Connecting and discovering a Cisco Application Centric Infrastructure (ACI) single-pod site is a pivotal step in establishing a robust and dynamic data center network environment. Cisco ACI, renowned for its intent-based networking approach, offers unprecedented control, automation, and visibility in data center networking. In a single-pod site, which refers to a standalone ACI deployment encompassing all necessary components within a single fabric infrastructure, the process involves intricate yet systematic procedures.
What You’ll Learn
- How to connect an ACI fabric following leaf-spine architecture
- How to convert dual-role switches from leaf to spine
- How to verify that the network is fully fit
What You’ll Need
- Four Nexus 9000 Series Switches; for this environment, we made use of the Nexus 9332D-GX2B
- Three Cisco Application Policy Infrastructure Controllers (APICs)
- Out-of-band (OOB) management network
- A laptop from which to configure the fabric
If you want to upgrade your APIC software, you can use the following guide:
If you need to convert from NX-OS to ACI, please use the following guide:
If manually upgrading switches that are already running ACI code, follow the supported upgrade path from this link:
If no management IP has been set up, and you cannot register the switch to the fabric to set up a management address, you can transfer your ACI image using loader> prompt:
If upgrading switches that are running ACI code, use the following procedure:
- Assuming that the management IP has been set on the switch, we can quickly scp the file into the
/bootflashdirectory. You can use any tool or terminal to scp the file into the directory. - We can then use the following command to set up the boot variables on the switch:
Leaf102# cd bootflash/
Leaf102# setup-bootvars.sh < ACI Switch Software File >
Leaf102# reload
- After reload, check that your switch is running the new software version:
Leaf102# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Software
BIOS: version 01.10
kickstart: version 16.0(2j) [build 16.0(2j)]
system: version 16.0(2j) [build 16.0(2j)]
PE: version 6.0(2j)
SR: Running: version 1.0(0) [image]
Image: version 1.0(0) [08/02/2023 01:56:54]
Flash primary: version n/a [n/a]
Flash recovery: version n/a [n/a]
BIOS compile time: 05/13/2022
kickstart image file is: /bootflash/aci-n9000-dk9.16.0.2j-cs_64.bin
kickstart compile time: 08/02/2023 02:42:32 [08/02/2023 02:42:32]
system image file is: /bootflash/auto-s
system compile time: 08/02/2023 02:42:32 [08/02/2023 02:42:32]
Hardware
cisco N9K-C9332D-GX2B ("supervisor")
Intel(R) Xeon(R) CPU D-1633N @ 2.50GHz with 32675840 kB of memory.
Processor Board ID FDO2702136L
Device name: Leaf102
bootflash: 125029376 kB
Kernel uptime is 04 day(s), 00 hour(s), 43 minute(s), 38 second(s)
Last reset at 54000 usecs after Thu Aug 10 17:08:10 2023 UTC
Reason: reset-requested-by-cli-command-reload
System version: 16.0(2j)
Service: PolicyElem Ch reload
plugin
Core Plugin, Ethernet Plugin
Leaf102#
Now that we have the switches and APICs running the same version, we can connect the devices together.
- The controllers connect to the leaves, and following Cisco best practices, we connect the APIC to both leaf switches. This gives you redundancy should a leaf switch fail, allowing the APICs to stay in a fully fit state. If your single pod has more than two leaves, you should spread out your APIC connections over all the leaf switches.
- Now we will connect the leaf switches to the spine Switches. Because we are using a dual-role switch, we need to connect the leaves and spines on the following ports highlighted in the red boxes. If you do not use these ports, you will not be able to convert the switch from a leaf role to a spine role. These ports are typically the higher-numbered ports. For our switch model used to write this guide, the ports are 25 to 32.
- Each leaf switch will connect to each of your spine switches in a dual-homed fashion, ensuring that if there is a spine switch failure, the leaves can still communicate with each other.
We are using the latest Cisco APIC version—ACI 6.x at the time of this writing. The first-time configuration has been changed from previous releases where you only need to enter the APIC configuration information once on your first APIC. In previous versions, you had to enter the same information onto all three APICs, which raised the chances for misconfiguration and fat-fingering the setup information.
- Press enter on the first APIC, and do not touch APICs 2 or 3 because the bootstrap script will reach out to the other APICs to push the necessary configurations.
- Input the needed information, which includes:
- Admin password
- OOB management network IP
- Default gateway for OOB network
- If you need to change the information, feel free to do so. If you’re good with the configuration, go ahead and enter
nand navigate to the provided URL, which is the OOB IP that you configured:https://<OOB MGMT IP>. - Enter the bootstrap web GUI and begin configuring the first APIC. It is important to note that your OOB network needs reachability to your Cisco Integrated Management Controller (IMC) address. The bootstrap script reaches out to the Cisco IMC IP in order to gather the serial number and push configurations to the other APICs.
- Choose how your APICs will be connecting to your leaf switches. In this deployment, we have our APICs directly connected to our leaf switches.
- Configure our fabric information, inputting the following:
- Fabric Name
- APIC Cluster Size
- GiPo Multicast Pool
- Pod ID
- TEP Pool
- Infrastructure VLAN
- Next, we will add our APICs to our cluster. During this step, the OOB network will reach out to the Cisco IMC IP address that was provided during the setup script. You will need the Cisco IMC username and password. You will need to add all three controllers to the cluster at this time.
- You can watch the progress of the clustering process through the web UI.
Now that we have access to the APIC GUI, we can begin to register the switches to the fabric.
- Navigate to Fabric > Fabric Membership > Nodes Pending Registration.
- Right-click the switch pending registration and register it as the first leaf. **Be sure to follow Cisco best practices with node ID numbering of 101-199 for leaves and 201-299 for spines.
- After leaf 101 is registered, the GUI should show both spines as available to register. Repeat for the same procedure for the spines.
- Finally, register the last leaf switch.
During this time, you may have some GUI errors pop up indicating that the APICs are clustering in the background. This might require you to reload the web page. The errors are not a cause for concern.
Depending on which leg of the dual-homed connection to the leaves is active on APICs 2 and 3, you may be required to register and accept the APICs into the cluster. This is because the APIC is sending Link Layer Discovery Protocol (LLDP) type-length-values (TLVs) into the fabric, indicating that it is downstream and available to be connected.
To wrap things up, diving into the world of connecting and discovering a Cisco ACI single-pod site is like getting backstage access to the coolest network show in town. With the insights from this learning module, you’re now the star of setting up a seamless network infrastructure that is as dynamic as it gets. From plugging in those physical components to conjuring up policies out of thin air, you’ve got the know-how to make it all happen. So go ahead—rock that data center with your newfound ACI skills, and remember, the network stage is yours to command!
Learn More
ACI Getting Started Guide:
If you want to upgrade your APIC software, you can use the following guide:
If you need to convert from NX-OS to ACI, please use the following guide:
If manually upgrading switches that are already running ACI code, follow the supported upgrade path from this link:
If no management IP has been set up, and you cannot register the switch to the fabric to set up management, you can transfer your ACI information using loader> prompt: