Presentation is loading. Please wait.

Presentation is loading. Please wait.

L4 – L7 Services Network Stitching Only Mode. Why do we need this feature and where is it used?

Published bySamantha Brooks Modified over 8 years ago

Similar presentations

Presentation on theme: "L4 – L7 Services Network Stitching Only Mode. Why do we need this feature and where is it used?"— Presentation transcript:

1 L4 – L7 Services Network Stitching Only Mode

2 Why do we need this feature and where is it used?

3 Service Insertion in Current Mode Automated Network Configuration −Service Insertion: APIC Configure Network for redirecting traffic through service nodes Automated Service Configuration −APIC configures service appliance using vendor provided package Services are Managed by APIC ADC FW ADC FW

4 Service Insertion in Current Mode Automated Network Configuration −Service Insertion: APIC Configure Network for redirecting traffic through service nodes. Externally Managed Service Configuration −Admin configures service appliance externally using custom scripts/tools or manually. Services are Externally Managed ADC FW ADC FW

5 Why do we need Network Stitching Only Mode? In some customer environments, it is desirable that APIC only allocates network resources for the service graph and programs only the fabric side during graph instantiation. This may be needed for various reasons. For e.g. −A customer environment may already have an existing orchestrator or a dev-op tool that is more suitable for programming the service appliance. −In some cases, the device package for a legacy service may not be available. Network Only Mode for services adds the desired flexibility.

6 Network Stitching Only Mode Overview and Description

7 L4 – L7 Device Cluster

8 L4 – L7 Device Cluster Can Be Configured As Managed Or Un-Managed A device can be either managed or un-managed. In managed mode, APIC manages the device and programs the device during graph instantiation. Managed mode is equivalent to the existing functionality. By default when a device is registered with APIC, it is set to be in managed mode. This ensures backward compatibility with the existing functionality.’ If a device is configured as “un-managed” i.e. managed setting is set to false, APIC does not program the device. APIC only allocates the network resources and programs the VLAN/VXLAN on fabric side.

9 L4 – L7 Device Cluster In Un-Managed Mode The Following settings are NOT used/needed when a device cluster is configured as un-managed Device Package Device Configuration Parameters Connectivity Information for the device cluster (vnsLDevViP) and devices (CDev) – −Management IP −Credentials −In-band connectivity information Information about context awareness −Single Context or Multi-Context Device Manager

10 L4 – L7 Device Cluster In Un-Managed Mode The Following settings are STILL needed when a device cluster is configured as un-managed Domain Information to allocate VLANs from Function Type (Go-To or Go-Through) Topology Information −CIF and Path information for CIF −LIF −Static Endcap for LIF (Optional) Topology Information is needed so that we can program the network ports on the leaf during network stitching. Information about supported function type −Go-To, Go-Through

11 GUI L4 – L7 Device Cluster As Un-Managed UI hides all other settings related to package, configuration parameters, and connectivity when managed mode is “un-checked”

12 REST API L4 – L7 Device Cluster As Un-Managed

13 CLI L4 – L7 Device Cluster As Un-Managed apic1# configure apic1(config)# tenant AVI apic1(config-tenant)# l4l7 cluster name LB1 type physical vlan-domain phys apic1(config-cluster)# cluster-device C5 apic1(config-cluster)# cluster-device C6 apic1(config-cluster)# cluster-interface consumer apic1(config-cluster-interface)# member device C5 device-interface 2.1 apic1(config-member)# interface ethernet 1/12 fex 101 leaf 101 apic1(config-member)# exit apic1(config-cluster-interface)# member device C6 device-interface 2.1 apic1(config-member)# interface ethernet 1/14 fex 101 leaf 101 apic1(config-member)# exit apic1(config-cluster-interface)# exit apic1(config-cluster)# cluster-interface provider apic1(config-cluster-interface)# member device C5 device-interface 2.2 apic1(config-member)# interface ethernet 1/13 fex 101 leaf 102 apic1(config-member)# exit apic1(config-cluster-interface)# member device C6 device-interface 2.2 apic1(config-member)# interface ethernet 1/15 fex 101 leaf 102 apic1(config-member)# end apic1# A Device Cluster is configured as an un-managed device when it is configured through the CLI

14 L4 – L7 Service Graph

15 AbsNode Can Be Configured As Managed Or Un-Managed An AbsNode can be either managed or un-managed. When an AbsNode is configured as “managed”, it can use a managed device. APIC programs the device during graph instantiation. Managed mode is equivalent to the existing functionality. By default when a function node is added to the service graph, it is set to be in managed mode. This ensures backward compatibility with the existing functionality. If a function node is configured as “un-managed” i.e. managed setting is set to false, APIC does not do parameter resolution or programs the devices. APIC only allocates the network resources and programs the VLAN/VXLAN on fabric side.

