ACI Multisite with Multipod - Setting up the ISN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi in this video I'm going to talk about and show deploying multi site with multi pod on the multi site Orchestrator okay so there's some prerequisites that you need to be aware of so we first added the ability to do multi site with multi pod in a CI 3.2 and later of course all of your sites need to have at least one second-generation spine but it doesn't matter what Leafs you have all models are supported and of course we assume that you've already done the ACI bootstrap and basic fabric discovery all of that done ahead of time and of course you've deployed your MSL cluster it's powered on and it has basic IP reach ability to all of your ACI sites if you're not interested in multi-site with multi pod you just want to do plain straight-up multi-site only I would refer you to a video from my colleague Robert Burns who did an excellent YouTube version called deploying a CI multi site from scratch ok let's take a quick look at my lab topology so what we're looking at here is my site number one it consists of two pods I've already got multi-part up and running and configured I'm not going to show that here in this video but if you're interested in what that setup looks like I would refer you to my earlier video series on the matter what we're going to be moving to here is we're going to be adding site number two into the mix and then of course introducing the MSO and doing the configurations across both sites so you should have some things prepared ahead of time so if we look only for the moment at site number one the good news here is we can use the existing IP n as our is n if that sounds confusing don't worry what that means is we don't have to change any of the configuration for multi pod for multi site to work we do need to have a few IP addresses ready to go ahead of time so a few of these fortunately already exist and are being used by multi pod primarily the connection between the spines and the IP n that are running OSPF we have a multi pod data plane tip that already exists as well as a control plane tab what we will need to add for the purposes of multi-site is a multicast tip and a multi-site unicast tab those are in red because we need to add them I should also note that technically we can reuse some of the existing tepid dresses for our multi-site multicast step and our multi-site unicast step but it's generally recommended to give them a different IP if only to keep you know mental awareness and differentiation when it comes time to troubleshoot and I do do need to remind you that all of these addresses that we talked about in all of this configuration need to be fully routable across the IP n slash is n okay let's quickly look at site number two by itself for just a moment so in site number two because this is a brand new site it's never been configured before we're going to need to do all of the configuration related to the multi-site aspect so the first thing we're going to need to do is set up the OSPF peering between the spines and the is n so we'll need to add that we need to add the other temp addresses related to multi pond won't being used but for sake of completeness we need to have them and of course all the multi site specific tips as well so I strongly recommend that you put together your own cheat sheet ahead of time with all of your addresses and interfaces laid out it'll make your life a lot easier when you get to configuration so I do want to point out that when you configure MSO it will automatically discover and import any existing multi pod configurations for you so it's actually really really easy so anything in black here will be Auto discovered all of the things the addresses that we will need to add are in red and we will tell the multi-site Orchestrator about this and the MSO will then push the proper configs to all of the sites to complete everything that we need for sake of quick reference I wanted to just you know give you an example of the connection between the spines and the is n standard IP standard OSPF and this is just one of those interfaces between one of my spines I didn't show the second interface I have two spines running inside - but it's effectively identical with different IPS and of course I don't have redundant ASM devices so my example is really purely in a lab environment yours might look a little bit different but you'll have a connection between each spine and any I send devices for redundancy okay with that being said let's go now to MSO and complete the configuration and enjoy our multi-site so I'm gonna log into my multi-site Orchestrator for the very first time don't forget that the default password for the very first time is admin and the password is welcome followed by an exclamation point but the letter L is actually the one okay so this is the screen that we see for the very first time when we login we can see our version with links to the configuration guide etc and some of the new features here so let's go ahead and get started now the very first thing that it asks you to do is change the default password obviously so we're gonna go ahead and do that and fast forward the video okay now that we've changed the password the very first thing that we want to do is add our very first site now this is my site number one that already has multi pod up and running okay the first thing that we're going to have to do is give it a little bit of basic information about the first site now I've already filled in some information here but basically you'll have to give it a name you'll have to give it an IP address of the apec that controls that particular site and of course readwrite credentials into that a pic and a site ID what happens next is the MSO will go ahead and login to the very first site that you've just added and give you some kind of general indication that it is actually connected now the next thing that we're gonna have to do is click on this