Cisco Nexus Dashboard - Connecting Clusters

New and changed information

The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Release Version	Feature	Description
Nexus Dashboard 4.1.1	Improved navigation and workflow when connecting clusters	Beginning with Nexus Dashboard 4.1.1, the navigation and workflow when connecting clusters in Nexus Dashboard have been enhanced.
Nexus Dashboard 4.1.1	Enhanced fabric onboarding validation	You can onboard the ACI fabric through the APIC cluster in the Cisco Nexus Dashboard using the Multi-cluster connectivity workflow. For more information, see [Connecting APIC clusters].

Release Version

Feature

Description

Nexus Dashboard 4.1.1

Improved navigation and workflow when connecting clusters

Beginning with Nexus Dashboard 4.1.1, the navigation and workflow when connecting clusters in Nexus Dashboard have been enhanced.

Nexus Dashboard 4.1.1

Enhanced fabric onboarding validation

You can onboard the ACI fabric through the APIC cluster in the Cisco Nexus Dashboard using the Multi-cluster connectivity workflow. For more information, see [Connecting APIC clusters].

Grouping fabrics and clusters

There are several ways to group fabrics and clusters together in Nexus Dashboard:

Grouping fabrics
Grouping clusters

Grouping fabrics

The method that you use to group fabrics together differs depending on the type of fabric:

NX-OS fabrics:
- You can use fabric groups to create groups of VXLAN fabrics to form a VXLAN fabric group, or to support logical groups of LAN or IPFM fabrics for simplified management. For more information, see Create fabric groups.
  
  You cannot group ACI fabrics together into fabric groups. See the ACI fabrics bullet below for information on grouping ACI fabrics.
- You can also establish inter-fabric connectivity using an Inter-Fabric link type through Connectivity > Links in your NX-OS fabric. You can then choose how you want to establish inter-fabric connectivity, such as connecting two NX-OS fabrics together using inter-fabric links with MACsec or establishing inter-fabric connectivity using VRF Lite, where you would use VRF Lite to establish external connectivity from a LAN fabric to an external Layer 3 domain. For more information, see Create inter-fabric links.
ACI fabrics: You can use the Orchestration feature through Nexus Dashboard to connect multiple ACI fabrics together, and consolidate and deploy tenants, along with network and policy configurations, across multiple ACI fabrics. For more information, see Connecting Multiple ACI Fabrics and Working with Orchestration.

Grouping clusters

You can use either of these methods to group clusters together:

Multi-cluster connectivity: You can establish connectivity between multiple Nexus Dashboard and APIC clusters for ease of access to all the clusters, as well as access to any of the fabrics running on any of the connected clusters. For more information, see Connecting Clusters.
Multi-cluster fabric groups: You can create groups of VXLAN fabrics to form a multi-cluster fabric group where VXLAN fabrics span across clusters for simplified management. For more information, see Create multi-cluster fabric groups.

Understanding multi-cluster connectivity in Nexus Dashboard

You can establish connectivity between multiple Nexus Dashboard and APIC clusters for ease of access to all the clusters, as well as access to any of the fabrics running on any of the connected clusters.

When you add a second cluster, a group of clusters is formed. The cluster from which you create the group becomes the "primary" cluster with a number of unique characteristics that do not apply to other clusters in the group:

You must use the primary cluster to connect all additional clusters.
You must use the primary cluster to remove any of the clusters from the group.
When upgrading Nexus Dashboard, you must upgrade the primary cluster before any other clusters in the group.

Establishing multi-cluster connectivity does not create any single databases with information from all clusters in the group. Every cluster continues to maintain its own configuration databases, while simultaneously being able to function as a proxy for all other clusters in the group regardless of which cluster an action or request is originated from or destined to.

Understanding Nexus Dashboard and APIC clusters in release 4.1.1

There are two different types of clusters that you can work with in Nexus Dashboard:

Nexus Dashboard clusters
APIC clusters

In Nexus Dashboard releases prior to 4.1.1, these two types of clusters would exist in this sort of heirarchy, where you would first deploy the Nexus Dashboard cluster at the upper level of this heirarchy, and then you would onboard the Cisco ACI fabrics underneath that upper-level Nexus Dashboard cluster by pointing to the appropriate remote Cisco APIC clusters.

