How to Connect Physical Servers/Bare Metal to Cisco ACI Fabric
There are two sections
basically:
1.
Fabric – That governs your physical access policies (Physical
Network)
2.
Tenant – That governs your overlay policies (Logical Construct)
Let’s begin
with Fabric part of the configuration
Step 1: Create a static
VLAN Pool
So basically you define whatvlan id you will be using on your interface
to on-board the server.
Fabric > Access Policies > Pools > VLAN -- Right click and Create Vlan Pool
So basically you define what
Fabric > Access Policies > Pools > VLAN -- Right click and Create Vlan Pool
Step 2: Create Physical
Domain and bind VLAN Pool to the domain
Fabric > Access Policies > Physical and External Domains > Physical Domains – Right click and Create Physical Domain
Just givename for the physical domain and attach the Vlan pool
created in step 1. Leave the Associated Attachable Entity Profile option blank,
we will do that in next step .
Fabric > Access Policies > Physical and External Domains > Physical Domains – Right click and Create Physical Domain
Just give
Step 3: Create AAEP and
bind domain to the AAEP
Fabric > Access Policies > Global Policies > Attachable Access Entity Profile – Create Attachable Access Entity Profile and just attach your physical domain created in step 2 here.
Fabric > Access Policies > Global Policies > Attachable Access Entity Profile – Create Attachable Access Entity Profile and just attach your physical domain created in step 2 here.
Step 4: Create Interface
Policies
These are nothing but genericconfigs that you would want on your interface
like cdp on, lldp off, speed, duplex, bpdu filter
etc. Policies created here is an one time process and are reused
extensively in future while on-boarding new servers.
These are nothing but generic
Fabric > Access Policies
> Interface Policies >Policies – Expand this and you will
find all different parameters and their possible attributes
Select whatever is applicable for your servers. Common ones arecdp , link
level, lldp , Port-Channel( LACP modes).
Select whatever is applicable for your servers. Common ones are
Step 5: Create Interface
Policy Group
Select what all policies created in step 4 need to be activated on the interface
Fabric > Access Policies > Interface Policies > Leaf Policy Group – Right click and createpolicy group based on interface type( PC, VPC or access)
You can select policies throughdrop down menu here. This is
the place where you also attach the AAEP created in step 3.
Select what all policies created in step 4 need to be activated on the interface
Fabric > Access Policies > Interface Policies > Leaf Policy Group – Right click and create
You can select policies through
Step 6: Create Leaf
Profiles
Here you select the interfaces and attach policy group created in step 5
Fabric > Access Policies > Interface Policies >Profiles > Leaf Profiles – Right Click and create leaf interface profile, create interface selector (where you define interface name and attach interface policy group)
Here you select the interfaces and attach policy group created in step 5
Fabric > Access Policies > Interface Policies >Profiles > Leaf Profiles – Right Click and create leaf interface profile, create interface selector (where you define interface name and attach interface policy group)
Step 7: Create Switch
Profile
Finally, you select the switches here, where exactly the servers are connected. Everything done till step 6 is just an abstract and when you bind leaf interface profile created in step 6 to the switch profile then the config is actually completed and makes sense.
Fabric > Access Policies >Switch Policies > Profiles – Right click and create leaf profile, select leaf switches (keep the policy group option empty if there is no specific global config required at leaf level), then move to the associated interface selector profiles and select the leaf interface profile created in leaf selector option and attach the interface policy group.
Finally, you select the switches here, where exactly the servers are connected. Everything done till step 6 is just an abstract and when you bind leaf interface profile created in step 6 to the switch profile then the config is actually completed and makes sense.
Fabric > Access Policies >Switch Policies > Profiles – Right click and create leaf profile, select leaf switches (keep the policy group option empty if there is no specific global config required at leaf level), then move to the associated interface selector profiles and select the leaf interface profile created in leaf selector option and attach the interface policy group.
Tenant
Side Configuration:
So we need to go to the respective tenant where that sever belongs to and perform following steps:
Step1: Create a VRF
Tenant > Networking > VRF – Right click and create VRF
Step2: Create a Bridge
Domain
Tenant > Networking >Bridge Domain – Right click and create a Bridge Domain
You need to associate your BD with the VRFand create the subnet (which will be the distributed gateway for your server)
Tenant > Networking >Bridge Domain – Right click and create a Bridge Domain
You need to associate your BD with the VRFand create the subnet (which will be the distributed gateway for your server)
Step 3: Create
Application Profile
Tenant > Application Profile – Right click and create an Application profile
Application profile is nothing but a container for the EPGs.
Tenant > Application Profile – Right click and create an Application profile
Application profile is nothing but a container for the EPGs.
Step 4: Create an
Application EPG
Tenant > Application Profile > expand respective application profile and right click on Application EPG and Create Application EPG
You will have to associate BD while creating EPG, can keep remaining options as default.
Tenant > Application Profile > expand respective application profile and right click on Application EPG and Create Application EPG
You will have to associate BD while creating EPG, can keep remaining options as default.
Step 5: Attach Physical
Domain to the EPG
Expand application EPG created in Step 4. You would see Domains option on left pane.That’s the place you need to attach your Physical domain option created in Step 2 of Fabric - Access Policy.
Expand application EPG created in Step 4. You would see Domains option on left pane.That’s the place you need to attach your Physical domain option created in Step 2 of Fabric - Access Policy.
Step 6: Static port
binding in EPG
Expand application EPG created in Step 4. You would see static port binding option. That’s where you provide the static path of the Leaf/Port configured for the server on Fabric – Access Policy. Also need to specify the vlan encap id from the vlan pool created in Step 1 of Fabric – Access Policy.
Expand application EPG created in Step 4. You would see static port binding option. That’s where you provide the static path of the Leaf/Port configured for the server on Fabric – Access Policy. Also need to specify the vlan encap id from the vlan pool created in Step 1 of Fabric – Access Policy.
Step 7: Attach contract
to the EPG
Contract is required for any endpoint in an EPG to communicate with another endpoint in a different EPG or external network (External EPG). Attach the contract as per communication direction (Source EPG will Consume and Destination EPG will Provide).
Contract is required for any endpoint in an EPG to communicate with another endpoint in a different EPG or external network (External EPG). Attach the contract as per communication direction (Source EPG will Consume and Destination EPG will Provide).
This completes the
configuration required for connecting physical servers to Cisco ACI Fabric.
Anoop, Knowledge sharing is good.But giving credits to original author of the content is something we shouldn't fail.
ReplyDeleteAuthor Jayesh Singh on
https://community.cisco.com/t5/data-center-blogs/connecting-physical-servers-to-cisco-aci-fabric-simplified/ba-p/3808366