Cisco ACI vPod Deployment Video from Scratch

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi my name is robert burns i'm a technical leader within Cisco services supporting ACI today we're gonna give you an overview showing you how to deploy a CI V pod from scratch with version 4.0 high-level agenda will include giving you a quick overview of my lab topology what we'll be doing today and then the various steps to deploy v pod so there's a number of steps and we'll kind of separate them here just so you can kind of skip through and look at each section as they're pertaining to you if you need help lily include essentially installing or updating your vc plugin which allows us to manage the V pod infrastructure and deploying the AV e laughs they'll also configure the IP end device so this is a step that is a little above and beyond what a CI will control so the eye pin configuration is a separately managed device outside of the scope of a CI so we'll take you through what needs to happen on your IP end device next we'll configure the AV e domain that will be used for the V pod this can also be done during the V pod deployment but we recommend that you pre create the AV domain to take advantage of all the configuration options that are available by creating an AV domain in the typical format next we'll configure the ACI fabric to connect to the IP end device followed by deploying your V pod management cluster which consists of a pair of virtual spines and virtual leaves on ESX bare-metal next we'll deploy the AV e on our ESX hosts that are gonna have all of our endpoints running on them and then lastly we'll connect our endpoints to the AV e so from here we'll go ahead and get started okay so let's take a look at our topology for our V pod deployment so my lab here this is what a typical typical fabric would look like on the left side here I've got my seed pod or your primary fabric nothing too special about it left a lot of the default options here for the various settings now typically what would happen in the V pod or in a multi pod environment is that in your first site or your pod one you're gonna typically have a couple of IP n routers those would connect to your spines and then those would go across and connect to your remote location either in the same data center or cloud or remote site depending on how yours is set up but as long as we have kind of IP connectivity between the pods that's really what we're looking for so most customers will have a pair of redundant IP n routers in each pottery site and that's how they will use their connectivity now between the IP n routers within that network there it doesn't matter what we use in the back end if we're using you know MPLS OSPF bgp doesn't matter but the only thing that we have a requirement on is that between the spines and the IP and routers and the V spines and the IP n routers is that we do have to use OSPF typically this is how a topology would look like now I've got a vCenter server appliance that is on a management network that is connected to AC I doesn't have to be as long as your hosts and your apex can all reach the V Center that's pretty much all you need but this view centers again a single V Center it does happen to live within my pod it could be external to your pod it does not matter but the ESX hosts that are gonna host my V spawn and V Leafs do have reach ability to the V Center and those ESX hosts are managed by this view Center and what's gonna happen is we're gonna end up pushing a AV instance to this V Center and that's where our AV e deployment for the V pod use will come into play now in my lab is a little bit differently here so if I just kind of switch up this is kind of your sample topology but in reality I don't have as much equipment so this is what my ipn is gonna look like so I actually have it just a single ipn device I'm using a nexus 90 300 for this where my spines do connect directly to it as well as my V pod ESX hosts connect directly to my IP n so again this is just a way to do kind of a lab work around because I don't have all the extra layer 3 switch is to do all the IP and connectivity but this will accomplish the exact same result at the end of the day so from here we'll go ahead and start routing their configuration okay so I'm going to show you how now to update or install your V Center plugin on my particular fabric here I'm running for o 0.25 3 C now you might be running a different version in your environment but that's perfectly fine don't worry if the versions don't match up in my existing right now in my V Center plug-in here if I go into V Center I do have the plugin already installed so I've already kind of navigated to AC a fabric which brings me here and I can see that my plugin version is 4:02 34.7 and what I'm looking for is and make sure that matches which what's currently shipped with your apec so if I go to my APEC IP /vc plug-in here I'm gonna see which plugins were shipped so I should be running where I want to be upgrading to this to 53.3 version here so I'm gonna change mine or upgrade mine to that appropriate version now if you've never installed the VC plug-in you don't really have to worry about that but because I did have a previous version we just got to make sure we upgrade so what I'm gonna do first is get this installation script and just save it to my desktop for my local workstation here and I'll just throw it into my C Drive keep it nice and simple all right make sure that installed are that downloaded and I'm just gonna throw it on to my C Drive just to make it easy to get to okay oops that's the plug-in I actually want this script let me grab the script the plug-in you can leave hosted on your a pick because we're gonna go ahead and we're going to install that right directly from the apec so I'll just save that on to my C Drive now assume you've got PowerShell installed go ahead and launch PowerShell I've already got VMware modules installed so if you don't have the V more module um you can read instructions in the web how to install that so I'm gonna go navigate to where am I where my dude is there his that's the script I wanna run so I'm gonna go ahead and launch that script first thing we need to do is enter the D Center IP now I need the path to the plugins so again I'm keeping it on my apex I'm just gonna snag the URL location because we're gonna install this directly into PowerShell okay so there's the plug-in path which is my pick IP /bc plugin and then the path to the file itself and we'll go ahead and install that so nothing next thing I want here is the HTTP thumbprint I'm using HTTP on my lab environment here but you could be using HTTP if you did that you wouldn't need the sh-1 thumbprint to get that pretty straightforward I would just go to my a pics IP and you got to make sure you're going with HTTPS so I'll just change that and then once you get to there you can go ahead and view the certificate details now let's just add this guy to my exception list okay so once it loads up here and again this is only if you're using HTTP information here you can view the certificate and here would be my sh-1 fingerprints I would just copy and paste this into that PowerShell script here but again I'm not using HTTPS right now so I'm just gonna keep it very simple here so I'll just jump back over to my PowerShell script and because the only other thing to consider is if you're using HTTP like I am you've got to make sure that on the vCenter server side you've enabled the ya allow HTTP flag on the web client so it's one of the config properties in the file here again you can find this out very easily online but it's you've got to essentially allow the vc plug-in to be installed over HTTP otherwise it'll fail okay so I have no thumbprint here so I'm gonna go ahead and hit enter okay now it's gonna come up here and prompt me for my view Center credentials in a second okay so I'll go ahead and put in my view Center administrator account and if it's successful I should get a connect successful message here in a second okay we're connected and it did the update so I can see here it upgraded the plug-in version to four zero two five three three so everything looked good there I