Using the GUI

Deploying the Layer 4 to Layer 7 Services Using the GUI

You can deploy the Layer 4 to Layer 7 services using GUI. Perform the procedures in the following order:

  1. Import a device package.

    See Importing a Device Package Using the GUI.

  2. Create a function profile.

    See Creating a Function Profile Using the GUI.

  3. Create a service graph template.

    See Creating a Layer 4 to Layer 7 Service Graph Template Using the GUI.

  4. Create a device.

    See Creating a Layer 4 to Layer 7 Device Using the GUI.

    (Optional) Modify a device.

    See Modifying a Device.

  5. Apply a service graph template to endpoint groups (EPGs).

    See Applying a Service Graph Template to Endpoint Groups Using the GUI.

Importing a Device Package Using the GUI

Before performing any configuration based on service graphs, you must download and install the appropriate device package in the Application Policy Infrastructure Controller (APIC) . A device package specifies to the APIC what devices you have and what the devices can do.

    Step 1   Download an appropriate device package. You can find the list of partners at the following URL:

    http:/​/​www.cisco.com/​c/​en/​us/​solutions/​data-center-virtualization/​ecosystem.html

    This URL is the Partner Ecosystem page, where you can download the appropriate device package.

    Step 2   Log in to the APIC as the provider administrator.
    Step 3   On the menu bar, choose L4-L7 Services > Packages.
    Step 4   In the Navigation pane, choose L4-L7 Service Device Types.
    Step 5   In the Work pane, choose Actions > Import Device Package. The Import Device Package dialog box appears.
    Step 6   Click Browse... and browse to the device package that you want to use.

    For information about creating device packages, see the Cisco APIC Layer 4 to Layer 7 Device Package Development Guide.

    Step 7   Click Open.
    Step 8   Click Submit.

    Creating a Function Profile Using the GUI

    A Function Profile provides the default values for your service graph template. The following procedure explains how to create a new function profile.

      Step 1   On the menu bar, choose Tenants > All Tenants.
      Step 2   In the Work pane, double click the tenant's name.
      Step 3   In the Navigation pane, choose Tenant tenant_name > L4-L7 Services > Function Profiles.
      Step 4   Right click Function Profiles and choose Create L4-L7 Services Function Profile.
      Step 5   In the Create L4-L7 Services Function Profile dialog box, fill in the fields as required, except as specified below:
      1. In the Profile Group drop-down list, choose Create Function Profile Group.

        A profile group is a mechanism that allows you to group your profiles together for organizational purposes. For example, you may want to create a profile for your Web, legacy, or e-mail applications. You can create groups and then you can put your profiles into those groups. You may see that you already have an existing group available, but if you do not, then you can create a new one by naming it and providing a description in the Create L4-L7 Services Function Profile Group window.

      Step 6   In the Create L4-L7 Services Function Profile Group dialog box, fill in the fields as required.
      Step 7   Click Submit.

      Now you have successfully completed and saved a profile group, which now appears in the Create L4-L7 Services Function Profile dialog box.

      A profile is created for a particular service function. What you choose from the Device Function drop-down list in the Create L4-L7 Services Function Profile is the function for which you are writing a profile. From the drop-down list, you will see a list of device packages with service functions available in the Application Policy Infrastructure Controller (APIC) after you have imported the device packages.

      Step 8   Back in the Create L4-L7 Services Function Profile dialog box, remove the check from the Copy Existing Profile Parameters check box.
      Step 9   In the Device Function drop-down list, choose a device package that has a function. Options are displayed with the various parameters that are part of that function. The purpose of the profile is to provide the default values for the parameters.
      Note   

      At this point none of these parameters have any values, but you can add them, which are then used as the default values. The function profiles can be used by the graph templates after you provide these values. These values are applied to the graph template as default values, which means that if you use the graph templates and you do not provide a value for that particular parameter, then the APIC looks up the profile and see if the value is there. If it is there, then the APIC uses that.

      Step 10   Add values in the Features and Parameters section at the bottom of the Create L4-L7 Services Function Profile window. There are two tabs, Basic Parameters and All Parameters. The Basic Parameters tab includes a list of parameters that are marked as mandatory (required) in the package. The All Parameters tab includes a list of the basic parameters as well as some additional / optional ones for advanced configurations. The reason we expose the Basic Parameters is because these are part of the basic configuration and the administrator is expected to fill these out. All Parameters are optional so unless you want to customize the functionality, these parameters can be left out.
      Step 11   Click Submit. Now you have completed and saved your function profile.