Beginning with Nexus Dashboard 4.1.1, that behavior has changed, where the Nexus Dashboard clusters and APIC clusters now exist at the same level in the heirarchy.

Connecting Nexus Dashboard clusters

These sections provide the necessary information to connect Nexus Dashboard clusters:

Guidelines and limitations: Nexus Dashboard cluster connectivity
Connect multiple Nexus Dashboard clusters
Disconnect Nexus Dashboard clusters

Guidelines and limitations: Nexus Dashboard cluster connectivity

The following guidelines apply when configuring Nexus Dashboard multi-cluster connectivity:

Only users with a Fabric Administrator role and the all security domain access can add and delete Nexus Dashboard clusters. See Configuring Users and Security for more information.
When configuring multi-cluster connectivity in Nexus Dashboard 4.1.1, you can only connect clusters running on Nexus Dashboard 4.1.1 and later. If any cluster that is part of the multi-cluster connectivity configuration is running on Nexus Dashboard 4.1.1, the other clusters in that multi-cluster connectivity configuration must also be running on Nexus Dashboard 4.1.1 or later.

For supported scale limits, such as number of clusters that can be connected together and number of fabrics across all clusters, see the Nexus Dashboard Release Notes for your release.
Connectivity (HTTPS) must be established between the management interfaces of all the nodes of all the clusters, which will be connected via multi-cluster connectivity.
The names of the fabrics onboarded in the clusters that you plan to connect together must be unique across those clusters.

Duplicate fabric names across different clusters may result in DNS resolution failures.
The primary cluster, which you use to establish multi-cluster connectivity, must be running the same or a later release of Nexus Dashboard than any other cluster in the group.

In other words, you cannot connect a Nexus Dashboard cluster running release 2.3.1 from a primary cluster that is running release 3.0.1.
If you are upgrading multiple clusters that are connected together, you must upgrade the primary cluster first.
From any cluster in the connected clusters group, you can view other clusters only if they are running the same or earlier version of Nexus Dashboard.

In other words, if cluster1 is running release 2.3.1 and cluster2 is running release 2.2.1, you can view cluster2 from cluster1 but not vice versa.
Multi-Cluster connectivity is supported for remote users only.

If you connect multiple clusters, but then login to one of the clusters as a local admin user, you will only be able to view and manage the local cluster into which you logged in.

To view and manage all clusters in the group, you must login as a remote user that is configured on all clusters.

Connect multiple Nexus Dashboard clusters

Before you begin

You must have familiarized yourself with the information provided in the [Guidelines and limitations] section.
You must have set up remote authentication and users on all clusters which you plan to connect.

Multi-Cluster connectivity is supported for remote users only, so you must configure the same remote user with admin privieleges for all clusters. For additional details, see the "Remote authentication" section in Configuring Users and Security.

To connect another cluster:

Log in to the Nexus Dashboard GUI of the cluster which you want to designate as the primary.
Add the second cluster.
1. From the main navigation menu, choose Admin > System Settings.
2. In the main pane, click Multi-cluster connectivity.
3. Click Connect Cluster.
4. In Select type, choose Nexus Dashboard.
5. Click Next.
  
  You advance to the Settings step in the Connect Cluster workflow.
Provide the necessary cluster information.
1. In the information fields, provide the hostname or IP address and the authentication information for the cluster you are adding.
  
  You only need to provide the management IP address of one of the nodes in the target cluster. Other nodes' information will be automatically synced after connectivity is established.
  - The user you provide must have administrative rights on the cluster you are adding. The user credentials are used once when you are first establishing connectivity to the additional cluster. After initial connectivity is established, all subsequent communication is done through secure keys. The secure keys are provisioned to each cluster while adding it to the group.
  - The cluster you are adding must not be part of an already existing group of clusters.
2. When you have entered all of the necessary configuration information, click Next.
  