have seen some issues where this may succeed but you may not see the plug-in installed on the vCenter client and what that means is that we've registered the information to the view center but the plugin itself doesn't actually get loaded into the web UI until you log in so it's like a runtime load here so even though this may be successful if you don't see it appearing inside of your VC your client here that could signify either a problem with you know maybe it can access the plugin off the HTTP server so you've got to kind of troubleshoot basic connectivity and we've got some documentation that supports that so now that I've done this I'm gonna go ahead and log out cuz I need to update this so I'm just gonna log go to my session here and once we're all done I'll go ahead and log back in and may take some time to load the first load so give it some time to do its thing here once your client does completely load here then we're gonna go back to where the plugin was loaded and just confirm on the version so we bring up the SA plug-in and we go to about and we're still showing 234 G here so at this point the only thing I would suggest we do is to restart the vCenter web client service here so we'll go ahead and do that here now I'm just gonna log back out here and this does get required sometimes here so let's go ahead and log out and I'm going to go ahead and get connected to the vCenter server so I'm logging in directly to it I'm gonna have to log in with the root account so if we you know your root password and hopefully don't fat-fingered a couple times like I did next thing we're to do we got to launch the shell okay and from here now we're just going to restart the vCenter web client so service - control stop you sphere client and we also do another start after that's gonna complete someone's gonna add a double command here control start this here that's a client okay what that day was thing here now this will take a sec because it's gonna restart the the Damon's on the VCS a appliance here this may take a second so I'm just gonna pause it here while it finishes and through the magic of editing I will come back when it's all complete so the stop to finish completely now we're just restarting the service here so give it another second or so I even above and beyond when this says it started it still may take some time for the UI to come up so again just be patient it may take like five or six minutes so once from the point this says it's completed eligibly wait go grab a coffee would ever come back and then by that time the UI will be ready to load we can log back in and test it out here okay so we're all done there we're gonna hex it out here now and close off of our ssj session now before I do this if I tried to log right in it's gonna say that what the client is you know initializing so again give it about five or six minutes here so I'll do a quick pause here and come back when that's been complete now the nice thing with this if you leave it on that page where it says the web server is initializing it will eventually load up when it's ready to go here so we'll go ahead and get logged in here and give it a sec to load up okay you're still loading up here and if you find that this happens to still fail you may want to reboot your vCenter server appliance just to be sure it clears out any anything else I'm also seeing issues where you have to clear your browser cache or offline content as well to clarify this so assuming everything went well we'll go back and log in to the ACF fabric and you can see it's no longer showing out sorry here it is and the version it should show us now it should be our new two five three versions so let's go over here okay perfect so that's the new two five three version so that's essentially the first thing we have to do there we've got that upgraded now we can go ahead with the next steps we'll she'll be you know working on some data other things including the IP n and then the ACI config okay so we're gonna go ahead and start configuring ipn looking again at our topology here I'm gonna have three interfaces go into splines now in my lab here I just have single interfaces going up to my IP n now these could be redundant if you had multiple IP n devices for simplicity of my lab I just have a single link between each spine and my IP n and then on the other side over here where my ESX hosts reside is actually on a UCS b-series chassis and those guys are gonna have their up links coming to the IP n as well here so we'll take a look at all about now as we go ahead and set that up so here's my IP n device it's pretty simple it's a 92 32 C I'm going ahead it's pretty much a you know not too much turned on right now so this is a very very fresh install so you'll see me doing pretty much everything from scratch here so the first couple things we're gonna need here show feature I don't really have anything turned on that I need yet so there's a couple things that we want to highlight here we want to make sure we've got turned on one of the first ones is we're gonna need DHCP so we need the DHCP relay that's gonna be a feature we're gonna need to turn on we're also going to need OSPF because that's is what is supported which is the way up here so we'll turn on OSPF that's gonna be required again to set up the sub interface links between our IP n and our spines and V pods and the only thing we're gonna need is the interface VLAN because I'm doing something like I said a little bit different I'm going to be using my IP n device as my gateway I'm not gonna be splitting this up here so I'm gonna create my gateway from my V pod virtual leaf virtual spine is actually gonna exist on my IP n now typically that would exist somewhere else in your network which would then uplink or be routed to the IP n but in my instance here like we showed everything exists in my lab here so I will just have a I'll have an SV I over here set up with my gateway for these devices over here okay so let's go ahead and turn on these features that I need so let's go feature OSPF turn that on feature DHCP and lastly feature interface VLAN okay now I've got some things already turned on like lldp and I've actually gone ahead and labeled the interfaces that I'm gonna be using so if I just go show LDP neighbor here are the devices so my UCS mini is connected to a breakout cable on port one so port 1 1 1 and 1 1 to go to a fabric a fiber B respectfully on the UCS chassis and that's where my virtual spines will be hosted ok that's where my ESX is installed on the bare metal blades then I also have here my 3 spines on ports 1 2 1 3 and 1/4 and I can also see the respective remote interfaces as well which is important ok so let's go ahead and go ahead and configure a few things here so first thing we're gonna do here is we're gonna start configuring a V ref because I want everything in here to kind of be separate and in labs it's common to split things up on a switch depending on the you know the type of workload so I've got a minute of e RF but I'm gonna separate one as well for my for my V pod stuff so I'm gonna call V pod ok that's pretty much it for the vrf it's quite simple with that next thing I'll do is I'll start off with my IP n devices so I'm gonna set off with ports 1/2 1/3 1/4 these are my 3 spine facing interfaces so if I just go show run and E 1 to 2 or all I really did was label them I haven't done anything else and the first thing I'm gonna want to do is to jack up the MTU so with the MTU consideration needs to be made that anywhere within the fabric we're gonna slap on an additional 50 bytes for VX LAN header to go across the IP end so I typically will increase my MTU to the largest possible in the IPA that way on my host level as long as they're not generating a packet that's you know I'd say beyond 9000 bytes I'm gonna be fine for anything that we're gonna send so let's go ahead and do that first so I'll go into eath 1 2 2 4 and we'll set the MTU to be 92 1 6 and that's pretty much it for the parent interfaces now as we know hopefully the way we connect to the IP n is through sub interface VLAN for that's what we need to use so we're gonna need to be land 4 created this is gonna be important so we're gonna