New and Changed Information

The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Cisco APIC Release Version

Feature

Description

6.0(3)

Support for NSX-T Policy API mode

Cisco APIC extends support for NSX-T Policy API mode.

5.1(1)

Support for VMware NSX-T Data Center integration

You can integrate VMware NSX-T Data Center with Cisco Application Centric Infrastructure (ACI). Integration enables you to use Cisco Application Policy Infrastructure Controller (APIC) to create and work with VMware NSX-T Data Center network constructs.

Integrating VMware NSX-T Data Center with Cisco ACI

Beginning with Cisco Application Policy Infrastructure Controller (APIC) Release 5.1(1), you can integrate VMware NSX-T Data Center with Cisco Application Centric Infrastructure (ACI).

VMware NSX-T Data Center allows administrators to provision network services for ESXi environments. VMware NSX-T Data Center uses an NSX manager; however, integration is similar to that of other virtual machine managers (VMMs).

Integrating VMware NSX-T Data Center enables administrators to use Cisco APIC to apply Cisco ACI policy inside the VMM system.

This document provides information for integrating VMware NSX-T Data Center with Cisco ACI, including prerequisites and installation. You should be familiar with VMware NSX-T Data Center and Cisco ACI. For detailed information about VMware NSX-T Data Center, see the VMware website.

You can also watch a video that demonstrates how to integrate Cisco ACI with VMware NSX-T Data Center. See Video: Cisco ACI and VMware NSX-T Data Center Integration.

Mapping Cisco ACI and VMware NSX-T Data Center Constructs

The following table shows the mapping between Cisco Application Centric Infrastructure (ACI) and VMware NSX-T Data Center constructs.

Cisco ACI

VMware NSX-T Data Center

VMM Domain

Transport Zone

Endpoint Group (EPG)

Logical Switch or Segment

Hypervisor

Transport Node

Beginning with Cisco APIC release 6.0(3), support has been introduced for the NSX-T Policy API mode. Prior to release 6.0(3), the only supported API mode was the Management API mode. As mentioned in the table above, segment and logical switches map to the Cisco ACI EPG. Segment is the logical object introduced by NSX-T for Policy API mode. The Management API mode for the EPG maps to the logical switches on NSX-T; the Policy API mode maps to the segments on NSX-T.

The supported NSX-T versions for policy and management APIs are 3.0, 3.2 and 4.x.

Prerequisites to Integrating VMware NSX-T Data Center

Fulfill the requirements in this section before you integrate VMware NSX-T with Cisco Application Centric Infrastructure (ACI).

  • Ensure that you have correctly set up the Cisco Application Centric Infrastructure (ACI) fabric and Cisco Application Policy Infrastructure Controller (APIC).

  • Download and deploy the correct version of VMware NSX-T Data Center from the VMware website.

    Check the Cisco ACI Virtualization Compatibility Matrix to see which version to use with your version of Cisco Application Policy Infrastructure Controller (APIC). Also fulfill the requirements on the VMware website.

  • Configure the VMware NSX-T Data Center to include hosts that are connected to Cisco ACI fabric.

    Follow the installation and configuration instructions on the VMware website.

  • Configure the VMware NSX-T Manager in manager mode (policy mode is not supported).

Integrating VMware NSX-T Data Center with Cisco ACI Using the Cisco APIC GUI

Complete the procedures in this section to integrate VMware NSX-T Data Center with Cisco Application Centric Infrastructure (ACI) using the Cisco Application Policy Infrastructure Controller (APIC) GUI.

Create a VMM Domain Profile

Virtual machine manager (VMM) domain profiles specify connectivity policies that enable virtual machine controllers to connect to the Cisco Application Centric Infrastructure (ACI) fabric. They group VM controllers with similar networking policy requirements. For example, VM controllers can share VLAN pools and application endpoint groups (EPGs).

Follow the procedure in this section to create a VMware NSX-T Data Center VMM profile.

Before you begin

Fulfill the following prerequisites before you create a VMM domain profile for VMware NSX-T Data Center:

  • Ensure that all Cisco ACI fabric nodes are discovered and configured.

  • Configure out-of-band (oob) management on the Cisco Application Policy Infrastructure Controller (APIC).

Procedure

Step 1

Log in to Cisco APIC.

Step 2

Go to Virtual Networking > VMware SDN.

The Domains page appears.

Step 3

At the upper right of the Domains page, click Actions and then click Create Domain.

