Performing Tasks Using REST API

Installation

Preparing the Physical Pod IPN Connectivity Using REST API

The physical spines in the on-premises data center communicate with the Cisco Application Centric Infrastructure (ACI) Virtual Pod (vPod) virtual spine (vSpines) in the remote site over a Layer 3 interpod network (IPN). Before you create the Cisco ACI vPod on the remote site, you first ensure that a physical pod can communicate with it. You also configure a unique unicast IP address and a routable subnet for each physical pod.


Note

The procedures using the Cisco Application Policy Infrastructure Controller (APIC) refer to routable subnets as external tunnel endpoint (TEP) pools.

Procedure


Step 1

Log in to Cisco APIC:

Example:

http://<apic-name/ip>:80/api/aaaLogin.xml

data: <aaaUser name="admin" pwd="password”/>
Step 2

Configure the TEP pool:

Example:

http://<apic-name/ip>:80/api/policymgr/mo/uni/controller.xml

<fabricSetupPol status=''>
    <fabricSetupP podId="1" tepPool="10.0.0.0/16" />
    <fabricSetupP podId="2" tepPool="10.1.0.0/16" status='' />
</fabricSetupPol>
Step 3

Configure the node ID policy:

Example:

http://<apic-name/ip>:80/api/node/mo/uni/controller.xml

<fabricNodeIdentPol>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="leaf1" nodeId="101" podId="1"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="leaf2" nodeId="102" podId="1"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="leaf3" nodeId="103" podId="1"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="leaf4" nodeId="104" podId="1"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="spine1" nodeId="201" podId="1"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="spine3" nodeId="202" podId="1"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="leaf5" nodeId="105" podId="2"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="leaf6" nodeId="106" podId="2"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="spine2" nodeId="203" podId="2"/>
<fabricNodeIdentP serial="XXXXXXXXXXX" name="spine4" nodeId="204" podId="2"/>
</fabricNodeIdentPol>
Step 4

Configure infra L3Out and external connectivity profile:

Example:

http://<apic-name/ip>:80/api/node/mo/uni.xml

<polUni>

<fvTenant descr="" dn="uni/tn-infra" name="infra" ownerKey="" ownerTag="">

   <l3extOut descr="" enforceRtctrl="export" name="multipod" ownerKey="" ownerTag="" targetDscp="unspecified" status=''>
      <ospfExtP areaId='0' areaType='regular' status=''/>
      <bgpExtP status='' />
      <l3extRsEctx tnFvCtxName="overlay-1"/>
      <l3extProvLbl descr="" name="prov_mp1" ownerKey="" ownerTag="" tag="yellow-green"/>

      <l3extLNodeP name="bSpine">
         <l3extRsNodeL3OutAtt rtrId="201.201.201.201" rtrIdLoopBack="no" tDn="topology/pod-1/node-201">
            <l3extInfraNodeP descr="" fabricExtCtrlPeering="yes" name=""/>
            <l3extLoopBackIfP addr="201::201/128" descr="" name=""/>
            <l3extLoopBackIfP addr="201.201.201.201/32" descr="" name=""/>
         </l3extRsNodeL3OutAtt>

         <l3extRsNodeL3OutAtt rtrId="202.202.202.202" rtrIdLoopBack="no" tDn="topology/pod-1/node-202">
            <l3extInfraNodeP descr="" fabricExtCtrlPeering="yes" name=""/>
            <l3extLoopBackIfP addr="202::202/128" descr="" name=""/>
            <l3extLoopBackIfP addr="202.202.202.202/32" descr="" name=""/>
         </l3extRsNodeL3OutAtt>
         
         <l3extRsNodeL3OutAtt rtrId="203.203.203.203" rtrIdLoopBack="no" tDn="topology/pod-2/node-203">
            <l3extInfraNodeP descr="" fabricExtCtrlPeering="yes" name=""/>
            <l3extLoopBackIfP addr="203::203/128" descr="" name=""/>
            <l3extLoopBackIfP addr="203.203.203.203/32" descr="" name=""/>
         </l3extRsNodeL3OutAtt>

         <l3extRsNodeL3OutAtt rtrId="204.204.204.204" rtrIdLoopBack="no" tDn="topology/pod-2/node-204">
            <l3extInfraNodeP descr="" fabricExtCtrlPeering="yes" name=""/>
            <l3extLoopBackIfP addr="204::204/128" descr="" name=""/>
            <l3extLoopBackIfP addr="204.204.204.204/32" descr="" name=""/>
         </l3extRsNodeL3OutAtt>         