call this name ACI infra because that's gonna be the sub interface VLAN that we're gonna use for encapsulation and that's hard-coded on the on the ACI and they pick software so we're only going to use VLAN for when we're connecting our spines to our IP n so let's set off for the first one we'll go into e 1/2 dot for let me create the sub interface if you wanted to give it a description you know you could do so I'm just gonna kind of copy mine here ok next thing we're gonna do is start configuring all the relative things we need here so let's go ahead and check up the MTU and I'm gonna set up the encapsulation and we're used VLAN for as I said I want to make this part of my VR f4v pod so I'm gonna go and do that and do that first before you assign in the IP address thing otherwise we're gonna delete all that information ok so here's what I'm going to do now Masson my my point-to-point links for OSPF and i'm gonna use a very simple addressing Skiing women to use dot one on this side dot two on the spine side dot five on this side dot six on the other side and so forth so pretty straightforward with the addressing scheme I'm gonna use that we're tight point-to-point and then lastly I'm also gonna enable I'm empty you ignore if you're you know very sure about matching up your him to you this won't be a problem but if you do have an empty mismatch we're gonna not be able to bring up OS PS so I just kind of in my lab environment I just turn this on to make things simple now I haven't actually created the OSPF instance yet so let's go ahead and do that so I'm gonna shut this interface and I'm gonna whip down and then we're gonna go ahead and create the OSPF instance for this as well so let's go router OSPF I'm just gonna call a V pod gonna keep it simple and I'm gonna put it in the v RF and then I'm just gonna give it a router ID of one zero zero zero so my router IDs will be one zero zero zero for the IP n my spines will be 1 0 0 1 1 0 2 1 0 3 just it doesn't mean that they're in the site 1 okay so now that I got the OSPF instance let's go back to that interface okay let's go into one side 2.4 and we're just going to add the OSPF configuration here so IP router OSPF v pod and then my area and I'm just gonna use area 0 probably not a best practice you could use area 1 if you wanted to it's not a big deal but just to keep things ear simple I'm going to use area 0 okay so that's pretty much it there so I just got to repeat the process now for my other interfaces so I'm gonna go ahead and do 3.4 and then pretty much do the same things there so we'll go description I'm just gonna kind of copy this guy here this is my spine 2 + 2 9 2 1 6 and cap Q 4 VF remember V pod IP address 1 5/30 OSPF Network point-to-point if you know SPF MT you ignore and then we'll do our router OSPF V pod area let's get this right here IP router OSPF V pod area 0 and then just a no shut alright and last time here we'll just spin up and do our last sub interface for this point number 3 pretty much you can replay your commands and make it a little bit quicker if you want to spline 3tu 92160 I'd and Bop through all these nice and quick capsulation dot 4 and let's do here Fe pod IP address and I'm gonna use 9 and 10 for this point to point link IP go SPF Network point 2 points IP ospf MTU ignore and IP router OSPF v-0 no okay so let's just double check our work there show run and a 1/2 dot for two now let's just go to two four and we'll get all the sub interfaces there okay so I've got my encapsulation my P address MTU and then the same OSPF interphase there okay same thing comparing the next one down looks good and last one here I got to do the last one here so int 1 slash 4.4 and we're gonna cheat a little bit here and just get this description and quickly and the movies gonna replay the command here and make it nice and easy that's the Beast Boy in three and we'll replay all these two and for the IP address a lot of unique obviously and we'll go ahead and finish up those guys okay so let's make sure it looks good again okay so here is some interface one I think it did have a right I just gotta go to five if I want to see myself in her face yeah okay that I did it here I'll get here don't mind making this mistake on camera it's all part of the fun okay so everything looks good here I've got the IP n piece done so that takes care of the IP n side going to my spine switches so let's bring up our diagram here so all I've done here is I've now configured these interfaces here or got them ready to go I haven't done the ACI config yet so that'll happen in the next step now the only other thing I have to do is over here so these interfaces that are coming in I have to transport those on a VLAN so I'm gonna use VLAN for just an arbitrary VLAN that's gonna terminate to my svi this FBI is gonna act as the gateway for my devices so and then my pot over here I'm using it for tap 10000 slash 16 from my V pod 11 here I'm going to use 11/16 for the addresses here my gateway address is gonna be 1100 one sort of a crude writing here and it's gonna make it a slash 23 so that's what's gonna be from my SPI so I've got to configure that piece as well here so let's zip over and do that part so it's just really quickly show a little DP neighbor my two interfaces for UCS are 1 1 1 and 1 1 2 and all I'm gonna do when those interfaces is just attack increase the MTU so let's go into e1 1 into 2 I'm going to turn up the MTU to 92 1 6 and the only thing I'm going to do is just allow only the VLAN that I want which is a VLAN 4 loud okay so if I show run on those interfaces okay nothing very complicated there they're just switched interfaces they're not rounded and we're just allowing VLAN for okay now the only other thing left again is to create that SPI interface which I need to do so we're gonna go ahead and create that interface on VLAN 4 and then we're gonna turn on a couple other services here so in VLAN for this is gonna be for my mic acting as my gateway address MTU 92160 member v pod IP address 1100 1 / 23 and IP router OSPF v pod area 0 and the only other thing I'm gonna need to do here is add a DHCP relay and now I don't know the address so I'm gonna be using it what's gonna happen is that when I get my DHCP requests from my get this out of the way here from my virtual spine virtual Leafs they're gonna come through here come down and then target my apec before an address now we're not gonna advertise the apex address into the IP n which you know is in this instance is gonna be 1000 1 I don't want to advertise those addresses in Maya PN so we actually use a net so there's gonna be an app created and that's what's called a routable subnet so when I do the V pod config on the apec it's actually created in that address on my spines it'll say ok your 1000won address gets knotted too and it'll pull an address from my net Maya redoble subnet that I'm gonna define when I set up the V pod piece on on the apec so that address I'll have to come back here and add that piece which I'll do that a little bit later here okay now in order to do that the only other thing I'm gonna want to do here is enable a couple of additional additional law the features here so IP DHCP relay if I want to be able to do that and I think that was pretty much it we're just gonna turn on DHCP and I think that should be take care of everything here so let's take a look quick look here okay so got my feature OSPF interphase VLAN DHCP DHCP IP replay DHCP relay looks good my addresses all looks good and then my OSPF instance looks good here okay so we're gonna leave that there for now we're gonna stop and switch gears here we're done on this side again I'll have to come back here once I get my routable address from my APEC and I'll plug that in to my svi which is that int VLAN 4 so I'll be back in a bit for the next step okay now that we've got the IPM configured the next step in the process will be to start deploying V pod part of that is gonna be deploying an AV domain and we're gonna do that kind of first you can also deploy the AV or create the V mm domain as part of the VM M V pod deployment wizard but we do kind of recommend that you create the Vav domain first it'll just give you access to a few more