Sunday 25 October 2020

ACI Fabric Access Policies Part 3: AAEP, Interface Policy and Interface Policy Group

 

Attachable Access Entity Profile - AAEP


This section explains how to create an object Attachable Access Entity Profile (AAEP) that is used for attaching a Domain into Port Group. Phase 3 in Figure 1-20 illustrates the APIC Management Information Model (MIM) from the AAEP perspective. Class AttEntityP is a Child class for infra, and they both belong to packages Infra. I have already added the object attentp-AEP_PHY into the figure. The format of the RN for this object is Prefix1-{name}, where the Prefix1 is attentp. This gives us the RN attentp-PHY-AEP.



Figure 1-20: APIC MIM Reference: Attachment Access Entity Profile.


Creating AEP by using REST API

 

Figure 1-21 shows the REST API call POST URL and JSON payload. The object attentp-AEP_PHY belongs to class attentp which is used to attach VLAN ranges to a set of physical interfaces attached to certain AccPortGrp objects (I will explain that later). The URL for REST API calls is [url prefix]/uni/infra.json. Adding an object attentp-AEP_PHY affects also objects under the class infraFuncP and that is why we don’t point to object attentp-AEP_PHY in URL. Note, check that the status code is “200 Ok” after the REST call.

The object attentp-AEP_PHY is the child object for class infra and because adding an AAEP affects class infraFuncP, which in turn is a child of class infra we need to start the JSON payload from the parent class infra. The object attentp-AEP_PHY has also a relationship with the object phys-Standalone_ESXi_PHY. This relationship is described with infraRsDomP in the payload and APIC MIM. This means that AEP uses information defined (or attached via Rs/Child) to Rs-object. In this case, it means that the object attentp-AEP_PHY uses the information (VLAN Pool mapping info) related to object phys-Standalone_ESXi_PHY.  


Figure 1-21: REST call: Attachable Access Entity Profile.


Creating AEP by using GUI

 

Navigate to the Fabric page and select Access Policies. Select the sub-folder Global under the Policies folder and from there select its sub-folder Attachable Access Entity Profiles in the Policies folder-tree. Click the tools icon in Attachable Access Entity Profiles window to create a new AEP.


Figure 1-22: AAEP GUI configuration: Phase-1.

 

The name of an example AEP is PHY_AEP. Click the Plus sign and select our previously created Physical Domain Standalone_ESXi_PHY from the drop-down menu and click the Update button (not shown in the figure). Click the Next button to access the Interface Association page (no changes on that page). Submit changes by clicking the Finnish button on the Associate to the Interface page.  


Figure 1-23: AAEP GUI configuration: Phase-2.

 

The figure below shows the AEP that we just create.

Figure 1-24: AAEP GUI configuration: Phase-2.


Interface Policies

 

This section explains how to create an on object Interface Policy that is used for specifying speed, CDP, LLDP, etc. Phase 4 (a-b) in Figure 1-25 illustrates the APIC Management Information Model (MIM) from the Interface Policy perspective. We are adding two Interface Policies into our example.

The object 10Gb-INTPOL is added under the class HifPol that defines Link Level Policy (Speed, negotiation, etc.), and belongs to packages fabric. The format of the RN for this object is Prefix1-{name}, where the Prefix1 is “hintfpol”. This gives us the RN “hintfpol-10Gb-INTPOL”.

Objects LLDP_Enable_INTPOL and LLDP_Disable_INTPOL are added under the class IfPol that defines LLDP  Interface Policy (enable or disable) and belongs to packages lldp. The format of the RN for this object is Prefix1-{name}, where the Prefix1 is lldpIfP. This gives us RNs lldpIfP-LLDP_Enable_INTPOL and lldpIfP-LLDP_Disable_INTPOL.



Figure 1-25: APIC MIM Reference: Interface Policies.


Creating Interface Policies by using REST API

 

Figure 1-26 shows the REST call POST URL and JSON payload. The object hintfpool-10Gb-INTPOL belongs to class HIfPol which defines the Link Level Policies such as speed and auto-negotiation setting. The URL uses for the REST API call is [url prefix]/uni/infra/hintfpol-10Gb-INTPOL.json. 

Figure 1-26: REST API: Creating Interface Policies – Link Level Policy.

 

Figures 1-27 and 1-28 illustrate how to configure LLDP_Enable_INTPOL and LLDP_Disable_INTPOL objects using the REST API. Both objects are naturally added under the same class.