         <l3extLIfP name='portIf'>
            <l3extRsPathL3OutAtt descr='asr' tDn="topology/pod-1/paths-201/pathep-[eth1/1]" encap='vlan-4'  ifInstT='sub-interface' addr="201.1.1.1/30" />
            <l3extRsPathL3OutAtt descr='asr' tDn="topology/pod-1/paths-201/pathep-[eth1/2]" encap='vlan-4'  ifInstT='sub-interface' addr="201.2.1.1/30" />
            <l3extRsPathL3OutAtt descr='asr' tDn="topology/pod-1/paths-202/pathep-[eth1/2]" encap='vlan-4'  ifInstT='sub-interface' addr="202.1.1.1/30" />
            <l3extRsPathL3OutAtt descr='asr' tDn="topology/pod-2/paths-203/pathep-[eth1/1]" encap='vlan-4'  ifInstT='sub-interface' addr="203.1.1.1/30" />
            <l3extRsPathL3OutAtt descr='asr' tDn="topology/pod-2/paths-203/pathep-[eth1/2]" encap='vlan-4'  ifInstT='sub-interface' addr="203.2.1.1/30" />
            <l3extRsPathL3OutAtt descr='asr' tDn="topology/pod-2/paths-204/pathep-[eth4/31]" encap='vlan-4'  ifInstT='sub-interface' addr="204.1.1.1/30" />          

           <ospfIfP>
               <ospfRsIfPol tnOspfIfPolName='ospfIfPol'/>
           </ospfIfP>

         </l3extLIfP>
      </l3extLNodeP>

      <l3extInstP descr="" matchT="AtleastOne" name="instp1" prio="unspecified" targetDscp="unspecified">
          <fvRsCustQosPol tnQosCustomPolName=""/>
      </l3extInstP>
   </l3extOut>

   <fvFabricExtConnP descr="" id="1" name="Fabric_Ext_Conn_Pol1" rt="extended:as2-nn4:5:16" status=''>
      <fvPodConnP descr="" id="1" name="">
         <fvIp addr="100.11.1.1/32"/>
      </fvPodConnP>
      <fvPodConnP descr="" id="2" name="">
         <fvIp addr="200.11.1.1/32"/>     
      </fvPodConnP>
      <fvPeeringP descr="" name="" ownerKey="" ownerTag="" type="automatic_with_full_mesh"/>
      <l3extFabricExtRoutingP descr="" name="ext_routing_prof_1" ownerKey="" ownerTag="">
         <l3extSubnet aggregate="" descr="" ip="100.0.0.0/8" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="200.0.0.0/8" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="201.1.0.0/16" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="201.2.0.0/16" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="202.1.0.0/16" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="203.1.0.0/16" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="203.2.0.0/16" name="" scope="import-security"/>
         <l3extSubnet aggregate="" descr="" ip="204.1.0.0/16" name="" scope="import-security"/>
      </l3extFabricExtRoutingP>
   </fvFabricExtConnP>
</fvTenant>
</polUni>
Step 5

Configure a routable subnet for each physical pod.

Example:

URL: https://<controllername>/api/node/mo/uni/controller/setupPol.xml

POST:

<fabricSetupP podId="1">
<fabricExtRoutablePodSubnet pool="197.16.0.0/25"  
    reserveAddressCount = 2/>
</fabricSetupP>

In the example, pool defines the routable subnet or external TEP pool. You can reserve some of the IP addresses from the start of the pool by the reserveAddressCount. Cisco APIC does not manage these IP addresses, which you can configure as desired.

Note the following:

  • The minimum size of each routable TEP pool is /28, and the maximum size is /22 for each physical pod.

  • Addresses from this TEP pool are allocated to border leafs and spines: physical TEP (PTEP) for border leafs and controller-plane TEP (CP-TEP) for spines.

  • Each Cisco APIC is allocated one routable IP address.

  • One multicast TEP IP address for each site is allocated from the Pod 1 routable subnet.

Step 6

Configure a unique unicast TEP IP address and an IP addressed used as the Border Gateway Protocol (BGP) next hop for each physical pod:

You can configure these addresses from the reserved portion of the external TEP pool (routable subnet).

Example:

<fvTenant name="infra">

     <fvFabricExtConnP id="1" rt="extended:as2-nn4:5:16">
     <fvPodConnP id="1">
  <fvIp addr="108.11.1.1/32"/>
     <fvExtRoutableUcastConnP addr="197.16.0.1/32"/>
</fvFabricExtConnP>
</fvTenant>
Step 7

Configure a multiprotocol BGP (MP-BGP) route reflector.

Example:

https://<apic-name-or-ip>/api/policymgr/mo/uni.xml

<polUni>                                                                   
  <fabricInst>                                                             
    <fabricPodP name="default">                                            
      <fabricPodS name="default" type="ALL">                               
        <fabricRsPodPGrp tDn="uni/fabric/funcprof/podpgrp-default"/>       
      </fabricPodS>                                                        
    </fabricPodP>                                                          
 
    <fabricFuncP name="default">
      <fabricPodPGrp name="default">
        <fabricRsPodPGrpBGPRRP tnBgpInstPolName="default"/>
      </fabricPodPGrp>
    </fabricFuncP>
 
    <bgpInstPol name="default">
      <bgpAsP asn="200"/>
      <bgpRRP>
        <bgpRRNodePEp id="202" status=""/>
      </bgpRRP>
    </bgpInstPol>
  </fabricInst>
</polUni>

If you configure a route reflector and want to remove the spine switch from the controller in the future, you must disable Route Reflector on the BGP Route Reflector Cisco APIC page before removing the spine switch from the controller. Not doing so results in an error.