Step 4

In the Create Domain page, complete the following steps:

  1. In the General area, in the Name field, enter a name for the domain.

  2. In the Settings > Access Mode area, choose Read Only or Read Write.

    The results of the choice vary as follows:

    • If there is a Transport Zone in VMware NSX-T Data Center matching the name that you entered for the domain, choosing Read Write enables you to view inventory information and manage that Transport Zone. Choosing Read Only enables you only to view inventory information of that Transport Zone.

    • If there is no Transport Zone in VMware NSX-T Data Center matching the name that you entered for the domain, choosing Read Write creates a new Transport Zone with that name. Choosing Read Only does not.

  3. In the Settings > Access Mode area, click Select VLAN Pool.

  4. In the Select VLAN Pool dialog box, choose an existing VLAN pool or create a new one.

  5. In the Create Domain page, in the Settings > Attachable Access Entity Profile area, click Add Attachable Access Entity Profile.

  6. In the Select Attachable Access Entity Profile dialog box, choose an existing attachable access entity profile or create a new one.

  7. In the Create Domain page, in the Settings > Controller area, click Add Controller.

  8. In the Controller area, enter a name for the controller and the hostname or IP address in the appropriate fields, and then click Select Credentials.

    If you have configured a virtual IP address for your VMware NSX-T Data Center cluster, you can use it as the controller IP address. Otherwise, you can use the IP address of any of the NSX Managers in the cluster as the controller IP address. You can configure a virtual IP address for VMware NSX-T Data Center later.

    Note

     
    Do not add multiple NSX manager IP addresses from the same cluster as separate controller IP addresses for the same VMware NSX-T Data Center domain.

  9. In the Select Credentials dialog box, click Create Credentials.

  10. In the Create Credentials dialog box, enter a name for the credentials, a username, and a password, and then click Save.

  11. In the Create Domain page, in the Settings > Controller area, click the check mark at the right of the page to confirm the controller configuration.

  12. (Optional) Change the delimiter, or configure a security domain.

    For the delimiter for the VMware NSX-T Data Center domain, you can use one of the following symbols: _, !, ^, or +. If you do not enter a symbol, the system uses the default _ (underscore) delimiter in the VMware PortGroup name.

    When you associate an EPG with a VMM domain, a default name is generated for the new logical switch: TenantName_ApplicationProfile_EPGName. The delimiter is the special character that separates words the name; this example uses the _ (underscore).

  13. Click Save.

What to do next

  • On VMware NSX-T Data Center, associate the Transport Zone that is created or managed by Cisco ACI to the Transport Nodes (hosts) that were connected to the Cisco ACI fabric.

  • Complete the procedure Associate an EPG with the Domain.

Associate an EPG with the Domain

After you create a virtual machine manager (VMM) domain for VMware NSX-T Data Center, associate one or more endpoint group (EPGs) with the new domain.

Before you begin

  • Create a VMM domain, following the procedure in Create a VMM Domain Profile.

  • Create a tenant, an application profile, and at least one EPG.

  • Enable neighbor discovery to reflect virtual-machine-manager (VMM)-learned endpoints.

    You enable neighbor discovery through the Cisco Discovery Protocol (CDP) or the Link Layer Discovery Protocol (LLDP) when you configure interface policy groups. Enable LLDP or CDP under the policy group for the Transport Node to enable neighbor discovery. Enabling neighbor discovery is required for endpoint groups (EPGs) to reflect VMM-learned endpoints.

Procedure

Step 1

Log in to Cisco APIC.

Step 2

Go to Tenants > tenant > Application Profiles > application_profile > Application EPGs > application_epg > Domains (VMs and Bare-Metals.

Step 3

Choose Domains (VMs and Bare-Metals, click the action icon at the upper right of the central pane and choose Add VMM Domain Association.

The action icon shows a crossed hammer and wrench.

Step 4

In the Add VMM Domain Association dialog box, from the VMM Domain Name drop-down list, choose the VMware NSX-T Data Center domain that you created before.

Step 5

Select the required NSX-T API Mode. The options are- Policy API mode, Management API mode.

Note

 

Depending on the selected API mode (either Policy API mode or Management API mode), a segment or logical switch is created.

Step 6

Choose other options in the Add VMM Domain Association appropriate to your setup.

Step 7

Click Submit.

This action creates a logical switch in the NSX Manager that is associated with the Transport Zone that you used in the section Create a VMM Domain Profile. The switch has the default name TenantName_ApplicationProfile_EPGName.

