Fabric Discovery in ACI

Cisco ACI Fabric Discovery

Cisco ACI fabric uses Link Layer Discovery Protocol (LLDP)- and DHCP-based fabric discovery to automatically discover the fabric switch nodes and to assign the infrastructure TEP addresses.

Cisco ACI Fabric discovery prerequisites include:

Initial cabling of the Cisco ACI fabric
Initial setup script dialog to be completed on Cisco APIC nodes
The same version of firmware on Cisco APIC nodes and switches

Initial cabling of the Cisco ACI fabric is very important, and the following requirements must be adhered to:

Leaf switches can only be connected to spine switches. Leaf switches cannot be interconnected to each other, even when the leaf switches will be configured as virtual port channel (vPC) peer devices.
Spine switches can only be connected to leaf switches. Spine switches cannot be interconnected to each other.
A Cisco APIC must be attached to a leaf. Cisco APICs should be dual-homed (connected to two different leaf switches) for redundancy.

Setting Up Cisco APIC

When setting up Cisco APIC for the first time:

Use console and answer initial Cisco APIC setup script dialog questions
After the initial setup, access the GUI via https://mgmt_ip-address

When you set up the Cisco APIC for the first time, you will need to configure the following parameters:

Fabric_Name, fabric ID, number of activecontrollers, controller ID, and controller name: First, you must enter the Fabric_Name, fabric ID, number of active controllers (default is 3, it can also be increased or decreased later), controller ID (which is a unique ID number for the Cisco APIC instance: 1, 2, or 3), and the controller name. Controller name and ID have to be unique among the different APICs in the cluster.
POD ID: The pod ID to which this APIC is connected to. If it is your first APIC or if you don't have more than a single pod installed, the ID will always be 1. If you allocated additional APICs across multiple pods, assign the appropriate pod ID where it is connected.
Standby controller: Beyond your active controllers (typically 3) you can designate additional APICs as standby. If you have an APIC failure, you can promote a standby to assume the identity of the failed APIC.
APIC-X: This option is beta for ACI Service Engine. Please always use the default “NO” and do not use.
Address pool for TEP addresses: Enter the address pool for TEP addresses. The default IP address pool for TEP tunnel endpoint addresses is 10.0.0.0/16. This value is for the infrastructure VRF used for internal fabric communication. This subnet will not be exposed to your legacy network unless you are deploying the Cisco AVS/AVE. Regardless, the recommendation is to assign an unused subnet of size between and /16 and /21 subnet.
VLAN ID for infra network: Enter the VLAN ID for infrastructure network. This infrastructure VLAN is an important item and serves for inter-TEP and APIC-to-switch communication including virtual switches. Reserve this VLAN for APIC use only. VLAN ID must not be used elsewhere in your environment and must not overlap with any other reserved VLANs on other platforms. Though this VLAN is used for fabric communication, there are certain instances where this VLAN ID may need to be extended outside of the fabric such as the deployment of the Cisco AVS/AVE. This value cannot be changed once configured. Modifying this value requires a wipe of the fabric.
BD Multicast Pool (GIPO): Used for internal connectivity. It is recommended to leave this value as the default or assigning a unique range not used elsewhere in your infrastructure. This value cannot be changed once configured. Modifying this value requires a wipe of the fabric.
Configuring OOB management:
1. Out-of-band management IP address: Enter the IP address for the OOB management, which is the IP address that you use to access the Cisco APIC through the GUI, CLI, or API.
2. Default gateway IP address: Enter the IP address of the default gateway for communication to external networks using out-of-band management from APIC.
Admin password: Set the password. The password of the system administrator must be at least 8 characters with one special character. This password is configured only on APIC 1 and will be synced to all other APICs and switches once other APICs join the cluster and switches are registered.

After applying the configuration, allow the APIC 4-5 mins to fully bring all services online and initialize the REST login services before attempting to log in though a web browser. You can access the Cisco APIC GUI via https://mgmt_ip-address using the out-of-band management IP address that you have configured during the initial setup. When the login screen appears, log in as admin using the password that you have configured during the initial setup.

Cisco ACI Fabric Discovery Process: First Leaf

The leaf switch that is directly connected to the Cisco APIC is discovered in the first stage of the fabric discovery process. In the following figure, you can see the steps in this stage of the discovery process.

First, Cisco APIC uses LLDP neighbor discovery to discover a switch.

After a successful discovery, the switch sends a request for an IP address via DHCP.

If the APIC registers the discovered switch by giving the node ID and name, APIC then allocates an address from the DHCP pool, which is essentially the Address Pool for TEP address from the initial setup script dialogue.Once the TEP IP is assigned correctly on the switch, Cisco APIC initiates the encrypted TCP session with the switch to install policies to the switch and retrieve object information from the switch.

Communication between the various nodes and processes in the Cisco ACI Fabric uses IFM, and IFM uses Secure Sockets Layer (SSL)-encrypted TCP communication. Each Cisco APIC and fabric node has 1024-bit SSL keys that are embedded in secure storage. The SSL certificates are signed by Cisco Manufacturing Certificate Authority.

Comment

You are will be the first.

Please login here to comment.

EMAIL SUPPORT

LOCATION

Fabric Discovery in ACI