  You advance to the Summary step in the Connect Cluster workflow.
Verify all of the information that is shown in the summary page is correct.
If all of the information shown in the page looks correct, click Submit.
Repeat the procedure for any additional Nexus Dashboard cluster which you want to add to the group.

After multiple clusters are added to the group, you can see their status in the Cluster Configuration > Multi-cluster connectivity page.

Note that while you can view and manage any cluster from any other cluster as long as they are part of the same multi-cluster group, you can only add and remove clusters from the group when viewing the primary cluster.

The Multi-cluster connectivity page displays all clusters that are part of the multi-cluster group. The Connect Cluster button is shown only when viewing the primary cluster. To modify the cluster group, you need to navigate to the primary cluster, at which point the Connect Cluster button becomes available:

The Cluster: <name> dropdown in the main navigation menu shows the cluster you are currently viewing.

You can select a different cluster from this dropdown, which opens a new page allowing you to navigate to another cluster in the same group.

While the 2.x releases of Nexus Dashboard allowed you to view and manage any cluster from any other cluster as long as they were part of the same multi-cluster group, relese 3.0.1 changed this behavior. You can now easily navigate between clusters by picking a specific cluster from the Cluster dropdown in the main navigation pane, but you cannot manage or configure another cluster directly from the one where you are logged in.
- The Primary label indicates the group’s primary cluster.
  
  You must be viewing this cluster to make any changes to the cluster group, such as adding or removing clusters.
- The Local label indicates the cluster you logged into.
  
  This is the cluster whose address is displayed in the browser’s URL field. If you navigate to a different cluster as mentioned above, the browser URL and the Local label will not change.
- The Connectivity Status: Shows the status of the uplink to the cluster.
- The URL shows the list of IP adresses of the cluster.
- The Actions (…) menu for each cluster allows you to Re-Register and Disconnect Cluster
The Connect Cluster allows you to add a new cluster.

Disconnect Nexus Dashboard clusters

To disconnect a cluster from an existing group:

Log in to the Nexus Dashboard GUI of the primary cluster.

Adding and removing clusters from the group must be done from the primary cluster.
From the main navigation menu, select Admin > System Settings.
In the main pane, select Multi-cluster connectivity.
From the Actions (…) menu for the cluster you want to remove, select Disconnect Cluster.
If the cluster status is still shown as Up at this time, you will be given an option to forcefully remove the member. This option should be used only if previous removal attempts were unsuccessful.
In the confirmation page, click Ok.

You can disconnect nodes from the multi-cluster group only through the main cluster. If the primary cluster is unavailable, then adding, editing, or removing nodes in a secondary cluster is not possible. To remove a secondary cluster from the group when the primary cluster is unavailable, you must use the /api/v1/infra/clusters/<primary_cluster_name>/remove API call on the secondary cluster. For more information, see the API Reference.

In previous releases, a Delete Federation button was available to delete the federation from the primary cluster. This Delete Federation button is no longer available or necessary beginning with Nexus Dashboard release 4.1.1. Now, you can disconnect a Nexus Dashboard cluster from an existing group using the instructions provided in this section without having to delete federations using the Delete Federation button.

In previous releases, when you disconnected all member clusters, the primary cluster would also remove itself from a multi-cluster group. Beginning with Nexus Dashboard release 4.1.1, you must now manually remove the primary cluster from a multi-cluster group.

Connecting ACI clusters

These sections provide the necessary information to connect Cisco Application Centric Infrastructure (ACI) clusters:

Guidelines and limitations: ACI cluster connectivity
Connect ACI clusters
Disconnect ACI clusters

Guidelines and limitations: ACI cluster connectivity

Even though you can have multiple Nexus Dashboard clusters with the same name, you cannot have a single ACI fabric in multiple Nexus Dashboard clusters if those clusters have the same name. For example, if you have two Nexus Dashboard clusters where both Nexus Dashboard clusters are named nexus, you cannot add the same ACI fabric to both of those nexus Nexus Dashboard clusters.
Only users with a Fabric Administrator role and the all security domain access can add and delete ACI clusters. See Configuring Users and Security for more information.
When you onboard an ACI cluster to Nexus Dashboard, the APIC might detect previous Nexus Dashboard cluster registrations that conflict with your current local Nexus Dashboard cluster. This conflict can happen if a previous Nexus Dashboard cluster was registered with a node serial number or in-band IP address that matches one from your current local Nexus Dashboard cluster.

