The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
When configuring your Cisco ACI Multi-Site environment, keep in mind that the following ports are used by the Cisco ACI Multi-Site Orchestrator for network communications within the Cisco ACI Multi-Site environment.
Ports required for network communications between the Cisco ACI Multi-Site Orchestrator and Cisco APICs (Sites):
TCP Port 80/443 for APIC REST Configuration Deployment
Ports required for network communications between the Cisco ACI Multi-Site Orchestrator nodes:
TCP port 2377 for Cluster Management Communications
TCP and UDP port 7946 for Inter-Manager Communication
UDP port 4789 for Docker Overlay Network Traffic
All control-plane and data-plane traffic between Cisco ACI Multi-Site Orchestrator nodes is encrypted with IPSec's Encapsulating Security Payload (ESP) using IP protocol number 50 to provide security and allow the cluster deployments over a round-trip time distance of up to 150ms. If there is firewall between any Orchestrator nodes, proper rules must be added to allow this traffic.
Before connecting a Cisco APIC cluster (fabric) in a Cisco ACI Multi-Site topology, you must configure the Overlay Tunnel Endpoint (TEP) in the Fabric Ext Connection Policy for each fabric.
The Create Intrasite/Intersite Profile panel in the Cisco APIC GUI is used to add connection details for Cisco APIC multipod, remote leaf switches connecting to the Cisco ACI fabric, and APIC sites managed by Cisco ACI Multi-Site Orchestrator. When the Cisco ACI Multi-Site infrastructure has been configured, the Cisco ACI Multi-Site Orchestrator adds the Intersite Overlay TEP to this Cisco APIC policy.
To configure the Overlay TEP in the Fabric Ext Connection Policy for each Cisco APIC site to be managed by Cisco ACI Multi-Site Orchestrator, perform the following steps:
Step 1 |
On the menu bar, click . |
Step 2 |
On the navigation pane (prior to Cisco APIC, Release 3.1), expand Networking and Protocol Policies. |
Step 3 |
On the navigation pane (in APIC, Release 3.1 and later), expand Policies and Protocol. |
Step 4 |
Right-click Fabric Ext Connection Policies and choose Create Intrasite/Intersite Profile. |
Step 5 |
Click the + symbol on Pod Connection Profile. |
Step 6 |
Choose the Pod ID from the list. |
Step 7 |
Enter the IP address for overlay traffic to this pod. |
Step 8 |
Click Update and Submit. |
This section describes how to add sites using the Cisco ACI Multi-Site Orchestrator GUI.
Step 1 |
Log in to the Multi-Site GUI, in the Main menu, click Sites. If you are logging in for the first time, the default log in is admin and password is We1come2msc!. Then you are forced to change the password upon initial log in. The new password requirements are:
|
Step 2 |
In the Sites List page, click ADD SITES. |
Step 3 |
In the Sites Details page, perform the following actions: |
Step 4 |
Repeat these steps to add additional sites. |
This section describes how to register sites and configure fabric connectivity infra for the sites using the Cisco ACI Multi-Site Orchestrator GUI.
Ensure you have at least 2 sites.
For more information, see Adding Sites Using Multi-Site Orchestrator GUI.
In Cisco APIC, you need to have the Multipod Overlay TEP configured on the POD connection profile.
For more information, see Defining the Overlay TEP for Cisco APIC Sites Using the Cisco APIC GUI.
In Cisco APIC, you need to have one POD profile and it must contains a POD policy group. If it does not have a POD policy group you need to create one.
To check if the POD profile contains a POD policy group:
Navigate to the Cisco APIC GUI, .
To create a POD policy group:
Navigate to the Cisco APIC GUI, , right-click Policy Groups and click Create Pod Policy Group. Enter the appropriate information and click Submit.
To assign the new pod policy group to the POD Profile default:
Navigate to the Cisco APIC GUI, . Click on the default, choose the new pod policy group and click Update.
Any infrastructure changes such as adding, removing spines or spine node ID changes would require a Multi-Site fabric connectivity site refresh.
Step 1 |
Log in to the Cisco ACI Multi-Site Orchestrator GUI, in the Main menu, click Sites. |
||
Step 2 |
In the Sites List area, click CONFIGURE INFRA. |
||
Step 3 |
In the Fabric Connectivity Infra page, perform the following actions: |
||
Step 4 |
In the Property Pane, in the OSPF area, perform the following actions: |
||
Step 5 |
In the Master list, choose a site from the SITE SETTINGS. |
||
Step 6 |
(Optional) If you are running release 1.2(1) or later and decide to use the same Overlay Unicast TEP for Cisco ACI Multi-Site. |
||
Step 7 |
Click APPLY.
|
This section describes how to add tenants using the Multi-Site Orchestrator GUI.
You must have a user with either Power User
or Site Manager
read-write role to create and manage tenants.
Step 1 |
Log in to the Cisco ACI Multi-Site Orchestrator GUI. |
Step 2 |
From the left navigation pane, select Tenants. |
Step 3 |
In the main pane, click Add Tenant. |
Step 4 |
In the Display Name field, provide the tenant's name. The tenant's Display Name is used throughout the Orchestrator's GUI whenever the tenant is shown. However, due to object naming requirements on the Cisco APIC, any invalid characters are removed and the resulting Internal Name is used when pushing the tenant to sites. The Internal Name that will be used when creating the tenant is displayed below the Display Name textbox. You can change the Display Name of the tenant at any time, but the Internal Name cannot be changed after the tenant is created. |
Step 5 |
(Optional) In the Description field, enter a description of the tenant. |
Step 6 |
In the Associated Sites section, add the sites. |
Step 7 |
In the Associated Users section, add Orchestrator users. Only the selected users will be able to use this tenant when creating templates. |
Step 8 |
(Optional) Enable consistency checker scheduler. You can choose to enable regular consistency checks. For more information about the consistency checker feature, see Cisco ACI Multi-Site Troubleshooting Guide. |
Step 9 |
Click SAVE to finish adding the tenant. |
This section describes how to add schemas using the Cisco ACI Multi-Site Orchestrator GUI.
Step 1 |
Log in to the Cisco ACI Multi-Site Orchestrator GUI, in the Main menu, click Schemas. |
Step 2 |
In the Schemas List area, click ADD SCHEMA. |
Step 3 |
In the Untitled Schema field, enter the new schema's name. |
Step 4 |
Select a tenant. In the main window pane, click To build your schema please click here to select a tenant then select a tenant from the SELECT A TENANT drop-down list. |
Step 5 |
(Optional) Import fabric elements. You can create new objects and push them out to one or more sites or you can import existing site-local objects and manage them using the Multi-Site Orchestrator. To import existing objects: |
Step 6 |
Add new fabric elements. |