ACI Object Model Definitation

ACI Object Model Definitation

The Cisco ACI manages all the configurations as objects stored in management information tree (MIT) database. As an overview, policies can be categorized in 4 major groups, as shown in the figure below:

• Security Group (Security/Application Tenant Policies): Defines how ACI fabric should allow network communication between two devices. Example policies are endpoint groups (EPGs), contracts, and so on.

• Overlay Network (Network Tenant Policies): Defines the overlay network that goes over the ACI fabric. These policies will be the logical topology of user networks and can be defined without worrying about the underlay. Example policies are VRF, bridge domain (BD), and so on.

• Fabric Access (Access Policies): Defines how end hosts or external network devices are connected to ACI fabric by configuring port-channel, vPC, and other interface-level configurations.

• Underlay Network (Fabric Policies): Defines the VXLAN underlay built by ACI fabric along with infra Multiprotocol Border Gateway Protocol (MP-BGP) and other protocols to manage ACI switches such as NTP.

In Cisco ACI, all objects are stored in a tree called MIT as mentioned before. And each object is called managed object (MO).

All information including config, hardware component (such as leaf, fan), control plane status (such as OSPF), stats (such as interface stats), and some logs (faults, event, audit log) are stored as an object in MIT that can be easily processed in a programmatic way.

These objects are accessible through REST API and most of the operations in ACI is using the REST API in the background.

Configuration is through REST API (or GUI, NX-OS style CLI that runs API in background). The user configurations are called logical model objects and it’s translated into objects called concrete objects when passed down to switch nodes. Then switch nodes apply the configuration to hardware based on the concrete objects.

Each object is represented by an ID called distinguished name (DN). Each distinguished name belongs to a class which is a type of object.

Methods and Tools to Query the MIT

You can query or view the MIT in different ways:

• Object Store Browser: https://apic_ip/visore.html or from Cisco APIC GUI

• Browsing MIT in shell: cd /mit/… or cd /aci

• Moquery: Direct CLI query to the database

• REST: Postman, curl GET and POST

• icurl (local REST client on apic/leaf)

• Python SDK

These two types of queries are supported:

• Class-level query: search the MIT for objects of a specific class

• Object-level query: search the MIT for a specific distinguished name

Object Store Browser

The Object Store Browser utility uses the Cisco APIC XML API query methods to browse the MOs that are active in the Cisco APIC. You cannot use the Object Store Browser utility to perform configuration operations.

The core principles of Object Store Browser are as follows:

• Managed Object browser in GUI

• Can be accessed in various ways:

  1. From Help and tools icon in APIC GUI.

  2. Right-click on any ACI object in the GUI.

  3. By connecting to https://apic_ip/visore.html

• Used to retrieve:

  1. All object of certain class

  2. Certain DN object

  3. Review object properties

  4. Relations to parent and children objects

To query for a particular class, enter the class name in the Class or DN field and click Run Query. Object Store Browser sends a configResolveClass method to Cisco APIC and the requested MO is displayed in a tabular format. Use the less than (<) and greater than (>) buttons to retrieve the parent and child class of the displayed MO. 

To query for a particular DN, enter the DN in the Class or DN field and click Run Query. Object Store Browser sends a configResolveDn method to the Cisco APIC.

Moquery

TABLE OF CONTENTS

ACI Fabric Infrastructure & Concepts

• ACI Topology & Components
• ACI Object Model Definitation
• Event Record Audit Logs faults in ACI

ACI Policy Model & Logical Constructs

ACI Packet Forwarding

ACI External Network Connectivity

ACI - VMM Integration

L4-L7 Integration to ACI

ACI Management Overview

RECENT POSTS

• Cisco Data Center Career: Getting Started with Nexus Training
• Lock Down Your Networks in a Digital World: The Ultimate Guide to Learning Mastering Cisco Identity Services Engine (ISE)
• How to Become an AWS Solution Architect — Your Ultimate Guide to Cloud Mastery
• The Docker Training Course Outline - Your Guide to Becoming a Docker Expert
• Develop Next-Level Azure Networking Skills with AZ-700 Training
• Reasons to Choose DClessons for Your SD-WAN Velocloud Training Needs
• Learn to Network: Get More Out Of Cisco ACI and DCACIA with DClessons
• Learn Cisco CCIE Data Center, Certified data center professional with DClessons in Data Center Technologies
• Reasons to Choose Cisco SD-WAN Solutions with DClessons
• What is Docker and Why is It Important?

Membership Plan

$100/Monthly

$200/6 Months

$350/Year