If you are unable to onboard an ACI cluster due to this issue, the system will return the names of all conflicting Nexus Dashboard clusters. This issue should resolve automatically when you onboard ACI through the Nexus Dashboard GUI using the procedures in Connect ACI clusters, where Nexus Dashboard will help to clean up conflicting ACI registrations. However, if the Nexus Dashboard GUI access is unavailable, use the following procedures to manually clean up conflicting APIC registrations.

For each cluster name returned, take action based on the applicable scenario:
- The conflicting cluster is an active Nexus Dashboard cluster with an IP overlap with the current local Nexus Dashboard cluster, do one of the following:
  - if that Nexus Dashboard cluster does not need access to the ACI cluster, you can unregister the ACI cluster with that Nexus Dashboard cluster.
    
    or
  - Redeploy the current Nexus Dashboard cluster with different in-band IP addresses.
- The conflicting cluster is permanently inactive. This can happen if a cluster is re-deployed with a new cluster name without deleting its ACI fabrics first.
  - The conflicting cluster registration must be deleted from the ACI cluster using the following REST calls:
    
    POST https://<APIC>/api/aaaLogin.json payload: { "aaaUser": { "attributes": { "name": "admin", "pwd": "myPassword" } } }
    
    The response body will contain a token. Pass this token as the Cookie header in the next request, using the key Cookie and value APIC-Cookie=token.
  - To delete each cluster:
    
    DELETE https://<APIC>/api/mo/uni/userext/snclstr-<ND_CLUSTER_NAME_TO_BE_REMOVED>.json
You can connect standalone NX-OS switches in the same cluster as ACI fabrics but with a reduced scale and in physical clusters only.
- For a 3-node cluster, you can have up to 25 standalone NX-OS switches (of the total 300 switches supported).
- For a 6-node cluster, you can have up to 50 standalone NX-OS switches (of the total 1000 switches supported).
Fabric connectivity must be already configured as described in the section "Fabric Connectivity" in the Cisco Nexus Dashboard and Services Deployment and Upgrade Guide.
EPG/L3Out for Nexus Dashboard data network IP connectivity must be already configured as described in the section "Fabric Connectivity" in the Cisco Nexus Dashboard and Services Deployment and Upgrade Guide.
IP connectivity from Nexus Dashboard to ACI cluster in-band IP over the data network must be already configured.
IP connectivity from Nexus Dashboard to the leaf nodes' and spine nodes' in-band IPs over the data network must be already configured.

Connect ACI clusters

To connect one or more Cisco ACI fabrics or clusters to your Nexus Dashboard:

Log in to the Nexus Dashboard GUI.
Add the ACI fabric or cluster.
1. From the main navigation menu, select Admin > System Settings.
2. In the main pane, select Multi-cluster connectivity.
3. Click Actions > Connect cluster.
  
  The Connect Cluster page appears.
  
  You are also redirected to this Connect Cluster page if you are creating an ACI fabric through Manage > Fabrics > Local > Create Fabric > Onboard ACI Fabric.
4. In the Select type page, choose ACI.
5. Click Next.
  
  You advance to the Settings step in the Connect Cluster workflow.
Provide the necessary ACI fabric or cluster information.
- Host Name/IP Address — Provide the IP address used to communicate with the Cisco ACI.
  
  When providing the address, do not include the protocol (http:// or https://) as part of the URL string or fabric onboarding will fail.
- User Name and Password — Login credentials for a user with admin privileges on the fabric you are adding.
- (Optional) Login Domain — If you leave this field empty, the fabric’s local login is used.
- (Optional) Validate peer certificate — Allows Nexus Dashboard to verify that the certificates of hosts to which it connects (such as fabric controllers) are valid and are signed by a trusted Certificate Authority (CA).
  