of the options in the create the mm domain the diversion that you could do from the V pod wizard is a subset of this so if you want all the features available to configure your VM domain just create it ahead of time and then when you get to the d-pod wizard we can go ahead and select that domain be privately created so I'm gonna call my my domain Robert Byrd ash a ve there are some new settings you might not have seen here before we'll let you read up on some of those like the hosts availability assurance etc we're gonna keep it pretty simple for the a EP I've already got an A EP called UCSB EP I'm gonna keep that now for the VLAN pool we're gonna need to create a VLAN pool for our hosts and I'm gonna call this one Robert burr - V mm and we're going to give an encapsulation block now there's two kinds of encapsulation blocks that we can use one which is going to be an external or wire encapsulation that's if you wanted to do traditional VLAN mode for your AV e but in my case I'm gonna be using the VX LAN mode so the only end cap block in the neighb will be an internal VLAN block this will be for the private VLAN pool that the AV e will deploy from my EP jeez everything will look good with transport through my IP n over the using the VX LAN will be you know tumbling all the way through but we do still need an internal encapsulation block for this to function so we're gonna go ahead and use a block here I'll call it 2100 to 21:09 s give it a bit of range you do need at least two per EPG so if you've got 50 PG s you're gonna want at least 100 IDs in your pool okay and we're going to keep that there make sure it stays on dynamic it has to be dynamic so that the amend Amin can allocate those VLANs next thing we're going to do here is we're going to create the VX land address pool so this is something we're still gonna need so I'm gonna go to 2 5 0 to 0.1 and I'm gonna create a pool as well now I've already got one in created here we'll just take a quick look at it pretty straightforward here it's got a range 2 to 4 0 0 1 through 2 2 4 is 0 1 0 so quite a quite a large range there ok and I need at least one of those per EPG typically when we're using a v4 a multicast mode ok next I'm gonna need to do here is define my V Center credentials so this will be my GCS a admin account and I'll just give it my credentials from my vCenter server ok and the next thing we'll need to do is define the vCenter server itself so nothing different than creating the a v4 v pod as it was for a standalone AV so it's pretty much the exact same process an address default version you can leave this as is this will use the default version which is the highest level of the DVS version that is supported so if all my hosts were version 6 5 and higher then we would default to 6.5 if we have ESX and vCenter 6.7 it'll default it to the version 6.6 the only reason why you may want to set this if you wanted to kind of keep the version lower if you had to eventually add hosts that were a lower Rev then say your view center but I'm gonna keep mine as the default for now because all my hosts are running 6.7 here you're gonna need the data center name and if you had to confirm that you could always jump over to your vCenter server and this is my data center name here so this really has to be important to match that so dc1 is my data center name and i'm gonna match that there and then my credentials i'm just gonna point it to my credentials okay for port channel mode i'm gonna go ahead and just set mac pinning okay that's what we support and that's pretty much it other than that I'll just set up CDP so I have this ability to looking at interface information which is also very helpful and we'll click Submit okay now assuming everything went well we should see that VDS being pushed to my V Center and I can see a bunch of pork groups are created here the virtual switch was created here so if I take a look at the networking now I should have my VDS created here called Robert burr a V E and you're gonna see there's a bunch of default port groups here so there's a bunch of them that we didn't have previously so we've added a external one for your VLAN mode if you had for using VX alone mode which is in my case we have two port groups for that and there's two internal port groups this is just to increase the performance and scaling of the AV e for outside interfaces we have any one called outside cloud and that's the going to be the one that we're going to use for our AV e up links now if you recall I set up my s VI on VLAN for in my on my IP N and I'll just bring that up really cool we hear let's like it logged it back in so this could be your gateway doesn't have to be on your IP n but essentially this is my gateway address that my my hosts my AV e and my virtual leaves and virtual spines are gonna need to reach so this is using VLAN for so it's important that we tag this address if you also remember I also configured and one too these are my two interfaces going down to where my hosts exists and I'm only allowing VLAN for so in that case when I'm coming to my outside interface I want to be able to tag this traffic with VLAN for here and now this is something we have to do manually here so I'm going to modify the settings of the port group and I'm just gonna set the tagging on this to be VLAN for sort of matches my my appropriate uplink here and we'll set the VLAN type to be VLAN for again doesn't have to be VLAN for but in my case I'm just gonna be using VLAN for okay I like to use VLAN force simply because we use the sub sub interface VLAN for for the IP n connectivity the spines I just happen to think it's easy to just recycle that same VLAN between my V pod and the IP n okay so we've got our a ve piece so that part is done now going back over to here next thing we're gonna do is then go ahead and create the V pod deployment our fabric and our inventory so I can see right now I've got a very simple fabric I've got three spines there's my three spines one two and three and I've got four leaf switches and that's pretty much it so the best and easiest way to deploy teapot is using the wizard there's a lot of great things we've done here and we're gonna kind of walk through this step-by-step so we're gonna go add pod and it's gonna ask us do you wanna you know as a multi pod or is it gonna be virtual pot and in our case it's gonna be virtual pot so we'll go add virtual pod so the first thing we have to do because this is the first inter pod type of deployment I'm setting up here I don't have multi pot running yet I don't have V pod running yet it brings up this configure inter pod connectivity this has to be done first before we can deploy V pod so we're gonna configure so it's gonna show us what its gonna do here the first thing we review is defining the connectivity between your pod one or your seed pod and the IP N and you can see here in our graphics we're showing that we're gonna be using OSPF once that's done that allow us to have our our multi-protocol bgp evpn tunnels you know between our seed pod and their destination V pod okay o SPF is a protocol used as in early here and then we'll be using tunneling on top of that and so pretty much it's gives you a bit of an overview of what's gonna happen here so first thing we're gonna go ahead and get started so first I'm going to do here is define the connectivity between our fabric one pod and the IP n so I'm gonna put in my IDs of my spines and I have to define the interfaces that are connected to the IP end device and if you recall here I'll just bring up my port here show run show LVP neighbor and let's make this a little bit water usage read so here's my interfaces so spines one using port 132 164 and PUD - on spine - and spine three is using 132 so here's where I defined that information 132 and here's where I have to match up the relative information on my IP n so my interface is connected to this guy shall run and E 1 / 2 / 4 so first guy is using 1.1.1 to 1/30 so my first interface will be dot 2 and I'm gonna go ahead and line up the MTU 9216 now if you had multiple interfaces for per spine I could add them here if you wanted add in a few more interfaces in my lab I only have a single interface