button called configure infra for the information in site number one there are some general settings here and if you watch Robert's video he kind of mentions just you know leave the defaults the defaults are good enough so there's nothing for us to change here okay now let's click into our first site and this is what we see the first thing that we want to do here is we want to toggle this switch from off to on so that we can actually enable this site for multi-site also notice that MSO has gone out and collected some information already from a pic about my existing configuration and it's pulled it in here for example my VG pas n my layer 3 out that's been used for multi pod and any policies or things that that might be in use now the only thing that we need to add here is our overlay multicast tap and if you remember from the cheat sheet the address in my case was 1111 11.25 you'll pick something appropriate for your environment now the next thing we want to do is click down into the first pod and let's have a look so the only thing it's asking for here is the overlay unicast tap and if you hover over the little information icon there it's telling you I can use an existing tap already set up for multi-part if you want optionally but in my particular case I want to have a different one again just to keep things organized and separated if it comes time to troubleshoot and if you recall from my cheat sheet that address is 1111 11.20 last thing I'm gonna do is I'm gonna click into the spine here in pod 1 now let's have a look so notice also that MSL has already pulled in some existing config and this happens to be the interface and address used between my spines and the first isn device will rerun OSPF adjacency it's already pulled that in so I don't have to do anything special the only thing I want to do here is toggle bgp peering on you'll also notice that the new field appears called bgp evpn router ID and if you hover over that you can see that again I'm actually going to opt to use an existing address that's in used for multi pod that set up as a loopback so let's go ahead and just reuse that existing loopback so we're gonna have to type it into the field and now I'll quickly do the exact same steps for part number two instead of using the existing multi pod unicast step here I'm gonna put a unique one just like in pod one and you got that from the cheat sheet and down into spine to notice it picked up the existing config will turn bgp peering on will make this a route reflector and in this case we will choose to use the existing loopback address in the spine in pod two which happens to be in all two's address so we'll go ahead and enter that now now at this point I've entered all of this information but I haven't yet deployed it so it's now only configuration that sits on MSO it hasn't yet been pushed to the apex but before we deploy let's go ahead and have a look at what our apec looks like before and then we can take a look at what it looks like after we click the deploy button ok so I'm logged into a picot not in the tenant called infra because that's where we build our multi pod on multi site connectivity and I'm looking at the layer 3 I'll called multi pod and if you look here we can see the router IDs of one and two two two for each of the spines in one in part one one in part two please ignore these existing addresses down here and the BGP infra connectivity the reason why I call that out is we will see some other addresses populate here these addresses here are used for golf and are not in any way related to multi site at this time scrolling down under protocol and under fabric external connection policies let's go ahead and head and see what we've got here so this is my multi-part setup and we can see my data plane taps and all of that kind of business and notice in the column to the far right the multi-site unicast data plane tap column is empty but after we click deploy we'll actually see some addresses populate there so let's go back to MSO and click the deploy button and then come back to a pic and see what's changed okay so back in MSL all I'm gonna do here is click the deploy button and we can see an indication here that configuration was updated successfully so let's go back to APEC and let's have a look and see what's changed okay back in a pic I'll just kind of go in the reverse order here I'm still in the policies protocol of tenant infra and looking at the fabric external connection policy called default and notice a couple of addresses have have been added here automatically by MSO according to the information that I input there so APEC is automatically configured so that completes the configuration of site one now we're gonna go back to MSO and we're gonna do we're gonna add site two into the mix and there's a couple more steps that I'll show you that are worth viewing so back in MSO I'm at the at the sites level view here and I'm just gonna click add site and I'm gonna do the exact same things for site number two now and I'll go ahead and pre populate all this information here and fast forward the video okay so I've populated all the information related to my site number two and I'll go ahead and click Save and now we'll go ahead and click into site number two and configure infra ok just like site number one this is what we first see when we look at site 2 and we can see that multi site is not currently enabled so that's the first thing that we'll do and then what we'll do is we'll go back to the cheat sheet and we're going to have to input many of the same pieces of information because we haven't done anything with relay relationship to a layer 3 out to connect to the isn from site number 2 we're gonna have to do a couple of more steps here let's quickly go back to the APEC that's controlling site number 2 I just want to point out that I've already established the basic port configuration for connecting my spines to the isn this is standard ACI you know front panel port connectivity I