Here are some commonly asked questions and answers to help with your adoption of Cisco ACI automated solutions. Subscribe(how-to) to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
There’s three way of configuring ACI, via GUI/NXOS/Python, found that some of the show output mismatch while configure through CLI and GUI. Can we only use one method to configure ACI?
A. Suggest using GUI or Python to configure the device since some configurations done through the NX-OS style CLI are rendered in the APIC GUI. They can be seen but sometimes may not be editable in the GUI. Also changes made in the APIC GUI may be seen in the NX-OS style CLI but may not partially work. While mixing NX-OS style CLI and APIC GUI together may have some impact while doing per-interface configuration. Information detailed please refer this link below for the Mixing the NX-OS style CLI and APIC GUI part.
Can you introduce the Rest interface structure of ACI and normally used actions?
A. The call to the REST interface has the following structure:
Rest (Representational state transfer) uses a set of Verbs to represent the actions that a request to the service is intended to accomplish. These verbs are GET, PUT, POST, DELETE and more.
If we want to create a series of VLAN_EPG / adding multiple EPG to trunk. We can utilize the API Inspector to search all "POST" message required?
A. Yes, if you do not know how to write the payload, you can first create a VLAN_EPG , then copy the payload from API Inspector to postman. In API Inspector, need to search all “post” information and find the specific one for creating VLAN_EPG.
If you got multiple tasks need to do at the same time, please use Postman Runner to run multiple tasks.
What are the most commonly used links related to using Ansible with ACI?
A. Below links will help you understand how to install Ansible, use play command, build the playbook if you’re using Ansible for the first time:
Any difference when using automation on Multi-site architecture?
A. Like getting payload by using API inspector working with ACI, we’ve also got Swagger (Open API) to get the payload and working with MSO. Refer to more information related to Multi-site automation by using Ansible here.
What are the available Cisco ACI utilities to effectively use the ACI REST APIs?
A. API Inspector: The API Inspector is included in the APIC GUI. It provides a real-time display of REST API commands that the APIC processes to perform GUI interactions. The APIC user login drop-down menu includes the API Inspector option which opens the window shown in the figure below.
The API Inspector dynamically displays REST commands issued by the APIC. All operations that are performed in the GUI invoke REST calls to fetch and commit the information being accessed.
Visore Managed Object Viewer
Visore is a read-only management information tree (MIT) browser as shown in the figure below. It enables distinguished name (DN) and class queries with optional filters.
The Visore managed object viewer is provided with the APIC. It is at this location: http(s)://host[:port]/visore.html
Management Information Model Reference
The Management Information Model (MIM) contains all of the managed objects in the system and their properties.
The ACI object model is represented in the Management Information Tree (MIT) that is an object oriented data base. Every branch represents a functional area, and every node is a managed object - has a CLASS and a globally unique Distinguished Name formed by a parent name and the relative name.
Can I have more details about ACI Network programming interface architecture?
A. The REST API has both northbound and the southbound programmatic interfaces. The northbound REST API accepts configuration and access to management functions of the APIC. This interface provides access for automation tools, provisioning scripts and third party monitoring and management tools.
Southbound interfaces on the APIC allow for the declarative model of intent to be extended beyond the fabric, into subordinate devices. This is a key aspect to the openness of the ACI fabric, in that policy can be programmed once via the APIC and then pushed out to hypervisors, L4-7 devices and more, without the need to individually configure those devices. This southbound extension is realized through L4-7 Device Packages and the OpFlex protocol.
The L4-7 device package interface allows for ACI to apply policy to existing L4-7 devices that do not have an implicit knowledge of ACI policy. These devices can be from any vendor, so long as the device has some form of interface which is accessible via IP.
OpFlex is designed to allow the exchange of data for managed objects that are part of an informational model.
Which are most commonly used ACI libraries?
A. ACI provides a variety of access methods to read and manipulate this data.
All 3 libraries are simply wrappers to access the Rest API. Largely a tradeoff between personal preference, need for completeness, comfort with the ACI object model, and requirement for formal support beyond an active community.
ACI Toolkit attempts to make life easier for the developer. Python libraries that allows you to quickly get the most common ACI workflows up and running. While the ACI Toolkit provides some useful tools for an operator to immediately use, the real value is in the ability to take these examples as a starting point, and modify or extend these samples to suit your particular needs.
Cobra provides complete access to the object model but may be more difficult for beginning developers. The ACI engineering team uses Cobra. Much of the CLI on the ACI switches was developed with Cobra.
PyACI provides alternative Python bindings for ACI REST API with the option to use XML or JSON payload. Facilitates authoring concise scripts Provides better logging.
Can we use REST API for monitoring Cisco ACI?
A. Application Policy Infrastructure Controller (APIC) saves network administrators time and frustration as it makes it easy to gather statistics and perform analyses using REST API. Because statistics are gathered automatically and policies are used and can be re-used in other places, human effort and error are minimized. Please use the guide to list down important ACI parameters which can be monitored.
If we use Postman to get some Object - EPG etc then it contains some parameters that shows error 403 while pushing back. What exactly are those parameters？
A. 403 basically represents a component which is part of the ACI fabric object but can not be configured from ACI external. So based on the error it seems like lcown is an ACI internal object and hence you might want to remove it before POSTing. 403 error comes when the object is valid but can not be implemented by ACI Rest API calls.
Want to learn more and get real-time support? Register for the upcoming Ask the Experts (ATXs) sessions.
Simply click on the preferred session time to reserveyour spot today! Through live Q&A and solution demos, Ask the Experts (ATXs) real-time sessions help you tackle deployment hurdles and learn advanced tips to maximize your use of Cisco technology.
Level (Lifecycle Pit Stop)
Use Case Overview and Planning: Automation and Programmability for Cisco ACI
Can you run the ACI with both modes where one component (Tenant) is setup to operate as network centric and then also setup another component (tenant) as full ACI? Thx in advance for any assistance provided.
We have dozens of 7700s in our data centers and I have configured my 7700's NTP exactly like the many which appear to be working properly BUT whenever I type 'show clock' on this 7700 I see the following: Warning: No NTP peer/server configured. Time ...
Hopefully this is simple solution question - Looking to move a bunch of L3Outs that exist in a Tenant we are decommissioning. All the L3Outs are pretty straightforward SVI or routed interfaces, single contract to Provide the external resources. ...
Hello team, a couple of weeks ago, we implemented this as a fix for DCNM Log4j issue:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291 Some days after the fix application, we received an scan with new files affected by this Log4J vulnerability...