  You must have the certificate for this fabric already imported into your Nexus Dashboard before you can add a fabric using this option. If you have not yet added the certificates, cancel the onboarding workflow and follow the instructions described in the "Administrative Tasks" article in the Nexus Dashboard documentation library; then after you have imported the certificates, add the fabric as described here. If you enable the Verify Peer Certificate option but don’t import the valid certificate, fabric onboarding will fail.
When you have entered all of the necessary configuration information, click Next.

You advance to the Onboard fabric step in the Connect Cluster workflow.

Configure the parameters and capabilities of the ACI fabric.

Field	Description
Fabric Name	Enter a unique name for the fabric.
Location	Choose the location for the fabric.
License tier	Choose the licensing tier for the fabric: Essentials Advantage Premier Click on the information icon (i) next to License tier to see what functionality is enabled for each license tier.
Enable telemetry	Check the box to enable Telemetry for the fabric. This is the equivalent of enabling the Nexus Dashboard Insights service in previous releases.
Telemetry collection	This option becomes available if you choose to enable Telemetry in the Enabled features field above. Choose either Out-of-band or In-band for telemetry collection. Regardless of the option that you choose for telemetry collection, reachability to the ACI IP address must be through the Nexus Dashboard data interface.
Telemetry streaming	This option becomes available if you choose to enable Telemetry in the Enabled features field above. Choose either IPv4 or IPv6 for telemetry streaming.
Security domain	Choose the security domain for the fabric.

Field

Description

Fabric Name

Enter a unique name for the fabric.

Location

Choose the location for the fabric.

License tier

Choose the licensing tier for the fabric:

Essentials
Advantage
Premier

Click on the information icon (i) next to License tier to see what functionality is enabled for each license tier.

Enable telemetry

Check the box to enable Telemetry for the fabric. This is the equivalent of enabling the Nexus Dashboard Insights service in previous releases.

Telemetry collection

This option becomes available if you choose to enable Telemetry in the Enabled features field above.

Choose either Out-of-band or In-band for telemetry collection.

Regardless of the option that you choose for telemetry collection, reachability to the ACI IP address must be through the Nexus Dashboard data interface.

Telemetry streaming

This option becomes available if you choose to enable Telemetry in the Enabled features field above.

Choose either IPv4 or IPv6 for telemetry streaming.

Security domain

Choose the security domain for the fabric.

When you have entered all of the necessary configuration information, click Next.

You advance to the Summary step in the Connect Cluster workflow.
Verify all of the information that is shown in the summary page is correct.
If all of the information shown in the page looks correct, click Connect.
Repeat the procedure for any additional ACI fabric or cluster which you want to add to the group.

After you have added all of the ACI fabrics or clusters to the group, you can see their status in the Admin > System Settings > Multi-cluster connectivity page. You can also cross-launch these onboarded ACI clusters from the Nexus Dashboard GUI by clicking on the onboarded ACI fabric through Manage > Fabrics in the Nexus Dashboard GUI, and then clicking on Open fabric in that ACI fabrics Overview page.

Beginning with Nexus Dashboard release 4.1.1, when you are in an ACI cluster that has been onboarded to Nexus Dashboard, if that ACI is running on release 6.1.4 or later, you can also cross-launch from that ACI’s GUI back to the Nexus Dashboard where it’s onboarded. For more information, see Nexus Dashboard cluster from APIC GUI.

Re-register clusters

If you upgrade your Nexus Dashboard from an earlier release to Nexus Dashboard release 4.1.1, after the Nexus Dashboard upgrade to release 4.1.1 is complete, you will have to re-register the onboarded ACIs to use the ACI-to-Nexus Dashboard cross-launch functionality introduced in Nexus Dashboard release 4.1.1.

To re-register clusters:

Navigate to Admin > System Settings > Multi-cluster connectivity.
Choose the appropriate ACI cluster, then click Actions > Re-register cluster.

Disconnect ACI clusters