just want to show you that I've created a profile called M site spine interfaces I've created an external router domain all of this stuff is getting ready to then have MSO complete the multi-site related configurations but I didn't want to confuse you this basic port connectivity is already done ahead of time so back in MSO at the at the site level we'll just go ahead and do the exact same steps that we did in site number one as it relates to multi site-specific temp addresses and if you remember from the cheat sheet this was the multicast tab notice it already pulled the BGP autonomous system number from the config but a couple of new steps we have to do here we're going to have to set up some of the basic parameters that OSPF will need to to finish the layer 3 have connectivity so in my case it's going to be area 0 I'm gonna choose an area type in my case it's regular but you have some choices here and pick the one that's appropriate for you and in terms of an external routed domain I don't have to create one because you can see it actually pulled the existing router domain that I just showed you and they pick a moment before here so I'm gonna go ahead and select there and then of course it picked up some OSPF policies that I had built already ahead of time or I can add a new policy I'll just use the existing one ok let's click down into the pod level here and this is there's only a single pod here in this particular site number two so the information that we need to head here and here just like site number one is the overlay unicast tip and from the cheat sheet that address is 33:20 and that's all we need to do there now notice at the next level I actually happen to have two spines in this particular site number two so we're gonna have to configure each of those spines so let's go ahead and click into the first spine see what we see okay the difference here is there is no layer three out configuration in place because we've never done anything with this site before and it doesn't have multipath so what we're gonna have to do is we're gonna have to tell Emma so the address is that it should use to set up this layer three out and just like in site number one will press deploy and all of this stuff will get pushed so we're gonna click first on add port and if you remember from my cheat sheet I believe the port ID was 1/33 the address for spine number one is this I have pre-configured the is and ahead of time the other side of this connection so to speak so this is the address that the spine will use and then the the particular MTU I'll just go ahead and pick say 9000 as a standard and then select an OSPF policy yeah so I think default will be good enough here and we'll say safe and here we're gonna turn on bgp peering and we will make this a route reflector now we need a router ID for the spine number one in site number two so going back to the cheat sheet let's go ahead and pick that one up and in this case the address is three followed by all once now let's actually go on to spine number two in site number two and configure that site almost identically but which is slightly different addresses just like before we'll go ahead and add the port and we'll put the exact same information in my case it's also identical 133 on spine number two the address is this the MTU is the same and I'll keep the default and we'll say safe and the last bit is turning on bgp peering and pulling a router ID again going back to the cheat sheet we'll go ahead and input that information here and in that case it's this address there so that completes spine number two now going back to the a pic that's controlling site number two I just want to point out that there is currently no layer three out built and if we go under policies protocol and look at the fabric external connection policies there is nothing now once we go back to MSO and click deploy we'll see the things populate here so let's go ahead and do that and then quickly come back to a pic and see what we see so back in MI so go ahead and click deploy for site in the - and we can see the configuration was updated successfully now if we go back to the APEC that's controlling site number two we can see that there is a policy here that MSO pushed and it pushed an unknown community that's okay that's particularly fine but also notice that it added the multi-site unicast data plane tap automatically into site number two and then if we scroll up we can actually see that it pushed a layer three out called inter site this was a name that it automatically chose when it pushed to and noticed the little icon there that shows that it was actually done by MSL and clicking into the layer three out that's been created we can go ahead and look at the policy that MSL pushed particularly the logical node profiles if we look here we can actually see that it's assigned a router ID that we set in Emma so but also notice that it pre pre-populated the BGP infra peer connectivity so that we can actually update endpoint availability across the iesson now between sites and that has been automatically populated now this is the APEC that's running site two let's go ahead and see if anything changed on the APEC that's running site one so this is the APEC that's running in site one and notice a couple of addresses have been added here under the layer three out that we're using here and these are basically just the addresses of the spines that now live in site - so at this point we've actually established you know full connectivity between our sites across the is N and I will end this video now because it's getting a little bit long and in the next video I'll actually show you configuring tenants and stretching resources and things across multiple sites thank you very much

Info

Channel: Joseph Ezerski

Views: 2,569

Rating: 5 out of 5

Keywords: ACI, Multisite, Multipod, Cisco, Datacenter, Awesome, SDN, MSO

Id: K6q_9wQ-JOo

Channel Id: undefined

Length: 17min 8sec (1028 seconds)

Published: Wed Jan 23 2019