as I said between my spine and lap I'm gonna add my other two spines here as well so I'm nads going to O 2 and do the same thing here so this guy is 164 his address will be one dot one dot one dot 6/30 and i'll jakub's em to you 92 1 6 and lastly I'll do spine 2 3 and that's 1/32 and 1.1.1 10 and is I'm - you okay so just again bringing this back up here to marry up the config so on the first guy first point-to-point link between spine 1 and here I'm using da1 and da2 next guy I'm using 5.6 and then lastly I'll be using for the last guy dot 9 and 10 okay go ahead and go next so now it's gonna ask us for how do we want to set up a less PF which area do you want to use now you can uncheck these use defaults but we really tried to simplify it by hiding a lot of the configuration options you don't need to configure necessarily so if you want to uncheck this by all means you can if you want to change the costing or the authentication keys you can do so I'm gonna keep it very simple here all I'm gonna do is match up my area 0 which is the one I'm happen to be using and we have to be a regular area because that's a backbone area so we have to be regular and the interface policy now is on a CI now everybody got one created call OSPF point-to-point and really all this policy does is where I define my point-to-point and i can enable my MTU ignore just a matchup okay alright and BGP again if you wanted to define the non default a s and change a BGP peering type or passwords you could do so but again I'm gonna keep mine nice and simple here and go next so now we're gonna need a couple of additional things here here's we're gonna have to define the external tunnel endpoint and this is going to be my routable subnet so even though we have an internal address pou here 1000 / 16 we have to have a external routable address that's going to go through this will get advertised into the OSPF into the IP n so I'm gonna use a 1 92168 and we'll use 11 for pot 11.0 / 24 okay you can see here it automatically defined the data plane tap IP for me so it's given me that address already if you want to uncheck defaults you've got a few more things we can do here if you wanted to manually change your router IDs you could do so but I'm gonna keep it simple here and keep that all these guys belong to the same external address pool so my router IDs really correspond to the external tap pool so we'll keep the defaults enabled okay we'll go ahead and click finish alright so what that's done here is it's configured all the connectivity for that connectivity between my IP n and my pod 1 so it's showing me here in a summary what it's created to be created a policy called the routed outside and l3 read an outside interface on the on the on the infra Vee infra tenant and it kind of shows you all the information here you can kind of navigate to it if you want to see what the policy entails ok pretty straightforward it creates all the node profiles for it etc so this is nice to be able to come back here and just view all this information here so here's all the profiles again I created an AEP we created a spine access and can see everything's kind of prefixed with multi pod here because this is a you know it's its connectivity between our fabrics and the IP n so we we just call it a multi pod because at some point you can have V pod you're gonna have physical pods and you're gonna want to expand that so this will be kind of done one time once this is configured you'll never have to come back here and worry about it ok we've also created multi pod l3o VLAN pool and that VLAN pool is gonna have just a single VLAN of VLAN for ok that's gonna be that for that sub interface and we created the domain for and attached it so it does a lot of the work in the background but this gives us a nice kind of summary of what it's doing next piece now is we're going to go ahead and add the virtual pod so now that I got my connectivity I'm gonna create the virtual pot now just stopping here for a set because this has configured everything in terms of IP n2 spine connectivity we should be able to check that on earth on our IP n so here I'm logged ill and logged into my IP n here and I'm gonna have a look and make sure that the IP ospf piece has been correctly configured and showing up so let's go show SPF neighbors vfv pod and looks good so there's my three neighbor IDs for spine one two and three which were pulled from that routable tap address pool and I can see that my OSPF is up and it's full now if this didn't come up if you have some reason you know you can do your basic OSPF debugging make sure you've got em to use that match if you're not using the ignore make sure the addressing scheme is good make sure you can ping across etc for our case here everything's coming up so that piece has been correctly configured now the next part we're gonna do here is again it gives us a nice overview of the V pod so if you did have the multi pod already configured and we went through that ad pod wizard this is where you'd start off but because we didn't never had that V pod configured or the the pod policy for multiple pods we had to configure that so here we're just giving kind of a you know a brief overview what we're gonna be doing here we're gonna be defining the connectivity between the IP n and those hosts that are running the V pod in my case these guys are running on UCS mini ok so gives us the overview we'll go ahead and click and get started ok so it gives us some information here tells you that we have to have a V pod tap pool tells you how big it has to be cetera so there's some good information here as well as it you're gonna have the default gateway and then DHCP relay pointing towards the apec so let's go ahead and define we need here so my pot ID I'm gonna use pot ID number 11 my tempo has to be a new temple so I'm using 10/16 already so in this guy here I'll use 11/16 okay I don't even think we need to be that big so we need to be be sitting beside a 27 and 22 so we can make this a lot smaller here so let's just make it make a slash 23 okay now there's a next one here is pool of reserved IPS so in this step pool a subset of those are gonna be reserved for spines for the Gateway address itself etc so we typically will carve out you know some of these temples is being reserved so we don't allocate them to devices so I'm gonna go ahead and just do slash 29 to carve out the first kind of chunk of those and I'll define my gateway and again this is gonna be my address of my svi so coming back over here show run in feeling for okay this is where my boys are going to connect so again my temple is a slash 23 this guy's gateway is it's gonna be dot one slash 23 so get an important that we match this config up here so the data playing tap for that entire V pod is dot two so again a lot of this has already been configured for us you can modify that but we suggest just leaving it the same okay for virtual Leafs now here's where I have to give them a node ID so I'm gonna use 1001 and 1002 reason why is for my physical leaves I use 101 102 just exist me a leaf one live tube so from my V pod I'll use 1001 1002 similarly for my spines I'm going to use 2001 for my note IDs 2002 for spine - I'm gonna leave the default router IDs and again I'll use the defaults for BGP if I did wanted to find a bgp peering password you could do so okay now here's the vCenter domain this is the step I said you can go ahead and create this if you wanted to you could create one by typing stuff in so if I started typing here it'll give me all the options to create a domain but it is limited there's not every single option that we typically see so I'm gonna use the one that I've got previously created here we has already been defined and if you wanted to have a look at all the configuration you could blow it out here and then kind of sift through all the various configuration pieces of it okay but I'm pretty happy with this so I'm just gonna close that back down and go finish okay all right so it's giving me a summary of everything it did here now here's that routable address for the APEC now you remember I needed that DHCP address I was talking about we needed that to do that right here so let's go ahead