted is response from GET /task/{taskId} query for taskId that I get from python script. I have no problems with code and token, but I have problems with API parameters "categories" and "pathPreference" in REST query. For better visualisation:

This one POST /policy query works:

[{

    "policyName": "routing_ip_tel",

    "policyOwner": "admin",

    "resource": {

        "applications": [

        {

          "id": "cbea9ea2-91b5-41ac-9ade-adcab6cd72c1",

          "name": "skype"

        }

      ]

    },

    "actions": [

        "SET_PROPERTY"

    ],

    "policyScope": "exit_routers",

    "actionProperty": {

        "relevanceLevel": "Business-Relevant"

    }

}]


This one doesn't because of pathPreference parameter


[{

    "policyName": "routing_ip_tel",

    "policyOwner": "admin",

    "resource": {

        "applications": [

        {

          "id": "cbea9ea2-91b5-41ac-9ade-adcab6cd72c1",

          "name": "skype"

        }

      ]

    },

    "actions": [

        "SET_PROPERTY"

    ],

    "policyScope": "exit_routers",

    "actionProperty": {

        "relevanceLevel": "Business-Relevant",

        "pathPreference": "10.145.220.210."

    }


and this one doesn't either because of categories parameters


[{

    "policyName": "routing_ip_tel",

    "policyOwner": "admin",

    "resource": {

        "categories": [

        {

          "id": "cb85d59b-673d-480b-918f-3dad8a0d658f",

          "name": "voice-and-video"

        }

      ]

    },

    "actions": [

        "SET_PROPERTY"

    ],

    "policyScope": "exit_routers",

    "actionProperty": {

        "relevanceLevel": "Business-Relevant"

    }

}]

}]



I would like to route all IP phone traffic to one border router and skype traffic to another, but something is wrong with the use of "categories" and "pathPreference" parameters. So what am I doing wrong?

Thanks in advance!

0 Helpful

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to dgombovic

‎05-03-2016 01:54 PM

Hi Dominik,

you are combining two aspects of the policy API here.   Today, policy can be used in two ways:

1) Easy QoS application

2) IWAN app.

The IWAN App supports pathPreference, but you need to have done an IWAN deployment in order to do this.  There is a blog post that talks about how this can be done Digitizing Retail with Cisco DevNet.  I have also done a little video that walks through changing the application category relevance IWAN TOD policy - YouTube.  I could have changed the pathPreference too.  For example: if I do a PUT of /api/v1/policy  with the following payload, you can see how I set the primary and secondary path.  NOTE:  This is only for wan traffic.

[{

    "instanceUuid": "9080bc13-6ca8-46ba-a1bb-debbd296d15f",

    "policyName": "email",

    "state": "Active",

    "taskId": "2b8ee36d-40cb-4565-9fb8-f95496fa854c",

    "id": "9080bc13-6ca8-46ba-a1bb-debbd296d15f",

    "resource": {

      "categories": [

        {

          "id": "d0ddd0e0-3268-4a94-99d1-3d0509deccf0",

          "name": "email"

        }

      ]

    },

    "actions": [ "SET_PROPERTY" ],

    "policyScope": "IWAN",

    "actionProperty": {

      "relevanceLevel": "Default",

      "pathControlFlag": true,

      "pathPreferenceFlag": true,

      "PrimaryPathPref": ["interne"],

      "SecondaryPathPref": [ "mpls"]

    }

  }]

let me know if you have more questions. 

Go to solution
dgombovic
Level 1
Level 1
In response to aradford

‎05-05-2016 12:44 AM

Hi,

thank You for that information. Currently in network I have Cisco routers 4331 and 4431, so does that mean that with those routers it isn't possible to make routing policies because they don't support IWAN App?

0 Helpful

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to dgombovic

‎05-05-2016 10:12 PM

Hi Dominik,

4331, 4431 are supported with IWAN app.  IWAN is a deployment model for a WAN.  It is Cisco's SD-WAN solution. 

You need to have one or more links to the remote locations.  If you have more than one WAN service, then you can use policy to specify which apps will prefer which path.  The solution is intelligent in that the routers are always monitoring the performance of the WAN links and will automatically re-route applications (based on performance) if required.

Normally you would have at least three routers.  1 for each WAN services (total of 2 minimum) and a router at the remote site that connects to the two WAN services.

Go to solution
dgombovic
Level 1
Level 1
In response to aradford

‎05-06-2016 04:05 AM

I expressed myself in the wrong way so this would be rephrased question;

-can I create routing policies in network that has only 4431/4331 routers and 2960-x switches controlled by APIC-EM controller, or do I need something else (like Cisco ASR 1000 that is needed for IWAN app) to create routing policies?

Thank You for your time!

0 Helpful

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to dgombovic

‎05-06-2016 07:28 PM

For a test network you could use CSR + ISR 4k.  Switches are not supported as part of IWAN as it is a WAN routing solution, no a campus/switching solution.    Take a look at the IWAN deployment guide for all the details.  Software Configuration Guide for Cisco IWAN on APIC-EM - Cisco

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community

Customers Also Viewed These Support Documents