Figure 1-27: REST API: Creating LLDP Interface Policy#1.


Figure 1-28: REST API: Creating LLDP Interface Policy#2.

 

Creating Interface Policies by using APIC GUI

 

Link Level Policy

 

Navigate to the Fabric page and select Access Policies. Navigate to the sub-folder “Policies > Interface > Link Level” in the Policies folder-tree. Click the tools icon in the Interface – Link Level window to create a new Policy.


Figure 1-29: Link Level Policy Configuration: Phase-1.

 

Give the name to the object and select 10 Gbps from the drop-down menu. Leave other fields to their default values and click the Submit button.


Figure 1-30: Link Level Policy Configuration: Phase-2.

  

New Link Level Policy will appear under the “Link Level” sub-folder.

Figure 1-31: Link Level Policy Configuration: Verification

 

LLDP Policy

 

Navigate to the Fabric page and select Access Policies. Navigate to the sub-folder “Policies > Interface > LLDP Interface” in the Policies folder-tree. Click the tools icon in the Interface – LLDP Interface window to create a new Policy.

Figure 1-32: Link Level Policy Configuration: Verification

 

Give the name and select Enabled for both Receive and Transmit State fields and click the Submit button. The same process is done when creating an LLDP_Disable_INTPOL object.


Figure 1-33: LLDP Interface Policy Configuration: Phase-1.

 

New LLDP Interface Policies will appear under the “LLDP Interface” sub-folder.


Figure 1-34: LLDP Interface Policy Configuration: Verification.


Interface Policy Group

 

This section explains how to create an object Interface Policy Group that is used for grouping Interface Policies. Phase 5 in Figure 1-35 illustrates the APIC Management Information Model (MIM) from the Interface Policy Group perspective. We are adding an object Port_Std_ESXi_Host_IPG under the class AccPortGrp. This object is used for grouping Interface Policies that in our case sets the interface speed to 10Gbps and enables LLDP. It also attaches the object AAEP that in turn defines that the VLAN range 300-399 can be used. The format of the RN for this object is Prefix1-{name}, where the Prefix1 is accportgrp. This gives us RNs accportgrp- Port_Std_ESXi_Host_IPG.


Figure 1-35: APIC MIM Reference: Interface Policy Group.

Creating Interface Policy Group by using REST API

 

Figure 1-36 shows the REST call POST URL and JSON payload. The object Port_Std_ESXi_Host_IPG belongs to class InfraAccPortGrp which defines the Leaf Acces Port Policy Group meaning it groups Interface Policies under one group. The URL uses for REST API calls is

“[url prefix]/uni/infra/funcprof/accportgrp-Port_Std_ESXi_Host_IPG.json”.

 

The object Port_Std_ESXi_Host_IPG is the child object for the class funcprof. This object groups two Interface Policies by using relationship, first relationship with the object 10Gb_INTPOL, and the second relationship with the object LLDP_Enable_INTPOL. It also has a relationship with the object attentp-PHY-AEP which is used to attach VLAN range to Interface Policy Group. 


Figure 1-36: REST API: Creating Interface Policy Group.

 

Creating Interface Policy Group by using APIC GUI

 

Navigate to the Fabric page and select Access Policies. Navigate to the sub-folder “Interface > Leaf Interface > Policy Group > Leaf Access Port” in the Policies folder-tree. Click the tools icon in Policy Groups – Leaf Access Port window to create a new Policy. 


Figure 1-37: Interface Policy Group Configuration: Phase-1.

 

Name the policy as Port_Std_ESXi_Host_IPG. Select the object 10Gb_INTPOL from the Link Level Policy drop-down menu in the Create Leaf Acces Port Policy Group window. You can see the object settings by clicking the Expand icon. Select the object LLDP_Enable_INTPOL from the LLDP Policy drop-down menu. As the last step, select the object PHY_AEP from the Attachment Entity Profile drop-down menu. By clicking the Expand icon, we can verify that the PHY_AEP object has a relationship with the Physical Domain object Standalone_ESXi_PHY, which in turn has a relationship with the VLAN Pool object ESXi_VLP. As a summary, interfaces that will be attached to Interface Port Group Port_Std_ESXi_Host_IPG operate at 10Gbps and with LLDP enabled. Besides, VLANs from the range of 300-399 can be used in interfaces.



Figure 1-38: Interface Policy Group Configuration: Phase-2.





Posted by at
Labels: , , ,

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)