and do that right now so in Thailand for and when you use IP dhcp relay and then we're gonna have to go ahead and relay to this address so any time on this VLAN where we see a DHCP address coming in we're gonna relay it to the apec ones routable tap address which is two thirty right here speeds 11 to 30 okay so show run in B land floor just to double-check everything his address is good there's this relay looks good there so if you wanted to see the policies that this is gonna create all the V pod policies you can click on this and it gives me a summary so we're gonna create the node profiles the spine selectors interface letters pretty much everything we're gonna need here and if you look at the naming convention we prefix a lot of the policies with the V pod name and number so V pod 11 and then we have our interface policies or selectors policy groups ap etc so if you had to kind of see these it's a good way to kind of see all the policies is gonna create okay so back to the summary and the only other thing we have to note here is we're gonna need an APEC passphrase in order to add our V mm the AV and the sorry just the the spine of you leaves no our fabric so because we don't have those certificates that we would on a physical device we are going to use a passphrase so this passphrase again this one only happens to be good for 2 minutes but this will rotate every so often and you should have enough time use it now if you can't use the this guy's you know expire like mine is inspiring two minutes so I definitely won't be able to use this specific one I can go ahead and retrieve a new one from over here so if I go to my system and into system settings and then down at the bottom right in here we've got a pic passphrase so here I've got one now it's good for one hour so it should be enough time to rotate our passwords here and then we'll kind of give it some time to do that I'd give it make sure you have at least 20 to 30 minutes depending on how fast your virtual Center is able to deploy VMs sometimes if it's on the slower storage it may take some time so you want to make sure your passphrase has enough time in order to deploy those virtual spines and virtual leaves here okay the only thing I'll really highlight here is if I go back to my fabric inventory the other thing we've done is we've also created now the nodes at our pending registration so we created these four nodes here you can see there's the node IDs I assigned it generates a serial number and the name for us now you can always come back and modify these names later if you wanted to but the status will remain inactive until I go ahead and create those virtual machines on V Center that can come back and then you know register successfully so we'll expect those to stay here for now okay at this point we're gonna leave a CI and then flip tears and go over to the D Center blowing the actual virtual spine and virtual leaf images from you Center so I'm logged into my view Center here I've got a cluster I built here having four ESX hosts twenty-nine 3.32 now I'm gonna divide up my hosts dot twenty 9.30 are gonna run the virtual spine and virtual leaf redundant pairs and then I'm gonna deploy the AV e on 31 and 32 and that's where all my workload and vm's will be running now you could combine your management cluster running your virtual spine of virtual Leafs along with the AV as well that is supported we do recommend to keep it separate but it again does work and it's fully supported if you did want to combine them together so first thing I would do is I'd have to go to my content library and if you don't have one you'll need to create one and I'll have to upload the two images that we need for V pod deployment the first one is the V pod management image and this is the virtual switch image and this will be for the virtual spine virtual leaf and then I'll also need the image for the AV e and these will need to correspond to the version of apec and make sure that you're compatible with those before you upload those don't mind my versioning numbers this is pre-release code so my versioning numbers are probably different than what you're running but as long as they are compatible you've confirmed that in the release notes then you should be fine so next thing I'll do here is I'll go to the ACI fabric where I've recently upgraded my ACI plugin running the corresponding version for APEC and I'm gonna come in here and go down to here so if it does ask you to register a new fabric if this is the first time you're using it you'll have to add the fabric information here and I'm not gonna use a certificate I'm going to use my admin credentials and make sure you get my details correct okay successfully written there so now I got a bit of visibility here I can see my fabrics fully fit everything looks good there's the version so the first part I'll have to do is go down to infrastructure and here's where I'll be able to see both the AV e and the V pod information so you can see here it does detect I've already got the domain which is already built so we're gonna leave that for now the first part we're gonna do is then deploy the V pod image so it sees that I have these registrations of Leafs but it's saying there's no VMs found on V Center and that's because we haven't actually deployed the images yet so first thing we're gonna do here is I'm gonna deploy my management cluster so I'm gonna deploy the virtual spawn in virtual leaf to these two hosts it's gonna pre populate some of the information here make sure you're running the version that you'd like pointed to your management v-lin so this is the one that we're I've got routable addresses that are on my management network and it is you know assigning a DHCP address so I've got a pool of addresses already assigned to this this poor group so it's gonna hand out a management address to my switch in my leaf the infra port group so this is one that's gonna be transporting my VLAN for okay so I've got one already created here that's gonna you know doing the uplink to my network for the data stores by default it'll try and select local storage I'm gonna use a shared storage in mine just because that's what I want to use and the passphrase so that's where I need to go here and get my pass phrase from the APEC and again we want to make sure that we do this with enough time here so if I go to my epic passphrase I still got 52 minutes that should be more than enough time to deploy it so I'm just gonna copy that passphrase over to here paste it in okay everything looks good here and deploy so I only have to pick the two hosts and then it's going to deploy a leaf in the spine to one and another leaf and spine to the other that would get a redundancy okay so we'll give this some time here this will take a few minutes so we'll go ahead and I'll pause the recording while this is starting to work here and they'll come back once it's a complete so just looking at the progress here I can see I've got one of my switches pairs have deployed so these guys have deployed 2.29 s so if I have a quick peek back over there I can see I've got the first guys are coming up on line there so two thousand one one thousand one those guys are on my hosts my first toast and we're currently deploying the second pair of hosts here so we'll give it a bit more time here it's almost done taking them up maybe five minutes or so so far we'll let it do its thing here cuz it's gonna run some setup scripts on those guys and then make sure they've got connectivity to deploy and again keep an eye on your passphrase time so if I take a look here I still have 46 minutes on this passphrase but once we finish here I'll show you that if you do have a problem with the passphrase expiring how to fix that so I'm just gonna let this guy finish deploying here I'll let it do its thing here and then we'll come back in a minute okay so progress is going well here we've completed almost all our tasks here we're just doing a couple residual tasks at the very end of the process here if I go back down to my ACI plug-in under infrastructure and looking under the v-- pod okay so my first pair is uh you know running on the host here I've been allocated in my antigen address and