      Using an Existing Function Profile to Create a New Function Profile Using the GUI

      This procedure uses an existing function profile to create a new function profile.

        Step 1   On the menu bar, choose Tenants > All Tenants.
        Step 2   In the Work pane, double click the tenant's name.
        Step 3   In the Navigation pane, choose Tenant tenant_name > L4-L7 Services > Function Profiles.
        Step 4   Right click Function Profiles and choose Create L4-L7 Services Function Profile.
        Step 5   In the Create L4-L7 Services Function Profile dialog box, fill in the fields as required, except as specified below:
        1. In the Profile drop-down list, choose an existing profile that is supplied by the vendor. The parameters are populated for your new profile based on the profile that you chose.
        2. Change or add parameters to this existing profile as necessary.
        Step 6   Click Submit.

        Creating a Layer 4 to Layer 7 Service Graph Template Using the GUI

        A service graph template is a sequence of Layer 4 to Layer 7 functions, Layer 4 to Layer 7 devices, or copy devices and their associated configuration, which can be provided by using function profiles. The service graph template must be associated with a contract to be "rendered"—or configured—on the Layer 4 to Layer 7 device or copy device, and on the fabric.

        Before You Begin

        You must have configured a tenant.

          Step 1   On the menu bar, choose Tenants > All Tenants.
          Step 2   In the Work pane, double click the tenant's name.
          Step 3   In the Navigation pane, choose Tenant tenant_name > L4-L7 Services > L4-L7 Service Graph Templates.
          Step 4   In the Work pane, choose Actions > Create a L4-L7 Service Graph Template.
          Step 5   In the Create a L4-L7 Service Graph Template dialog box, in the Device Clusters section, if necessary create one or more Layer 4 to Layer 7 devices or copy devices. To create a device, click the +, choose Create L4-L7 Devices or Create Copy Devices, and follow the dialog.
          Step 6   Complete the following fields:

          Name

          Description

          Graph Name field

          Enter the name of the service graph template.

          Graph Type radio buttons

          Choose to create a new service graph template or clone an existing service graph template.

          Existing Graphs drop-down list

          (Only for cloning an existing service graph template) Choose an existing service graph template to clone. The remaining sections of this dialog become populated with the information from the cloned service graph template.
          Step 7   (Optional)(Only for cloning an existing service graph template) If you want to remove any of the nodes from the cloned service graph template, right click a node that you want to remove and choose Remove Node.
          Step 8   To create a service node, drag a Layer 4 to Layer 7 device from the Device Clusters section and drop it between the consumer endpoint group and provider endpoint group. To create a copy node, drag and drop a copy device. This step is optional if you cloned an existing service graph template and the service graph template has all of the nodes that you want to use.

          You can drag and drop multiple devices to create multiple nodes. The maximum number of service nodes is 3, although you can drag and drop greater numbers of other devices.

          The location where you drop a copy device becomes the point in the data flow from where the copy device copies the traffic.

          Step 9   If you created one or more service nodes, in the device_name Information section for each Layer 4 to Layer 7 device, complete the fields. The fields vary depending on the device type.
          Step 10   Click Submit.
          Step 11   (Optional)In the Navigation pane, click the service graph template. The work pane displays a graphic topology of the service graph template.

          Creating a Layer 4 to Layer 7 Service Graph Template (Advanced)

          You can create a advanced service graph template. You do this when none of the eight listed use cases in the regular L4-L7 service graph template apply to your situation. In this case, you will need to create an advanced service graph template to set up the functions and connectors for your use case.

          Before You Begin
          • You must have a tenant configured.
            Step 1   On the menu bar, click the TENANTS tab. The Tenant window appears.
            Step 2   In the Navigation pane, click L4-L7 Services. The menu expands to display other choices.
            Step 3   Click L4-L7 Service Graph Templates.
            Step 4   In the Work pane, choose Create a Graph Template (Advanced) under the Action drop-down list on the right-hand side. The Create a L4-L7 Service Graph Template window appears.

            The Devices section displays a list of the vendors and the functions for the device packages you have imported.

            Step 5   In the Create a L4-L7 Service Graph Template section, complete the following fields:
            Field Description

            Name

            Enter the name of the service graph template you are creating.

            Description

            (Optional) Enter a description of the service graph template, for example, for the use case you are creating it for.