Workflow for Migrating an Existing EPG in Management API to Policy API Mode

Use this procedure to convert the earlier created logical switches (using the Management API mode) to segments.

Limitations

  • Changing from Policy API mode to Management API mode is not supported.

  • In VMware NSX-T, you cannot choose and change one logical switch to segment. You can however, convert all logical switches to segments.

Before you begin

Create a VMM domain.

Procedure

Step 1

Login to the Cisco APIC GUI.

Step 2

Navigate to Application Profiles > Application EPGs > Domains (VMs and Bare-Metals).

Step 3

In the Domains screen, edit the current association of EPG to VMM domain, and update the NSX-T API Mode to Policy API mode.

Step 4

Login to the NSX-T GUI.

Step 5

On the Manager to Policy Objects Promotion screen, click the Start Objects Promotion button to promote the logical switches to segments. To get more details about the GUI and object promotion, refer the VMware website.

Integrating NSX-T Data Center Using the NX-OS Style CLI

Complete the procedures in this section to integrate VMware NSX-T Data Center with Cisco Application Centric Infrastructure (ACI) using the NX-OS style CLI.

Configure a VLAN Pool

Complete the procedure in this section to configure a VLAN pool for the VMware NSX-T Data Center domain.

Before you begin

Complete the tasks in the section Prerequisites to Integrating VMware NSX-T Data Center.

Procedure

Configure the VLAN pool as shown in the following example:

apic1(config)# vlan-domain pool1 dynamic
apic1(config-vlan)# vlan 5-20 dynamic
apic1(config-vlan)# vlan 30-40
apic1(config-vlan)# exit
apic1(config)#

What to do next

Complete the procedure in Associate the VLAN Pool with Network Interfaces.

Associate the VLAN Pool with Network Interfaces

Complete the procedure in this section to associate the VMware NSX-T Data Center VLAN pool with network interfaces.

Before you begin

Complete the tasks in the section Prerequisites to Integrating VMware NSX-T Data Center.

Procedure

Associate the VLAN pool with network interfaces as shown in the following example:

apic1(config)# leaf 101
apic1(config-leaf)# interface ethernet 1/2-3
apic1(config-leaf-if)# vlan-domain member pool1
apic1(config-leaf-if)# exit
apic1(config-leaf)# exit
apic1(config)#

What to do next

Complete the procedure in Create a VMware NSX-T Data Center Domain.

Create a VMware NSX-T Data Center Domain

Complete the procedure in this section to create a VMware NSX-T Data Center virtual machine manager (VMM) domain.

Before you begin

Complete the tasks in the section Prerequisites to Integrating VMware NSX-T Data Center.

Procedure

Create a VMM domain as shown in the following example:

apic1(config)# vmware-domain nsxDom delimiter _
apic1(config-vmware)# configure-nsx
apic1(config-vmware-nsx)# exit
apic1(config-vmware)#

What to do next

Complete the procedure in the section Add a Controller for the VMware NSX-T Data Center Domain.

Add a Controller for the VMware NSX-T Data Center Domain

Complete the procedure in this section to add a controller for the VMware NSX-T Data Center virtual machine manager (VMM) domain.

If you have configured a virtual IP address for your VMware NSX-T Data Center cluster, you can use it as the controller IP address. Otherwise, you can use the IP address of any of the NSX Managers in the cluster as the controller IP address. You can configure a virtual IP address for VMware NSX-T Data Center later.


Note
Do not add multiple NSX manager IP addresses from the same cluster as separate controller IP addresses for the same VMware NSX-T Data Center domain.

Before you begin

Complete the tasks in the section Prerequisites to Integrating VMware NSX-T Data Center.

Procedure

Add a controller as shown in the following example:

apic1(config-vmware)# nsx 10.192.225.32
apic1(config-vmware-nsx)# username admin
Password:
Retype password:
apic1(config-vmware-nsx)# exit
apic1(config)# exit

What to do next

Complete the procedure in the section Associate a Domain with a VLAN Pool

Associate a Domain with a VLAN Pool

Complete the procedure in this section to associate the VMware NSX-T Data Center virtual machine manager (VMM) domain with a VLAN pool.

Before you begin

Complete the tasks in the section Prerequisites to Integrating VMware NSX-T Data Center.

Procedure

Associate the VMM domain with a VLAN pool as shown in the following example: 

apic1(config-vmware)# vlan-domain member pool1
apic1(config-vmware)#