again that's nothing that a CI is doing that's coming from the vCenter IP pool I've defined previously on that port group so I've got a management address assigned to it that looks good we're still on in a fully discovered state we're gonna wait for that to finish from an ACI perspective I could jump over to my fabric here again we're still doing a bit of tasks here so it's gonna take some time for that to complete but underneath my fabric membership here I should eventually see that my registry nodes here should eventually move from pending into registered so we're gonna give them some more time here to complete the process here and then we'll come back in another minute or two you once everything has been completed here give them their five minutes I'll be right back okay so waited a few minutes here and just to take another look at what's going on my hosts my V Leafs and V spines are still showing inactive if I go over to my APEC IDs that those registrations are now moved over to the registered don't so that means we've got connectivity they've been allocated a DHCP address from our tech pool it's a sign of the V pod so that's good they're still shooting is inactive that's because we have to do a bootstrap they're gonna boot up with the appropriate software and configuration so this may take a little bit of time here so again I'll give this guys a few minutes to kind of pull down their config from the apec and complete their process here okay didn't have to take very long a couple minutes after that here now I see my state as showing his active which is great if I look back over here still she was inactive let's just refresh that these should become active and boom there they go okay so now I've got my V plod V pod deployed here I've got connectivity which is really good here next part is I'll have to deploy the AV e now just to show you a couple of things here from a troubleshooting perspective some things that may want to check here is I may want to make sure I'm learning the MAC addresses on my gateway device here so if I go show address VLAN four which is where I'd want to see my virtual spies and virtual Leafs I've got four addresses here if we take a look at those addresses here those should correspond to my virtual spine and virtual leaf here so if I kind of come down here I'm just gonna pick one at random and let's look at leaf 1001 and if I right click on this guy look at his settings and if I take a look at his MAC address that's coming in on VLAN for that's the management adapter this is the one that's gonna be his uplink to the infrared UV pot of the structure 7027 so if I kind of overlay that with where I'm looking 7027 so there's my Mac so at least I know my MAC addresses are getting up to my gateway and then it would be up to the gateway to then relay those over to the to the apec you can also look at the routing table as well so if I go show IP route OSPF vrv pod I can see all the various subnets that I'm advertising in and out of my IP n so I can see I've got my entries for my three spine switches here there's my ten subnet here's my routable subnet okay so all the addresses that I expect to see are there as well now if I didn't know that routable address for the apec easy way we could figure that out here is if I log in to my APEC and if I attach to one of my spines nice command you can use is shown that table and this will show me the NetID address from a pic so he's netting 1000 1 to 11.30 and that was just that address that I'm relaying to from on my whoops on my IP n so that should always correspond to the the relay address into VLAN four that's justice guy here okay so that's it for here now everything is all in an active if this wasn't active there could be some problems with either reach ability certificates etc but typically these should deploy without any issues if you don't see them come up as active then we'll have to do some troubleshooting from here now we've gotten to deploy the switching module which is a ve that'll be the next step that will go ahead and deploy it out now one more thing I wanted to show you if for some reason your Leafs show up here but they stay in inactive state that could be because the passphrase may have expired so one of the reasons that can cause a problem so if we were in let's say in the last maybe five or so minutes trying to deploy one of our management clusters for V pod and for whatever reason the passphrase expired and I didn't have enough time left for it to deploy this could cause a problem so if he ever had to reset the passphrase in order for them to join the cluster or join the fabric correctly what you could do is wait till the passphrase rolls over to get a fresh one copy it over so copy it and then what you could do is we could simply power off whatever leaf or if it's all of them do them all whichever leaf or spline was having the problem and you can go into the settings of that particular V leaf or V spine and within the V app options we're gonna have a property for the passphrase so here it's called the pod passphrase and I can go and edit and then I could go ahead and replace that if it hadn't yet joined the fabric so I always come in here plunk down my current passphrase and then go ahead and okay that and then reboot your switch or power it back on and then it should be able to join the cluster so we do have logs the NGI index logs that would show you in detail that there was a problem with the passphrase but this is just showing you really quickly how you could reset that if you didn't have enough time here now as I said I've got these two guys 29 and 30 are gonna be my management cluster running my two virtual splines and virtual Leafs and I'm gonna used 31:32 as my kind of end point and point hosts so I'm gonna go back over to my AC a fabric under infrastructure and I should see that everything is active still and online for my V pod so everything's active which is great I'm gonna jump over to the table saying AV e so I've already got the virtual edge domain if you do have multiple you'll have to select it from the drop-down and if you don't see yours you may have to refresh the domain but in my case I only have one and the first thing I'll have to do here if I expand out my cluster here it says not connected to the VDS or DBS so first thing I'm have to do is actually connect my host to the distributed switch that was pushed by the apec so if I come over here to my Robert burr AV e that I made in kind of one of my earlier steps and we're going to add our managed hosts and going to add host and I'm gonna pick the two hosts which are 30 and 31 so the bottom two of Mike and my cluster there and the next thing I'll have to do is decide on how to which uplinks I want to use so I'm gonna go next and I'm gonna go ahead and assign the uplands that also carry that VLAN for so I know that I've already configured these interfaces to carry VLAN for from you know uplink perspective and I'm gonna go ahead and assign those up links so one uplink to for redundancy and then I'll do the other host as well same thing and assigned so what I'm left with here is I've got my two uplinks now they're gonna be signed to the uplink of the a VE and we'll go ahead and process through here I've got no I scuzzy interfaces and finish so all we're doing is really connecting the uplink to the VDS so now they're members of that distributed switch coming back to the AC I plug in now under infrastructure now I can deploy the AV e VMs one per host so going to expand my cluster where they're kept so I should see that these guys are not installed so they are connected but they're not installed just yet so we're gonna go ahead and select both of those pick your appropriate AV edge version the one that you have uploaded and again just make sure it is compatible with the version of a pic that you're running I select my management port group and mine happens to be VLAN 64 which I have IPS again assigned that will be Auto DHCP assigned to the management interface the data store you could use local or I could you know toss this on to a shared storage is what I'm gonna use we do recommend using shared storage because the AV is really not gonna migrate around so you