            Step 6   Drag the service function that you want to use from the Devices section into the main window.

            The Config Function Profile window appears. You see a slightly different Config Function Profile depending on whether you are working with the ACD function or the firewall function. When you are working with both functions, you will see areas to configure both.

            1. For the ADC function, select the function profile you want to use from the drop-down list, and click OK.
            2. For the firewall function, select the function profile you want to use from the drop-down list and click the radio button for GoThrough or GoTo function type, and click OK.

            (Optional) When you click the box next to the Profile field the Parameters window appears. This window displays the features and the associated values that are contained in the profile. You cannot edit these values.

            A graphic view of the template you are creating appears in the main window.

            Step 7   Click on the graphic depiction of the end point and pull the resulting line to connect to the function.

            The Config Connection window appears.

            Step 8   Specify the properties by completing the following fields:
            Name Description

            Adjacency Type radio button

            Click the button for Layer 2 or for Layer 3.

            Unicast Route

            Click the box if you want to use unicast routing.

            Step 9   Click OK.
            Step 10   Repeat Steps 7, 8, and 9 for all the connection points on the graph. The graph in the Work pane shows the connections you configured.
            Step 11   Click Submit. The service graph template appears under the L4-L7 Service Graph Templates in the Navigation pane.
            Step 12   In the Navigation pane under the L4-L7 Service Graph Templates tab, click the service graph template that you created. A window appears in the Work pane that shows the graph topology for this service graph template, with the Topology tab selected at the top right.
            Step 13   (Optional) Expand the Function Node you want to work with under the service graph template name in the Navigation pane under the L4-L7 Service Graph Templates tab. The external and internal tabs appear.
            Step 14   (Optional) To modify the connector information, click the external and internal tab and complete the following fields:
            Field Description

            Attachment Notification box

            Click if you want an attachment notification.

            Filters drop-down list

            Click the filter you want to use.

            CTX Terms drop-down list

            Click the CTX terms you want to use.

            Meta Connector drop-down list

            Click the metaconnector you want to use.

            Step 15   Click Submit.

            Modifying a Device

            After you create a device, you can modify the device.


            Note

            To create a device or to add a device to an existing cluster, you must use the "Creating a Device" procedure.

              Step 1   On the menu bar, click the TENANTS tab. The Tenant window appears.
              Step 2   In the Navigation pane, expand the Tenant branch, expand the L4-L7 Services branch, and click L4-L7 Devices. The L4-L7 Devices window expands and displays the devices.
              Step 3   Click the main device group you want to modify. The L4-L7 Devices window appears, showing the General page, which displays general information as well as connections and credentials for this device. In addition, you view the configuration state of the device.
              Step 4   You can change many of the parameters in the sections of this General window.

              You can change the path for the interfaces in this window, but you cannot add interfaces here.

              1. To change the path, double-click on the path you want to change. The Properties window appears.
              2. Complete the following fields:

                Name

                Description

                Path drop-down list

                Click the path you want to use.

                Logical Interface drop-down list

                Click external or internal, depending on the connector you are working with.

              3. Click Submit.
              Step 5   Return to the General window.
              Step 6   Click the Parameters tab at the top of the General page. The screen the features and parameters available with this package and this device group. You see a tab with the Basic parameters displayed and another tab All Parameters that displays all the available parameters with your device package. (The basic parameters are included under all parameters.)
              Step 7   In the Features section, click on the set of features for which you want to modify the parameters. The screen displays the parameters and features. The set of parameters changes depending on the specific package you are using and the specific feature you select.
              Step 8   Supply or modify the values for the desired features as follows:
              Note    You must update the parent folder first.
              1. Double-click in the field you want to modify.
              2. Enter the required information in the fields that appear.
              3. Click the Update button.
                Note   

                Click Reset to return these values to the previous values.

              Step 9   To display or modify the parameters for a single device, expand the Tenant branch in the Navigation pane, expand the L4-L7 Services branch, and click L4-L7 Devices. The L4-L7 Devices window expands and displays the devices.
              Step 10   Click the main device group to which the specific device belongs: The Navigation pane displays the devices in the main device group.
              Step 11   Click the device for which you want to display or modify the parameters. The screen both displays a graphic topology for the specified device.
              Step 12   Click the Parameters tab. The screen both displays the current features and parameters and allows you to change the values. You see a tab with the Basic parameters displayed and another tab All Parameters that displays all the available parameters with your device package. (The basic parameters are included under all parameters.)
              Step 13   In the Features section, click on the set of features for which you want to modify the parameters. The screen displays the parameters and features for the single device. The set of parameters changes depending on the specific package you are using and the specific feature you select.
              Step 14   Supply or modify the values for the desired features as follows:
              1. Double-click in the field you want to modify.
              2. Enter the required information in the fields that appear.
              3. Click the Update button.
                Note   

                Click Reset to return these values to the previous values.