To disable a route reflector, right-click on the appropriate route reflector in the Route Reflector Nodes area in the BGP Route Reflector page and select Delete. See the section "Configuring an MP-BGP Route Reflector Using the GUI" in the chapter "MP-BGP Route Reflectors" in the Cisco APIC Layer 3 Networking Configuration Guide.


Adding the Cisco ACI vPod Using REST API

To add a Cisco Application Centric Infrastructure (ACI) Virtual Pod (vPod), you define the pod ID and tunnel endpoint (TEP) pool. You also configure the virtual spine (vSpine) and virtual leafs (vLeaf) virtual machines (VMs) on the two required nodes.

Before you begin

Procedure


Step 1

Add the Cisco ACI vPod:

Example:

https://<controllername>/api/node/mo/uni/controller/setupPol.xml

<fabricSetupPol>
<fabricSetupP tepPool="196.0.128.0/22" podId="3" podType="virtual">
<fabricSetupAllocP gatewayAddress="196.0.128.1"        reservedAddress="196.0.128.0/27"/>
<fabricAssociatedSetupP pool="20.0.0.0/28" >
<fabricSetupAllocP gatewayAddress="20.0.0.14" reservedAddress="20.0.0.8/29"/>
</fabricAssociatedSetupP>
<fabricPodDhcpServer nodeId="301" serverType="primary”/>
<fabricPodDhcpServer nodeId="303" serverType="secondary”/>
</fabricSetupP>
</fabricSetupPol>
Cisco ACI vPod creation: To create the Cisco ACI vPod, you must post the fabricSetupP policy with the primary TEP pool of the pod:
<fabricSetupP tepPool="196.0.128.0/22" podId="3" podType="virtual">
  • IP addresses for virtual leafs (vLeafs) and virtual spines (vSpines) will be allocated from the primary TEP pool.

  • The primary TEP pool also can be used for Cisco ACI Virtual Edge and Head-End Replicated (HREP) IP addresses.

The minimum size of each TEP pool subnet is /28, and the maximum size is /22.

Gateway IP address: You must specify the gateway IP address and a subnet for Cisco ACI vPod from start or the end of each reserved TEP pool subnet. The gateway will be programmed automatically (using DHCP) by Cisco Application Policy Infrastructure Controller (APIC) in the vLeaf and vSpine. The reserved part of the subnet is not managed by APIC and typically is used for the gateway, HSRP-related IPs, dataplane TEP, and Router ID.
<fabricSetupAllocP gatewayAddress="196.0.128.1" reservedAddress="196.0.128.0/27"/>
Secondary TEP pools: You can add secondary TEP pools to the Cisco ACI vPod by posting a fabricAssociatedSetupP policy. This optional configuration is used only when you want to configure more than one subnet on the Cisco ACI vPod. Secondary subnets are used only for Cisco ACI Virtual Edge in the Cisco ACI vPod.
<fabricAssociatedSetupP pool="20.0.0.0/28" >
<fabricSetupAllocP gatewayAddress="20.0.0.14" reservedAddress="20.0.0.8/29"/>
</fabricAssociatedSetupP>	

The gatewayAddress and reservedAddress have the same meaning as for the primary subnet.

DHCP server configuration: You must post a fabricPodDhcpServer policy to configure DHCP servers running in primary and secondary modes on vLeafs, for example.
<fabricPodDhcpServer nodeId="301" serverType="primary”/>
<fabricPodDhcpServer nodeId="303" serverType="secondary”/>
Step 2

Add the IP address for the Border Gateway Protocol (BGP) next hop and the BGP password for the Cisco ACI vPod.

Example:

<fvFabricExtConnP descr="" id="1" name="Fabric_Ext_Conn_Pol1" rt="extended:as2-nn4:5:16" status=''> 
      <fvPodConnP descr="" id="3">
         <fvIp addr="166.11.1.1/32"/>
         <fvPasswordConfig password="12345"/>
      </fvPodConnP>
</fvFabricExtConnP>

Uninstallation

Deleting the External TEP Pools Using REST API

In addition to uninstalling Cisco Application Centric Infrastructure (ACI) Virtual Pod (vPod), you need to delete any external tunnel endpoint (TEP) pools. You can delete routable subnets gracefully.

In REST API, an external TEP pool is referred to as a routable subnet.

Procedure


Step 1

Set the state to inactive. When state is set as inactive, no further IP addresses are allocated from this pool.

Example:

<fabricExtRoutablePodSubnet pool="192.4.1.0/27" state="inactive"/>
Step 2

Decommission all the virtual nodes (vLeafs and vSpines) of each Cisco ACI vPod.

Step 3

Delete the subnet:

Note 
You can delete the subnet only if no IP address is used from this pool.

Example:

<fabricExtRoutablePodSubnet pool="192.4.1.0/27" status="deleted"/>