definitely could this deploys much faster on my fibre channel storage here so I'm just gonna use that for my example I'm gonna assign it a password I have to click off and back sometimes that happens here and enter it twice to confirm okay and you want to make sure you check V pod mode cuz this is gonna ask me now which pod do I want to deploy to you which is my only other V pod the pod 11 okay that's gonna tie it in together so knows that these a V's belong to the two virtual splines and Leafs that I've currently deployed here okay we'll go ahead and click yes to start the process now so it's gonna go ahead and deploy those a V's it's gonna run the setup script to assign the appropriate names and attributes to those hosts so I'll give it a minute here and this process shouldn't take very long so it's going through here just doing its thing and if you want to monitor it here I could expand the cluster here it'll tell me kind of a status of what it's doing here these images are pretty small they're only a couple maybe a gig each of that so it's gonna deploy those and then power them up here so what it's not the weight is it take for those to happen so just like your regular a ve when we deploy Devi and what we call enterprise mode not in a V pod deployment but in a regular mode the AV e is gonna create an opt Lex tunnel between itself and the leaf that it attaches to so if your ESX host connected to you physical leaf 1 & 2 we would have an off plex tunnel to leaf one and then one to leave 2 in this case what we're doing is the AV will have an opt Lex tunnel but it's gonna go to the virtual leaf 1 and virtual leaf 2 so we have to make sure that the vert the a ve can reach the the virtual spine are sort of the virtual leaf that we've deployed now again I'm using VLAN for for my what I'm calling V pod infrastructure me land and that's gonna allow my V pod V leaves to communicate with my virtual a ve instances okay so that's been completed here so now this is powering on those two VMs so we'll give them a minute here and the sipping I've got free available IPS in my managing pool those will deploy here and while we're waiting here I'll just show you really quickly where we find that information how where you define the a VB VLAN pool if I go to my data center and then over to networks so I've got this distributed switch is okay let me find a where they're hiding she'd be under distributed port groups and I can see I've got a network protocol huh Network profile assigned to that port group here so look if we go edit settings and I don't pay define it here let me see if I gonna find a where I hide that so here's my under configure I've got a network profile called V pot I people and this just is associated to VLAN 64 and within here I've got a range of addresses that I've currently signed so I've got four addresses there skip a couple and I've got a couple two more there and two more here so if you want VMware to allocate your IP interfaces for the management network you could do so you could also go one of the VMS and assign it manually via static but you know I prefer to kind of predefined a bunch of addresses in a range in my management VLAN and then just let decent or allocate those to the various interfaces I can get a sign there okay so let's go back over and see how we're doing and we'll go back to infrastructure and let's check our progress here hopefully they're powering on or completed the power one okay so look good I got my to manage an IPS here and op flexes showing online so that's great if I want to kind of take a look at one of these guys here I'm gonna go ahead and just SSH to one of these guys let's go over here - 1 7 to 16 64 to 38 and I'm gonna side with the admin and the password I defined when I roll them out okay so here's my first VM so if you wanted to check the status to make sure they had connectivity to the virtual spines and virtual Leafs you're gonna do vem command show up flex cloud okay and it shows that my two peer switches I'm period with is 1000 9 and 10 0 0 8 and if you wanted to confirm who those were I could be there look here I could go ahead and it's gonna be one of the Leafs here so this is gonna be dot nine or dot eight and if I look at his eye peas he's been assigned dot nine so that is leaf number one and then number two should be dot eight and there he is and also if I wanted to figure this out I could also look here as well I went to my APEC I could look over and say okay well here's my fabric membership and there's my two addresses so that's good we've got connectivity everything's active the next step from here now would be to start pushing my pork group so my EPG is that I want to assign to it so I would go to one of my tenants and let's go to a tenant go to one of my tenants a user tenant and I believe I've already got an EPG here I might have already bound let's just check to take a look here I got one called iperf okay so no domains yet so I'm gonna get out of you mem domain now I'm gonna add them to that vmm domain yeah I'm gonna keep everything pretty much this default here I don't really need to change any of this here okay well click Submit and what that should have done is now pushed a pork group to my V Center so if I now go and look at the pork groups that are under my rubber burrow a ve I've now got my first Parker there's my tenant name rubber very local ap one and then I perf is the e PG name so at this point now I can take my my hosts here are my two VMs my endpoints which are going to live on 31 and 32 this guy's on 32 this guy's on 30 so I'm gonna put them two 31 just to split them apart I'm gonna migrate him there really quick and we'll just go change compute and I'll put them on 31 these are moving around because I've got DRS enabled so they don't stay put I could disable that I just haven't haven't done that okay to finish okay so because this guy here he's on currently on 32 which is where I want him I'm gonna now assign his interfaces to the distributed port group but the AV is hosting so I'm gonna change this guy here that's his first Network and I'm going to put him on to this EPG that I pushed and I'll just make sure I connect him okay and then on my other guy who was this guy's I'm 32 this guy should be I'm 31 now what she is I'll do the same thing with him and I'm gonna put his interface on the iperf EPG as well and we'll make sure he's connected okay these guys already have another interface with a management interface assigned to him so I'm just gonna go ahead and SSH to him okay so here's my my VM running iperf if I just did have config so I've given him an address 1.1.1 for that first interface that's going to the EPG and if I wanted to kind of check that out I should be able to see him now being learned on my EPG so coming back to the endpoints if I go to operational and looking in here I can see that I've got my two my two boys there so they're both coming in here I can see the VXLAN ID the multicast group they belong to their MAC address etc I haven't learned any IP information because we haven't really done any communication tests yet so those guys their addresses are actually 1.1.1 and 1.1.2 respectively and I've actually created a subnet within the bridge domain they're assigned to which is the gateway for the the subnet is 1.1 to 1.25 for I'll just kind of show you that under here so there's my subnet that that EPG belongs to so fall on a test connectivity now because these guys are in different hosts I should be able to ping the gateway so if I go ping wind-up one at 1.25 four so there's my ACI fabric that's great and if I wanted to ping the other guy dot two should be either one so now I'm going across ep geez so that basically concludes showing the deployment of V pod I'll probably do another follow-up video showing you a little more verification on the AV a little more deep dive but this is really just a primer to show you how to deploy V pod from scratch hope you enjoyed the video and thank you very much for watching

Info

Channel: Robert Burns

Views: 2,107

Rating: 4.9000001 out of 5

Keywords: Cisco ACI, Cisco vPOD, vPod, ACI

Id: H49s0VO8LwI

Channel Id: undefined

Length: 80min 9sec (4809 seconds)

Published: Thu Oct 25 2018