              Applying a Service Graph Template to Endpoint Groups Using the GUI

              The following procedure explains how to apply a service graph template to endpoint groups:

              Before You Begin

              You must have created the following things:

              • Application endpoint groups

              • A service graph template

                Step 1   On the menu bar, choose Tenants > All Tenants.
                Step 2   In the Work pane, double click the tenant's name.
                Step 3   In the Navigation pane, choose Tenant tenant_name > L4-L7 Services > L4-L7 Service Graph Templates > template_name.
                Step 4   In the Work pane, choose Actions > Apply L4-L7 Service Graph Template.

                You will be associating a Layer 4 to Layer 7 service graph template to your consumer and provider endpoint groups.

                Step 5   In the Apply L4-L7 Service Graph Template To EPGs dialog, in the EPG Information section, complete the following fields:

                Name

                Description

                Consumer EPG/External Network drop-down list

                Choose a consumer endpoint group.

                Provider EPG/External Network drop-down list

                Choose a provider endpoint group.

                Step 6   In the Contract Information section, complete the following fields:

                Name

                Description

                Contract radio buttons

                Choose to create a contract or choose an existing contract.

                Contract Name field

                (Only for creating a contract) Enter the name of the contract.

                No Filter (Allow All Traffic) check box

                (Only for creating a contract) Put a check in the box to allow all traffic, or remove the check from the box to filter traffic.

                Filter Entries

                (Only for filtering traffic) Click + and enter the filter information, then click Update.

                Existing Contract With Subjects drop-down list

                (Only for choosing an existing contract) Choose an existing contract.

                Step 7   Click Next.
                Step 8   In the Graph Template drop-down list, choose a service graph template.
                Step 9   (Only for a Layer 4 to Layer 7 device) In the L4L7_device_name Information section for each Layer 4 to Layer 7 device, complete the following fields:

                Name

                Description

                Router Config drop-down list

                (Only if you chose Route Peering for the consumer type or provider type) The router configuration to use for policy-based redirect.

                Consumer Connector

                Name

                Description

                Type radio buttons

                The connector type. The type can be:

                • General

                • Route Peering—Enables route peering on the device.

                BD drop-down list

                (Only if you chose General for the type) Choose or create a bridge domain for the consumer connector. The bridge domain is used for the data path traffic.

                L3 Ext Network drop-down list

                (Only if you chose Route Peering for the type) Choose a Layer 3 external (outside) network for the consumer connector.

                Cluster Interface drop-down list

                Choose or create an interface for the consumer connector.

                Provider Connector

                Name

                Description

                Type radio buttons

                The connector type. The type can be:

                • General

                • Route Peering—Enables route peering on the device.

                BD drop-down list

                (Only if you chose General for the type) Choose or create a bridge domain for the provider connector. The bridge domain is used for the data path traffic.

                L3 Ext Network drop-down list

                (Only if you chose Route Peering for the type) Choose a Layer 3 external (outside) network for the provider connector.

                Cluster Interface drop-down list

                Choose or create an interface for the provider connector.

                The Application Policy Infrastructure Controller (APIC) uses the chosen bridge domains for data path traffic between function nodes as required by the chosen service graph template. Refer to the online help for the service graph templates to learn more about how this bridge domain is used.
                Step 10   (Only for a copy device) In the copy_device_name Information section for each copy device, in the Cluster Interface drop-down list, choose the cluster interface that you defined for that copy device.
                Step 11   (Only for a managed Layer 4 to Layer 7 device) Click Next.
                Step 12   (Only for a managed Layer 4 to Layer 7 device) In the Parameters screen, in the Required Parameters tab, enter the names and values, as appropriate, for all of the required parameters.
                Step 13   Click Finish. You now have an active service graph template. The APIC populates the Layer 4 to Layer 7 parameters based on the chosen function profile and colors the mandatory parameters in green if they are configured correctly.