16 AbsNode In Un-Managed Mode The following settings are NOT used/needed when an AbsNode is configured as un-managed MFunc relation AbsFuncProfile Configuration Parameters (In AbsNode or on EPG)

17 AbsNode In Un-Managed Mode The following settings are STILL used/needed when an AbsNode is configured as un-managed LDevCtx to enable the selection of LDevVip during graph instantiation LIfCtx to enable the selection of LIf during graph instantiation BD in LIfCtx Route Peering in LIfCtx Subnet in LIfCtx

18 REST API – Using Un-Managed AbsNode In AbsGraph

19 CLI – Using Un-Managed AbsNode In AbsGraph apic1(config-tenant)# L4L7 graph G2 contract C6 apic1(config-graph)# service N1 device-cluster-tenant AVI device-cluster D4 apic1(config-service)# apic1(config-service)# connector consumer cluster-interface consumer apic1(config-connector)# bridge-domain tenant AVI name bd1 apic1(config-connector)# exit apic1(config-service)# connector provider cluster-interface provider apic1(config-connector)# bridge-domain tenant AVI name bd2 apic1(config-connector)# exit apic1(config-service)# exit apic1(config-graph)# service N2 device-cluster-tenant AVI device-cluster D3 apic1(config-service)# connector consumer cluster-interface consumer apic1(config-connector)# bridge-domain tenant AVI name bd3 apic1(config-connector)# exit apic1(config-service)# connector provider cluster-interface provider apic1(config-connector)# bridge-domain tenant AVI name bd1 apic1(config-connector)# exit apic1(config-service)# exit apic1(config-graph)# connection CON1 terminal consumer service N1 connector consumer apic1(config-graph)# connection CON2 intra_service service1 N1 connector1 provider service2 N2 connector2 consumer apic1(config-graph)# connection CON3 terminal provider service N2 connector provider apic1(config-graph)# end apic1# A Service Node is configured as an un- managed service when it is configured through the CLI

20 UI – Using Un-Managed AbsNode In AbsGraph In UI adding an un- managed device in the AbsGraph makes the AbsNode to be configured in un-managed mode.

21 Static Encap

22 Static Encap For Service Graphs Static Encap allows an admin to explicitly specify the encap to use for a specific connector in the service graph. Static Encap can be used with a graph connector by specifying the encap value as part of Logical Interfaces LIF. Static Encap can be used for both managed and un-managed mode. Static Encap are only supported for physical services Static Encap must be configured as part of static namespace for the physical domain. (that is associated with the device cluster)

23 UI – Static Encap Static Encap can be configured as part of LIf

24 REST API - Static Encap

25 CLI - Static Encap L4L7-cluster LB1 type VIRTUAL vlan-domain VC1 cluster-device C5 cluster-device C6 cluster-interface Lif1 encap vlan-200 member device C5 device-interface 2.1 interface ethernet 1/10 fex 101 leaf 101 member device C6 device-interface 2.1 interface ethernet 1/12 fex 101 leaf 102 exit cluster-interface Lif2 member device C5 device-interface 2.2 interface ethernet 1/11 fex 101 leaf 101 member device C6 device-interface 2.2 interface ethernet 1/13 fex 101 leaf 102 exit

26 Updated L4 – L7 Service GUI

27 Create Tenant Create Tenant, VRF, BD, EPG.

28 Service Graph Template Creation With Device Clusters Allows Service Devices to be created from the service graph template creation page Device Clusters can be associated with the service graph templates at the creation time

29 Device Cluster Can Be Created Along With Service Graph Template Uncheck “Managed” Fill in the info Name: Concrete Device Name Service Type: Firewall, ADC, IPS etc Device Type: Physical or Virtual Domain Mode

30 Add Device To Service Graph Template Adding an un-managed device in the AbsGraph makes the AbsNode to be configured in un-managed mode. Both Managed and Un- managed devices can be added and used in a single service graph template Drag & Drop

31 Create Service Graph Template

32 Apply Service Graph

33 Apply Service Graph (cont.) Select consumer EPG and provider EPG Create new contract or choose existing one

34 Apply Service Graph (cont.)

35 Verify Service Graph

36 Verify Service Graph (cont.) In vCenter the Port-Groups are automatically created

37 Verify Service Graph in vCenter The networks are already configured as well.

38 Verify BD2BD1 EPG web 192.168.2.1 consumer provider 192.168.2.200 192.168.1.1/24 192.168.1.200 EPG client 47398284253185215678 49153 32771 16388 16387

39 Salient Points Mixed Mode AbsGraph can have both managed and un-managed mode together Static Encap Static Encap in LIf is supported for both managed and un-managed mode. VNIC auto-placement VNIC auto-placement is supported for both managed and un-managed mode. Parameter Resolution and VDev Tree For un-managed mode function, APIC does not perform parameter resolution or device side programming. No VDev tree is created for an un-managed service graph function. Route Peering Route Peering is supported for both managed and un-managed mode. Shared Services Shared services is supported for both managed and un-managed mode.

Download ppt "L4 – L7 Services Network Stitching Only Mode. Why do we need this feature and where is it used?"

Similar presentations

Mapping Service Templates to Concrete Network Semantics Some Ideas.

Mapping Service Templates to Concrete Network Semantics Some Ideas.
 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.

 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
BROCADE ACCREDITED CAMPUS NETWORKING SPECIALIST STUDY NOTES March 2012 © 2012 Brocade Communications Systems, Inc. 1.

BROCADE ACCREDITED CAMPUS NETWORKING SPECIALIST STUDY NOTES March 2012 © 2012 Brocade Communications Systems, Inc. 1.
Virtual LANs.

Virtual LANs.
© Tejas Networks India Ltd., 2007, Proprietary Information Rev1.1 Last update 24 Oct 07 DEMO.

© Tejas Networks India Ltd., 2007, Proprietary Information Rev1.1 Last update 24 Oct 07 DEMO.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Sybex CCNA 640-802 Chapter 9: VLAN’s Instructor & Todd Lammle.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.
Access Control Module 8. Module 2-275 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.

Access Control Module 8. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Module 7: Configuring TCP/IP Addressing and Name Resolution.

Module 7: Configuring TCP/IP Addressing and Name Resolution.
Packet Tracer: Novice Session

Packet Tracer: Novice Session
Packet Tracer 4.1: Novice Session

Packet Tracer 4.1: Novice Session
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17

Similar presentations

Ads by Google