Configure Standby APIC

Available Languages

Download Options

PDF (2.1 MB)
View with Adobe Reader on a variety of devices
ePub (2.1 MB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (1.4 MB)
View on Kindle device or Kindle app on multiple devices

Updated:January 24, 2020

Document ID:215209

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Background Information

Configuration

Additional Procedures

Verify

Troubleshoot

Introduction

This document describes how to configure Cold Standby functionality on a Cisco Application Policy Infrastructure Controller (APIC). Standby APIC cluster enables you to operate the APICs in a cluster in an Active/Standby mode. In an APIC cluster, the designated active APICs share the load and the designated standby APICs can act as a replacement for any of the APICs in an active cluster.

Standby APIC feature was added starting from Danube Release (ACI 2.2 software version).

Prerequisites

Requirement

Cisco recommends that you have knowledge of these topics:

Out-of-Band Management (OOB) on the Fabric
Apic Clustering

Components Used

The information in this document is based on ACI Fabric running software version 3.1(1i).

The document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

It is supported by a single and Multipod setup.
Standby APIC can be connected to any leaf in any POD in the Fabric. Restores editing functionality in a Fabric/POD in minority.
The standby APIC is automatically updated with firmware updates to keep the backup APIC at the same firmware version as the active cluster.
During an upgrade process, once all the active APICs are upgraded, the standby APIC is also be upgraded automatically.
Temporary IDs are assigned to standby APICs. After a standby APIC is switched over to an active APIC, a new ID is assigned.
Admin log in is not enabled on standby APIC.
To troubleshoot Cold Standby, you must log in to the standby using SSH as rescue-user.
During switchover the replaced active APIC is powered down, to prevent connectivity to the replaced APIC. Standby APIC does not participate in policy configuration or fabric management.
Cisco recommends standby APICs in the same POD as the active APICs it can replace. No data is replicated to standby unit, not even admin credentials (Rescue-user log in works ).
The standby APIC does not participate in policy configuration or management.
No information is replicated to standby controllers, including admin credentials.

Configuration

Starting version 2.2, Initial Configuration Script prompts a new question asking whether this APIC is Standby or not, default is [NO], once the answer is [YES], Standby Controller ID must be chosen, which can be the number of Active APICs +1 until 29, recommended range would be starting from 21 - 29.

There must be three active APICs in order to add a standby APIC.
The minimum cluster size required is 3 - a number higher can be Standby.
Standby APIC must be brought in to the cluster with the same version as the Active APIC.
Cisco recommends to keep standby APICs in the same POD as the active APICs it can replace.

As a part of the discovery process, the Standby APIC must match:

Fabric Domain Infra VLAN TEP Address Pool Serial Number Approved - in Strict Mode Certificate validation

Once the configuration is submitted, the Standby APIC is auto-discovered by the Active Cluster, and it can be seen under Standby Controllers.

In order to change the status to Approve, click on Do Something (current status) and then select Accept Controller, as shown in the image.

After successful discovery, continuous keepalive messages are exchanged between Active and Standby APICs, and new APIC can be seen.

You can replace a specific unit from any other operational unit in the cluster.

In the case of multiple Standby APICs, you can choose the Standby APIC that you want based on the Serial Number, an enhancement request with the ID CSCvh49791 has been filed to show the Standby APIC ID as well as the serial number when you follow the replacement procedure.

In case you have multiple Standby Units, you need to know the serial number of the unit he is going to use for replacement, which is important especially if APICs are in different PODs / Sites, and in some cases, the location of the unit is important.

As a part of the replacement operation, there is an option to update the Out of Band (OOB) policy with the Standby APIC OOB IP Address and details, which can be beneficial in case the Standby unit is located in a different pod, where original POD IP address is not routable in the second POD.

Once the configuration is submitted, the replacement process can start to work on reprovisioning the standby unit.

↓

Note: Time required for replacement is variable as it depends on the amount of configuration/data that needs to be synchronized, in an empty configuration lab environment, it can take around 10 minutes for the Standby unit to fully replicate and get to a Fully Fit state.

Additional Procedures

In case replaced APIC was operational, it can be placed in Shut Down state, to re-enable it, it needs to be done through the Cisco Integrated Management Controller (CIMC).